2023-06-24 09:36:52 +00:00
{
2023-12-14 14:30:15 +00:00
"Event" : {
"analysis" : "0" ,
"date" : "2023-03-28" ,
"extends_uuid" : "" ,
"info" : "APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations" ,
"publish_timestamp" : "1687420646" ,
"published" : true ,
"threat_level_id" : "1" ,
"timestamp" : "1687420054" ,
"uuid" : "68690840-5104-4c1a-9223-6d0a35c52704" ,
"Orgc" : {
"name" : "CIRCL" ,
"uuid" : "55f6ea5e-2c60-40e5-964f-47a8950d210f"
} ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Code Signing Certificates - T1588.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Digital Certificates - T1588.004\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Install Digital Certificate - T1608.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Link Target - T1608.005\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#064d00" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"JavaScript - T1059.007\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075600" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"JavaScript/JScript - T1059.007\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Malicious Link - T1204.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Service Execution - T1569.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075700" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"DNS - T1071.004\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1090.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#064500" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#064f00" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Standard Encoding - T1132.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Owner/User Discovery - T1033\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#064700" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Language Discovery - T1614.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075900" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#054100" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Shutdown/Reboot - T1529\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#065100" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Windows Service - T1543.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1547.009\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#064d00" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1027.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1027.005\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Embedded Payloads - T1027.009\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Invalid Code Signature - T1036.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Dynamic-link Library Injection - T1055.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Thread Execution Hijacking - T1055.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075900" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Timestomp - T1070.006\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Mshta - T1218.005\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#065000" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"System Checks - T1497.001\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Bypass User Access Control - T1548.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"VBA Stomping - T1564.007\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"Kimsuky\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:threat-actor=\"APT43\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#004646" ,
"local" : "0" ,
"name" : "type:OSINT" ,
"relationship_type" : ""
} ,
{
"colour" : "#0071c3" ,
"local" : "0" ,
"name" : "osint:lifetime=\"perpetual\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0087e8" ,
"local" : "0" ,
"name" : "osint:certainty=\"50\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:white" ,
"relationship_type" : ""
} ,
{
"colour" : "#ffffff" ,
"local" : "0" ,
"name" : "tlp:clear" ,
"relationship_type" : ""
}
] ,
"Object" : [
{
"comment" : "" ,
"deleted" : false ,
"description" : "Metadata used to generate an executive level report" ,
"meta-category" : "misc" ,
"name" : "report" ,
"template_uuid" : "70a68471-df22-4e3f-aa1a-5a3be19f82df" ,
"template_version" : "7" ,
"timestamp" : "1683798160" ,
"uuid" : "aba4257b-3b16-4a30-bcd7-add927143513" ,
"Attribute" : [
{
"category" : "External analysis" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "link" ,
"timestamp" : "1683798160" ,
"to_ids" : false ,
"type" : "link" ,
"uuid" : "d7f41bdc-0de8-40e7-966e-d15e91a16fd4" ,
"value" : "https://mandiant.widen.net/s/zvmfw5fnjs/apt43-report"
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "summary" ,
"timestamp" : "1683798160" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "b46eb2af-e047-4ab4-93d6-23eab7c07171" ,
"value" : "Mandiant assesses with high confidence that APT43 is a moderately-sophisticated cyber operator that supports the interests of the North Korean regime. Campaigns attributed to APT43 include strategic intelligence collection aligned with Pyongyang\u2019s geopolitical interests, credential harvesting and social engineering to support espionage activities, and financially-motivated cybercrime to fund operations. Tracked since 2018, APT43 collection priorities align with the mission of the Reconnaissance General Bureau (RGB), North Korea's main foreign intelligence service. The group\u2019s focus on foreign policy and nuclear security issues supports North Korea\u2019s strategic and nuclear ambitions. However, the group\u2019s focus on health-related verticals throughout the majority of 2021, likely in support of pandemic response efforts, highlights its responsiveness to shifting priorities from Pyongyang."
} ,
{
"category" : "Other" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : true ,
"object_relation" : "type" ,
"timestamp" : "1683798160" ,
"to_ids" : false ,
"type" : "text" ,
"uuid" : "f44c5ca3-40f2-4c1f-939b-bdf7533ee7f4" ,
"value" : "Report"
} ,
{
"category" : "External analysis" ,
"comment" : "" ,
"data" : " J V B E R i 0 x L j Q N J e L j z 9 M N C j I 1 N T k g M C B v Y m o N P D w v T G l u Z W F y a X p l Z C A x L 0 w g M j A 1 O D M y N i 9 P I D I 1 N j E v R S A x N D A y N z Y v T i A y M S 9 U I D I w M D c w M j k v S C B b I D g 1 M i A 4 N T Z d P j 4 N Z W 5 k b 2 J q D S A g I C A g I C A g I A 14 c m V m D Q o y N T U 5 I D I 3 D Q o w M D A w M D A w M D E 2 I D A w M D A w I G 4 N C j A w M D A w M D E 5 M z I g M D A w M D A g b g 0 K M D A w M D A w M j E x M i A w M D A w M C B u D Q o w M D A w M D A z O D Q x I D A w M D A w I G 4 N C j A w M D A w M D Q 0 O T I g M D A w M D A g b g 0 K M D A w M D A w N T E 0 M C A w M D A w M C B u D Q o w M D A w M D A 1 M j U 1 I D A w M D A w I G 4 N C j A w M D A w M D U 1 M T g g M D A w M D A g b g 0 K M D A w M D A w N j E 0 O C A w M D A w M C B u D Q o w M D A w M D A 2 N D E 4 I D A w M D A w I G 4 N C j A w M D A w M D Y 5 O T I g M D A w M D A g b g 0 K M D A w M D A w N z Q 4 N C A w M D A w M C B u D Q o w M D A w M D I w O T E x I D A w M D A w I G 4 N C j A w M D A w M z I 5 N j Y g M D A w M D A g b g 0 K M D A w M D A 0 M D U 1 M S A w M D A w M C B u D Q o w M D A w M D Q w O D E 3 I D A w M D A w I G 4 N C j A w M D A w O D g y O D Q g M D A w M D A g b g 0 K M D A w M D A 4 O D M y N S A w M D A w M C B u D Q o w M D A w M T I w M T M 2 I D A w M D A w I G 4 N C j A w M D A x M j A x N z c g M D A w M D A g b g 0 K M D A w M D E z M j E y N i A w M D A w M C B u D Q o w M D A w M T M 5 M z A 0 I D A w M D A w I G 4 N C j A w M D A x M z k z N j g g M D A w M D A g b g 0 K M D A w M D E z O T U 1 O C A w M D A w M C B u D Q o w M D A w M T Q w M j E z I D A w M D A w I G 4 N C j A w M D A w M D E 3 M D g g M D A w M D A g b g 0 K M D A w M D A w M D g 1 M i A w M D A w M C B u D Q p 0 c m F p b G V y D T w 8 L 1 N p e m U g M j U 4 N i 9 S b 290 I D I 1 N j A g M C B S L 0 l u Z m 8 g M T c z I D A g U i 9 J R F s 8 O U I 4 Q U Q 3 R U Q 0 R T c x N D R F N U J G O D l G M z d D N E E 3 N z I w O T g + P E J E N j d G M 0 N C M 0 I 4 Q T R E N E I 5 M D g 1 N T V D O D I 0 O T Y 3 R T Y y P l 0 v U H J l d i A y M D A 3 M D E 2 L 1 h S Z W Z T d G 0 g M T c w O D 4 + D X N 0 Y X J 0 e H J l Z g 0 w D S U l R U 9 G D S A g I C A g I C A g I C A g I C A N M j U 4 N S A w I G 9 i a g 0 8 P C 9 D I D k 4 M C 9 G a W x 0 Z X I v R m x h d G V E Z W N v Z G U v S S A x M D A y L 0 x l b m d 0 a C A 3 N j A v T y A 5 N j Q v U y A 3 O T c + P n N 0 c m V h b Q 0 K a N 5 i Y G B g Y m B g e c H A y s D A f Y N B h A E B R I B i 7 A w s D B x r H J g 4 E h g c w Y L s D A p / D z T s Y n b m P 3 Z L 30 o 4 + K t c z Q F W b 0 b J B X o F T K U G E S 0 M t x M 4 a x g 3 H 5 C 6 B F S s s p z J x I A l g X n G g / h 0 m 8 v G c 15 n B c 95 m u m N Z I e J Y n O H 20 S t F M 4 r K y x Y B J x X 9 Y s L 5 V y c z H 6 R i 41 F I O E R k 4 z V i o + F 7 m d n G S V 4 m L o z s w u U K C i o d 3 e K 5 P y c z N a 4 y k L C o n k h I 6 P N 2 s T i t J 4 Z I g e r n i 7 y b w 45 Y l D I 4 M R k U f G y 0 O 2 s p I H K D 7 i + m c Y S L T u 2 u A M F N T w 3 J D i y 8 S k o H l 4 + V V y k 5 u Z i N Z Z m J g 6 D Q k Y + 2 Z C K H Y u f g f R J L V v E 3 J Z R 8 f L Q s / 4 W o 4 Q b C x W u m v H I O A c f Z G i y K t g x G W R f j X T B w S M W R S 8 e P m h 3 a N L L O b h Q / a g k 2 x q D Q m 4 m J q b Y p q e L X K V N U g 59 y D r M L r B B Q U H 1 h l 6 U S u B m N x 99 m J K P r z c 9 A i p J b b p 6 Y c G B u p + V D V n X G F k E X x 9 P Y m b X U / 38 g 0 d 8 n S i b I F C D L t v a h I a H T Y w s H 29 f e h S / T 5 S x 6 u m G R K D R h x m y p r b x K S Y 4 O H i v j 9 n i s R j o p A T e i I R H Y i w s L L t Z T 7 t 0 m W W c b H 1 w F a p k A 1 R J H A + H g z v f P D 4 F g 8 W P Q p 2 a G X 8 / X y / b w M D g 4 t H R A I m Q t L S 0 9 A 4 g A D K Z l N S B D I h 4 B U Q I K A g S g 4 o K i s P l 0 9 I q o L o Y B c O h o o K C E F 1 s E M k G i O k w k 4 y N j W F M 9 o 4 O D B Y j W D O M B 3 E A l C c o G o o i V w F 3 E A a L N T Q t A + J e s l I t k J P E I B t i B 6 T F g d g Z b J 0 0 g w D b M q Y C p l y G C I Y 3 T N E M n 5 m U G S + a R O j 9 k W 1 j e L 8 z g I G v R o O B T 2 + S 9 H s G V Y b F T C U M K k z u j N 2 M C x i F G P U Z n z K + Z H i m n 8 B w k e G J 9 E J g B k O G o Q y V D B O A Z k Y B Y R w D J 2 M 6 o z j D M s a 7 j N M Y V z O q M O Q x K D H k M b k B I 8 C U 4 Y f 6 A Y Z s B m 2 k b M T Q x y D 7 t h M U b E C s A 8 T 9 Q P 5 W I C 3 B w D A p D q 5 q L Y P c f E O o q u 0 A A Q Y A q H s w 5 w 1 l b m R z d H J l Y W 0 N Z W 5 k b 2 J q D T I 1 O D Q g M C B v Y m o N P D w v R G V j b 2 R l U G F y b X M 8 P C 9 D b 2 x 1 b W 5 z I D M v U H J l Z G l j d G 9 y I D E y P j 4 v R m l s d G V y L 0 Z s Y X R l R G V j b 2 R l L 0 l u Z G V 4 W z E 3 N C A y M z g 1 X S 9 M Z W 5 n d G g g N z A v U 2 l 6 Z S A y N T U 5 L 1 R 5 c G U v W F J l Z i 9 X W z E g M S A x X T 4 + c 3 R y Z W F t D Q p o 3 u z R Q Q 0 A M A w D s T T 8 p S E Y 17 G Y + v D j C J z b k y a j L c 31 g I d 48 B A P H u L B Q z x 4 i I d 48 B A P H u L B Q z x 4 i I d 48 B C P f z 0 B B g A s 3 y q f D W V u Z H N 0 c m V h b Q 1 l b m R v Y m o N M j U 2 M C A w I G 9 i a g 0 8 P C 9 M Y W 5 n K G V u L V V T K S 9 N Y X J r S W 5 m b z w 8 L 0 1 h c m t l Z C B 0 c n V l P j 4 v T W V 0 Y W R h d G E g M T c y I D A g U i 9 P d X R s a W 5 l c y A x N D I g M C B S L 1 B h Z 2 V z I D E 2 N y A w I F I v U 3 R y d W N 0 V H J l Z V J v b 3 Q g M T c 0 I D A g U i 9 U e X B l L 0 N h d G F s b 2 c v V m l l d 2 V y U H J l Z m V y Z W 5 j Z X M 8 P C 9 E a X J l Y 3 R p b 24 v T D J S P j 4 + P g 1 l b m R v Y m o N M j U 2 M S A w I G 9 i a g 0 8 P C 9 B c n R C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v Q m x l Z W R C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v Q 29 u d G V u d H M g M j U 2 N i A w I F I v Q 3 J v c E J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 H c m 91 c C A y N T g z I D A g U i 9 N Z W R p Y U J v e F s w L j A g M C 4 w I D Y x M i 4 w I D c 5 M i 4 w X S 9 Q Y X J l b n Q g M T Y 4 I D A g U i 9 S Z X N v d X J j Z X M 8 P C 9 F e H R H U 3 R h d G U 8 P C 9 H U z A g M j U 2 N C A w I F I + P i 9 G b 250 P D w v V F Q w I D I 1 N j I g M C B S L 1 R U M S A y N T Y 5 I D A g U j 4 + L 1 B y b 2 N T Z X R b L 1 B E R i 9 U Z X h 0 X S 9 Y T 2 J q Z W N 0 P D w v R m 0 w I D I 1 N z k g M C B S L 0 Z t M S A y N T g y I D A g U j 4 + P j 4 v U m 90 Y X R l I D A v U 3 R y d W N 0 U G F y Z W 50 c y A w L 1 R y a W 1 C b 3 h b M C 4 w I D A u M C A 2 M T I u M C A 3 O T I u M F 0 v V H l w Z S 9 Q Y W d l L 1 B p Z W N l S W 5 m b z w 8 L 0 l u R G V z a W d u P D w v R G 9 j d W 1 l b n R J R D x G R U Z G M D A 3 O D A w N k Q w M D c w M D A y R T A w N j Q w M D Y 5 M D A 2 N D A w M 0 E w M D M 1 M D A z O D A w N j M w M D Y x M D A z N T A w N j U w M D Y 1 M D A 2 M z A w M k Q w M D Y z M D A z M z A w M z k w M D Y 1 M D A y R D A w M z Q w M D M w M D A 2 M z A w M z Y w M D J E M D A z O T A w N j E w M D Y x M D A 2 N T A w M k Q w M D M 5 M D A 2 M T A w M z g w M D M y M D A 2 M j A w M z k w M D M 2 M D A z M z A w N j Y w M D M x M D A z M j A w N j Y + L 0 x h c 3 R N b 2 R p Z m l l Z D x G R U Z G M D A 0 N D A w M 0 E w M D M y M D A z M D A w M z I w M D M z M D A z M D A w M z M w M D M y M D A z O T A w M z E w M D M 3 M D A z N T A w M z c w M D M w M D A z N T A w N U E + L 0 51 b W J l c k 9 m U G F n Z U l 0 Z W 1 z S W 5 Q Y W d l I D g v T n V t Y m V y b 2 Z Q Y W d l c y A x L 0 9 y a W d p b m F s R G 9 j d W 1 l b n R J R D x G R U Z G M D A 3 O D A w N k Q w M D c w M D A y R T A w N j Q w M D Y 5 M D A 2 N D A w M 0 E w M D Y x M D A z N D A w N j E w M D Y y M D A 2 N j A w M z Y w M D Y y M D A 2 N D A w M k Q w M D M w M D A 2 M T A w M z U w M D M 1 M D A y R D A w M z Q w M D Y y M D A 2 M T A w N j U w M D J E M D A 2 M T A w M z I w M D Y 2 M D A z N z A w M k Q w M D Y 2 M D A z M z A w M z Y w M D Y 1 M D A z M j A w N j I w M D Y z M D A 2 M T A w M z Y w M D M 3 M D A 2 N j A w M z k + L 1 B h Z 2 V J d G V t V U l E V G 9 M b 2 N h d G l v b k
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "report-file" ,
"timestamp" : "1683798160" ,
"to_ids" : false ,
"type" : "attachment" ,
"uuid" : "70c90efa-8ecb-454d-90ee-29c213fff843" ,
"value" : "APT43 Report.pdf"
}
]
} ,
{
"comment" : "AMADEY" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155613" ,
"uuid" : "cf25b2dc-798c-4c8e-8354-5b1ccda8da86" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155584" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a6843009-50b9-4cff-afaf-c86827363490" ,
"value" : "e205ed81ccb99641dcc6c2799d32ef0584fa2175" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Amadey\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"Amadey - S1025\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"AMADEY\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155613" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "adcc1448-aeab-4ab4-abb7-0dd16a6461a0" ,
"value" : "982fc9ded34c85469269eacb1cb4ef26" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Amadey\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"Amadey - S1025\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"AMADEY\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155613" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c490c974-a361-4ffd-a9d1-d3813a185cc5" ,
"value" : "557ff6c87c81a2d2348bd8d667ea8412a1a0a055f5e1ae91701c2954ca8a3fdb" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Amadey\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"Amadey - S1025\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"AMADEY\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "BENCHMARK" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155640" ,
"uuid" : "eee5fbac-5daf-49ee-9962-5f011775f0a2" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155640" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "dc048700-e593-44dc-86a1-708876e40a74" ,
"value" : "47a32bc992e5d4613b3658b025ab913b0679232c" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BENCHMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155640" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b183c6cf-7795-4990-8cb7-d27dd5378bc7" ,
"value" : "de9a8c26049699dbbd5d334a8566d38d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BENCHMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155640" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "aedac48e-d1ee-4e91-ad81-5e096deb3528" ,
"value" : "43c2d5122af50363c29879501776d907eaa568fa142d935f6c80e823d18223f5" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BENCHMARK\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "BIGRAISIN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155665" ,
"uuid" : "6062ab98-a092-44b8-8c25-c237b2c2bb03" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155665" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "9c9f6256-1d47-4ac1-8155-9176ce2d6b1d" ,
"value" : "1087efbd004f65d226bf20a52f1dc0b3e756ff9e" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"BIGRAISIN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155665" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3bf70bfd-01b6-4df8-9a05-e65e6ed892ca" ,
"value" : "144bd7fd423edc3965cb0161a8b82ab2" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"BIGRAISIN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155665" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "140450eb-f8c4-4dd3-bf9a-564c51cceef6" ,
"value" : "2b78d5228737a38fa940e9ab19601747c68ed28e488696694648e3d70e53eb5a" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"BIGRAISIN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "BITTERSWEET" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155782" ,
"uuid" : "b8010d27-ff96-4971-a652-4c16e1d96002" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155782" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "b79739f6-9460-4c0d-828f-7e478fe01f98" ,
"value" : "f3b047e6eb3964deb047767fad52851c5601483f" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BITTERSWEET\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155782" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "7263c473-e15e-4df5-ac35-a96e0938cbe4" ,
"value" : "cd83a51bec0396f4a0fd563ca9c929d7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BITTERSWEET\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155782" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c75fea2b-9b1f-48b7-a64b-35d935499f35" ,
"value" : "fb7fb6dbaf568b568cd5e60ab537a42d5982949a5e577db53cc707012c7f20e3" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BITTERSWEET\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "BRAVEPRINCE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155895" ,
"uuid" : "c45bfa39-cf7d-46cf-9452-d0df78df2bf5" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155895" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "cd816bc3-5801-4aa9-9b58-800c32d456d7" ,
"value" : "539acd9145befd7e670fe826c248766f46f0d041" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155895" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "90eeea48-5d7e-48b3-84c7-213058058a0e" ,
"value" : "33df74cbb60920d63fe677c6f90b63f9" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155895" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "32292778-134a-4fa8-bc13-58f045fc2835" ,
"value" : "94aa827a514d7aa70c404ec326edaaad4b2b738ffaea5a66c0c9f246738df579" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "BRAVEPRINCE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155947" ,
"uuid" : "84d55547-c836-4111-aa5a-cc3ff9219944" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155947" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fb186a58-d076-4059-a526-96c69d41d4ab" ,
"value" : "bc6cb78e20cb20285149d55563f6fdcf4aaafa58" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155947" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "aa086543-ace9-4a58-b398-e6b005985ac6" ,
"value" : "ebaf83302dc78d96d5993830430bd169" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155947" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "224148a4-90bb-4423-8f28-ac4421f1b717" ,
"value" : "5cbc07895d099ce39a3142025c557b7fac41d79914535ab7ffc2094809f12a4b" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"BRAVEPRINCE\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "COINTOS" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156003" ,
"uuid" : "5bb63a7a-9e7f-43f2-8765-9d089b663dfc" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "2e01b16c-ad2b-46d2-b00a-1be99cc0c290" ,
"value" : "c0c6b99796d732fa53402ff49fd241612a340229" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "fb40b30a-bcf8-4f8d-8af8-47a8d827ef49" ,
"value" : "b846fa8bc3a55fa0490a807186a8ece9" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ae16e3b3-14ae-46e3-a5be-8bde0200c113" ,
"value" : "855656bfecc359a1816437223c4a133359e73ecf45acda667610fbe7875ab3c8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "COINTOSS.XLM" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156003" ,
"uuid" : "bde359de-47f5-4db2-83f0-3e623af55269" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5adc98a5-5c94-421a-bfd8-17b580edaf6d" ,
"value" : "e5b312155289cdc6a80a041821fc82d2cca80bcd" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "2e15af14-7d4c-491a-b004-f1df8c03d13b" ,
"value" : "f92a75b98249fa61cf62e8b63cb68fae" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156003" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5ffe8df1-867f-480d-8a31-31d7c25a6467" ,
"value" : "d0971d098b0f8cf2187feeed3ce049930f19ec3379b141ec6a2f2871b1e90ff7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"COINTOSS\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "DRIVEDOWN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156040" ,
"uuid" : "c3ddff3a-02e2-43b0-b47e-f6d7a90eee03" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "ca619495-eadf-4df5-bc67-f9fa8e68f7e1" ,
"value" : "40826e2064b59b8b7b3e514b9ef2c1479ac3b038" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "17c85faa-ed96-4485-a56f-1d9fbfcc069a" ,
"value" : "1dcd5afeccfe2040895686eefa0a9629" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "0a3a62d8-5e3f-49ba-a8f0-b5e5e1929e6f" ,
"value" : "07aed9fa864556753de0a664d22854167a3d898820bc92be46b1977c68b12b34" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "DRIVEDOWN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156040" ,
"uuid" : "1f404ef9-7677-4102-baf8-24caf174a7cc" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fe2a8481-10d1-481a-88da-4a3ba747d799" ,
"value" : "e79527f7307c1dda62c42487163616b3e58d5028" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "037aca88-a5a9-481a-94fc-a4a9d0077e5f" ,
"value" : "5fe4da6a1d82561a19711e564adc7589" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156040" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "07a6babd-9ab5-4138-bc07-0ad2903d88d1" ,
"value" : "8d0bafca8a8e8f3e4544f1822bc4bb08ceaa3c7192c9a92006b1eb500771ab53" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"DRIVEDOWN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "EGGHATCH" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156065" ,
"uuid" : "ff14f879-8af3-4abf-8344-17f13f5a751e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156065" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f2392872-0ba7-4b09-b81b-f5e08a0c42ac" ,
"value" : "b0c2312852d750c4bceb552def6985b8b800d3f3" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"EGGHATCH\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156065" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "565e325a-78cc-47e7-9b74-488e1ca95ac7" ,
"value" : "e8da7fcdf0ca67b76f9a7967e240d223" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"EGGHATCH\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156065" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "90c86ac0-f0b7-4e17-8e2f-f7370e65cc6d" ,
"value" : "9dac6553b89645ac8d9e0a3dc877d12641e6d05fb52e8de6ae5533b2bdf0abc9" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"EGGHATCH\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "FASTFIRE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156888" ,
"uuid" : "f7c4ab60-f8ad-4dde-a129-47f1f72d79e0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156888" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "850cf11d-8b61-4ec8-be62-43c6f320b790" ,
"value" : "1b9a4c0a5615a4f96a041d771646c1a407b17577" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"FASTFIRE\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"FastFire\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156888" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "371241f0-6773-40a6-b712-31171d4d62dd" ,
"value" : "2bf26702c6ecbd46f68138cdcd45c034" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"FASTFIRE\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"FastFire\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156888" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ebd5c435-1033-4d11-bcbe-91d7e65e0b15" ,
"value" : "38d1d8c3c4ec5ea17c3719af285247cb1d8879c7cf967e1be1197e60d42c01c5" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"FASTFIRE\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"FastFire\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "Gh0st RAT" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156933" ,
"uuid" : "47c21f0e-cde1-43ae-bbd6-7c05f2699661" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156933" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "8e57e121-6319-4c61-bf86-d0fd99908784" ,
"value" : "a1f72c890d0b920f4f4cb2d59df6fa40734de90d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Ghost RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Gh0st RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075800" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Gh0st Rat\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156933" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "28afd32c-c22a-4a92-806a-25cde58a47f9" ,
"value" : "2d330c354c14b39368876392d56fb18c" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Ghost RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Gh0st RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075800" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Gh0st Rat\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156933" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "192eeaa4-b2b9-4503-981a-a00c73176c29" ,
"value" : "f86d05c1d7853c06fc5561f8df19b53506b724a83bb29c69b39f004a0f7f82d8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Ghost RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-malware=\"gh0st RAT - S0032\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Gh0st RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#075800" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Gh0st Rat\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GOLDDRAGON" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156968" ,
"uuid" : "22e220fa-ca7f-4abe-94c4-9cb42137c7f8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "49be9c29-1c40-4526-b8ae-872484bc4b5d" ,
"value" : "fb09b89803da071b7b7eb23244771c54d979a873" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "7e2ec997-637c-4203-bfbf-32ce0c799c92" ,
"value" : "15ec5c7125e6c74f740d6fc3376c130d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "78cd1d51-287a-4bc8-bd64-6b548ba887ce" ,
"value" : "4a1c43258fe0e3b75afc4e020b904910c94d9ba08fc1e3f3a99d188b56675211" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GOLDDRAGON.POWERSHELL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156968" ,
"uuid" : "34253556-8ba3-47fa-8013-d74d287cf421" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "1ec9ca22-5f94-42e9-985f-17eb020ccd8d" ,
"value" : "4b0d0ebb0c676efe855bed796221dd475a39ba40" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "9d2085a6-4148-4ae0-8704-473e5f66be37" ,
"value" : "2a5562de1d3e734d9328a1c78b43c2e5" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156968" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "f9754ef7-5c89-4276-9f92-19c52d815e57" ,
"value" : "203ea478fa4d2d5ef513cad8b51617e0c9f7571bf3a3becf9c267a0d590c6d72" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"GoldDragon\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDRAGON\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GOLDDROP" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156996" ,
"uuid" : "aca63f0b-b7e4-4544-aed9-80aaade560a9" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156996" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a3cecf86-3237-44c8-991c-7082f9d37894" ,
"value" : "1d49d462a11a00d8ac9608e49f055961bf79980d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156996" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "70a95aec-c6ae-400a-9741-44272871d72e" ,
"value" : "0cc0aa5877cec9109b7a5a0e3a250c72" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156996" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "27115a90-81fe-4b00-97d5-c2cc0b97a6a1" ,
"value" : "1324acd1f720055e7941b39949116dfe72ce2e7792e70128f69e228eb48b0821" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GOLDDROP" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156995" ,
"uuid" : "616a09f0-4cc8-4227-bbb4-cb6917ded2bd" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156995" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "69aceb8b-629a-4809-915f-86404caff59a" ,
"value" : "5b69e3e5f4f49cf8b635a57a8c92e17a4f130d50" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156995" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a1fc7a99-ab48-4729-9147-47ff5894ec4e" ,
"value" : "2c530adb841114366ce6177ce964a5e6" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156995" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "03bc48f6-9e3f-42f6-99f2-37d6154ce744" ,
"value" : "873b8fb97b4b0c6d7992f6af15653295788526def41f337c651dc64e8e4aeebd" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDDROP\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GOLDSMELT" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157018" ,
"uuid" : "30576e97-c3c7-46c0-bb30-19680e264b68" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157018" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "984a52be-cae9-458e-8582-be7d1548e925" ,
"value" : "2508f5ff0c28356c0c3f8e6cae7b750d53495bca" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDSMELT\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157018" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "82b03e4c-e27a-4557-9e4b-523729a0b33c" ,
"value" : "c066b81c4b8b0703f81f8bc6fb432992" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDSMELT\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157018" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "6dd3ece3-15b7-48d2-a5ee-ad409513ec32" ,
"value" : "63b4bd01f80d43576c279adf69a5582129e81cc4adbd03675909581643765ea8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"GOLDSMELT\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "GRAYZONE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157047" ,
"uuid" : "f6f6f14b-0a83-4e29-97c8-9f87fb1dc069" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157047" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "40e1859f-933b-4441-9695-26fea22b1e81" ,
"value" : "942fd7b4ef1ccf7032a40acad975c7b5905c3c77" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"GRAYZONE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157047" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "e318c1a4-d151-40bd-b337-8dc1b0183e78" ,
"value" : "1d30dfa5d8f21d1465409b207115ded6" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"GRAYZONE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157047" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b87c156e-e146-4422-a955-4d1a0eb6ce11" ,
"value" : "ed0161f2a3337af5e27a84bea85fb4abe35654f5de22bcb8a503d537952b1e8a" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"GRAYZONE\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "HANGMAN.V2" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157070" ,
"uuid" : "928dbc59-8047-4bd4-998f-3d8c42e3394a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157070" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "4edb6d6a-eaea-4e5b-969d-cf082b77ef15" ,
"value" : "862abce03f7f5de0c466fdbd24ad796578eaa110" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"HANGMAN.V2\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157070" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "42410742-5783-4ec9-ac19-b76a772c26b3" ,
"value" : "21cffaa7f9bf224ce75e264bfb16dd0d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"HANGMAN.V2\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157070" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ddb28426-38c4-4850-8c46-f8f0ddfc5af7" ,
"value" : "a605570555620cea6d6be211520525fc95a30961661780da4cc4bafe9864f394" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"HANGMAN.V2\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "Invoke-Mimikatz" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157099" ,
"uuid" : "7bc0d36a-4e73-4b6b-82ac-b4864d0b0e9c" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157099" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "6490a7e7-a641-4e06-94e2-7cda470805ad" ,
"value" : "e74b816f1c6d6347cb40121e0b50dadd0d8f1f97" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Invoke-Mimikatz\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157099" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "495a1151-6d23-4b6b-a8dd-f414a71a0c59" ,
"value" : "20bc53deb7b1214580e9d9efeaa5e9d7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Invoke-Mimikatz\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157099" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e7fc3ff4-d1e2-46f1-bded-217fb18a0116" ,
"value" : "908777e58161615657663656861c212ac25696741ef69411021474158fa2b4cf" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"Invoke-Mimikatz\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "JURASSICSHELL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156755" ,
"uuid" : "24d17de4-31cf-4967-bc99-6c1dbba3be40" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156755" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a3182df5-bd2a-4695-935e-bc69e22c9767" ,
"value" : "d80be054a569df5f201191dcc4fea0dde9622da5" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156755" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b3d71a9d-cd69-4feb-be5d-873ce53aab51" ,
"value" : "9cdda333432f403b408b9fe717163861" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156755" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c3eacbb7-167b-4df8-949c-ac6ab7049325" ,
"value" : "d2f4bf0caed5a442198fcdc43c83c7b27ae04f341a72b270c9ed40778aa77afe" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "JURASSICSHELL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156755" ,
"uuid" : "dd10a976-80d6-4adb-b410-154fefab83ae" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156753" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "26213588-cec2-4543-9fd5-7a2019d82171" ,
"value" : "63e113f0a906af82903dbfac3e78bdd2d146e738" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156754" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "78180884-f8ed-4e03-92fb-ba16d48983e0" ,
"value" : "ddae18c65d583b41a2157d496a4bde61" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156755" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "04a9c237-7e86-4f52-9869-c984549d4241" ,
"value" : "a4ba1e6ab678a1bdf8bc05bea8310d743928a4e2c05bad104e61afdd9cccf9a1" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"JURASSICSHELL\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LANDMARK" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157166" ,
"uuid" : "6fd830c7-4a8f-446b-b6e9-044bed661a3b" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "5720bb65-3151-4a96-a078-c568ea2ffa46" ,
"value" : "a61f009e73ae81a18751e9aee39f8121a3902280" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a4f46e14-b641-486e-9dd4-937d661ffef9" ,
"value" : "1ffccf6cb3b74d68df2b899fd33127a5" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "bd500cab-df93-4c90-9024-949eede68be8" ,
"value" : "da22d327124a0ee6a93cd07e85f9804fbc98eda87824ddcf7c8a63d349e87034" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LANDMARK.NET" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157166" ,
"uuid" : "5dcbec94-42d4-4bbc-950c-8c5713dff1c1" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a989269d-47d3-424e-8854-e3902d2febea" ,
"value" : "12c508ace6e8aa42be02750d759e720b800bf796" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "06f4f222-ccd9-4ce5-8f5f-a9c43c92e60b" ,
"value" : "60efecf4e1b5b2c580329e9afa05db15" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157166" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "b6d2a768-7a69-40d1-9540-128a0a4ced4a" ,
"value" : "034d29fb89a8f68ba714f1868b2181c4cd59d4a2604630ef1554a6ccf3fe6d75" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LANDMARK\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LATEOP\r\nLATEOP.V2" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157202" ,
"uuid" : "09d48190-3b5d-4e3c-b1a8-38920340b253" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157202" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "d4759827-3fef-49ab-9df3-59a23d5c8974" ,
"value" : "7da4e8b743478370fa41fe39a45e3ff2ca2194b3" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"BabyShark\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LATEOP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157202" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "be4a16e2-4983-45c4-bdf8-df8b18b46282" ,
"value" : "0f77143ce98d0b9f69c802789e3b1713" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"BabyShark\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LATEOP\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157202" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "30027b9b-fcaa-4bfa-ad72-6a566940b365" ,
"value" : "54a8b8c933633c089f03d07cfbd5cafbf76a6d7095f2706d6604e739bb9c950f" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"BabyShark\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LATEOP\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LOGCABIN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157264" ,
"uuid" : "78168392-f363-4089-b3dc-3f208519fdbd" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157264" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "586534fb-fd85-46fe-a376-c1d9fdf99b28" ,
"value" : "b7fdb5e5b31adfc5ada0de1e05b0c069968e5bce" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"LOGCABIN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157264" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6781b327-54c5-4bfc-83f4-7e89ffbfa5a0" ,
"value" : "0b558ee89a7bb32968ef78104f6b9a28" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"LOGCABIN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157264" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9896fb95-4c15-49c3-8c8e-12d7f36406de" ,
"value" : "79c0fe1467dada33e0b097dd772c36229618b7091baa5f10da083f894192a237" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"LOGCABIN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LONEJOGGER" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156727" ,
"uuid" : "44f8931b-cf23-47ec-b023-2fdfa8114ff0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "32234a11-57d7-4bda-b6b8-74efe3ab6d4d" ,
"value" : "2dd269608dd7f4da171d1a220fe97347162008c7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "496233b6-c573-4f67-b7a3-6a6ba33bd2b1" ,
"value" : "139d2561f5c72fabb099a12c16b8960c" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e87f846e-7a21-4631-bd27-89225865232f" ,
"value" : "2c338055e8245057169f1733846e0490bc4ae117d1dadefe0a3f07a63dc87520" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "LONEJOGGER" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156727" ,
"uuid" : "6ae69ae1-d8cd-4dda-b507-82bde00357ca" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "cb513415-e003-4174-ad26-566ec45159e1" ,
"value" : "98040f42103ce3b840dd54bf3490587f141a0bc3" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "98f43aa5-8455-4044-b637-c8252094859a" ,
"value" : "14a00f517012279af53118a491253e5c" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156727" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "d117baf3-9ecc-4181-a405-f6112a8de48c" ,
"value" : "26a98b752fd8e700776f11bad4169a0670824d5b5b9337f3c8f46fac33bc03e8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"LONEJOGGER\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "METASPLOIT" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157233" ,
"uuid" : "68119593-c328-4af6-8508-2bc78be34b32" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157233" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "6bc0e91b-8aaf-4e8f-8ef6-e2b63660f574" ,
"value" : "7d66c1f36b4b48d990461ec44d626793ade6a8d1" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"metasploit\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157233" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "f4183fdf-912d-4532-b42f-2318da88981b" ,
"value" : "37e7d679cd4aa788ec63f27cb02962ea" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"metasploit\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157233" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "17c6d33f-4207-459c-9d58-1c9548b3a3ef" ,
"value" : "b55e9d65a3130f543360a9c488d35475d4789ee7a32a4e94d02f33c21a172bcb" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"metasploit\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PASSMARK" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157286" ,
"uuid" : "103fb4e3-f3c2-4ab5-b752-3d7e64aa8b0b" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157286" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fe4692ef-3099-4365-b6e4-3df8630d35a8" ,
"value" : "4e93797dd3b383050cf0ee585aa5b5525efb2380" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PASSMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157286" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "3d4816f4-d5da-4c9d-b90e-f0caf38d6b15" ,
"value" : "b077ba5af1dfbd4ac523923eab56bcd4" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PASSMARK\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157286" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "ad16854b-b479-4932-82b5-62a39378f6b6" ,
"value" : "4a08b78d410bc3d9b78dd63b146767f293dc3f3f6f8092352d2aa2f589e9c772" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PASSMARK\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PENCILDOWN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157362" ,
"uuid" : "ac5e133b-8054-4762-ada5-fe64b83e2e85" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "f0c60ad2-e422-4c6c-b6cb-6da03422c24b" ,
"value" : "f3b774e921eaad9335b9c057dd49b918c5dae4a6" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "5883ba16-dad0-4a4c-ba6b-fae5d0fc4f02" ,
"value" : "04d0856afb1aa9168377d6aa579c5403" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "69065b6e-b29f-478c-8d09-67c4cacba6f1" ,
"value" : "e637c86ae20a7f36a0ad43618b00c48f47b5591a03af3fb689a16c45afa43733" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PENCILDOWN.ANDROID" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157362" ,
"uuid" : "1125ef0c-0e3f-4183-8ba8-a77b836cfb6a" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "a2fcad9e-d5cc-44c0-997a-5d648abda5c2" ,
"value" : "a9ff1ebb548f5bba600d38e709ff331749fa9971" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "6c7e7cf9-cbac-41d1-b70d-47e37f59d6d5" ,
"value" : "4626ed60dfc8deaf75477bc06bd39be7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157362" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5e8cf136-6b80-4cf0-a194-f00d801cd77e" ,
"value" : "2365a48f7d6cf6dcc83195f06ea11b93c955c3a491c60b50ba42788917ba22e2" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENCILDOWN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PENDOWN" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156803" ,
"uuid" : "175ff6d0-358c-4cb2-9d28-3501843840f8" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156802" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "6ef74ebb-5de1-4be5-be55-060f01307df9" ,
"value" : "6f4b6938ac8fd9591fc399219dbaf4347d8b444b" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156803" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "661f3267-e0b3-4367-9a03-0d8d522fca31" ,
"value" : "768c84100d6e3181a26fa50261129287" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENDOWN\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156803" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "d08f286a-f59f-481d-96a1-21e9681e7cf2" ,
"value" : "780e7edbfad5f68051c2039036b00b304d3f828fdbee85d2d09edbcc6d07ea34" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PENDOWN\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PUMPKINBAR" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156258" ,
"uuid" : "8a6edbf1-a471-46aa-8235-42b46413b5f0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "0c47d8c9-689f-40cb-989a-be7814f9e9ba" ,
"value" : "d3b233d6d8b11235929e4a0cbdb12eefdd47d927" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "140017a8-8207-4f66-a812-600ccefc2ced" ,
"value" : "946f787c129bf469298aa881fb0843f4" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "9d58c7e5-86e0-4bff-8adf-0ab71be4f0c7" ,
"value" : "32beeda8cffc2ecc689ea2529194cf806955879a334ec68176864d1e6c09800c" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "PUMPKINBAR" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156258" ,
"uuid" : "dedfbe89-65c0-4038-b3f7-fd8ad142f2a7" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "9b486b4b-0c52-4981-8ca5-0c14f2474b35" ,
"value" : "851ba2182b37bc7380420a986840e16f73947413" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "634765cd-adb1-47f7-9d0f-9003cd511567" ,
"value" : "c9d70bf370172609da848fa785989939" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156258" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "8f1e923b-50a9-4034-a9cb-8003776db45b" ,
"value" : "ba3c79dbeca0234fa838ae4c956409115556f437372aeeb0737206d71caf4a38" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"PUMPKINBAR\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "QUASARRAT" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157446" ,
"uuid" : "a57ffcff-8a78-4a9b-98b5-86b92b18f452" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157446" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "74a70da3-bc90-4ea1-b795-cf4fcd952f6f" ,
"value" : "25d94c9ab7635ff330dabe96780f330f7f2ba775" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"QUASARRAT\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157446" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "783e176f-e29d-4c1b-80be-f6778af8ff11" ,
"value" : "0085bc8ce16ef17643909c4799ead02b" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"QUASARRAT\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157446" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "0ea6ccee-b550-4a4e-bde9-c178d0ab328c" ,
"value" : "a9c404e100bfd2716a8f6bfafc07b0bd6175bedb047d10b94390c79249258272" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:malpedia=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:rat=\"Quasar RAT\"" ,
"relationship_type" : ""
} ,
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"QUASARRAT\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "SLIMCURL" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157389" ,
"uuid" : "ebe523ea-7abc-46e4-ad9a-45c2ed6cc5b0" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157389" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "93f8d4cf-64cf-4013-8bdc-a5fcaf6a55ec" ,
"value" : "700acc4e48eae84f80f4dbaf74bf60b79efd49bd" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SLIMCURL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157389" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "db2ff192-2fed-4728-8ad9-f7b4cae427af" ,
"value" : "68ce092f1a3d19852ea32db8388de5c7" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SLIMCURL\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157389" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "e3b6788f-8c7c-4e6a-a29a-8698293fba8f" ,
"value" : "25c2f4703cbaa1ff4dbcfcc16a10b29ef35ccc174b71b21de360d898540889f8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SLIMCURL\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "SOURDOUGH" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157414" ,
"uuid" : "80f6cb75-2c92-421d-aef9-ed23072da4a9" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157414" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "fb30f53e-9f3b-45f2-987e-38e2d4f25d33" ,
"value" : "6618e25dd49b68f7b2b266eb2d787e6f05c964bc" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"SOURDOUGH\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157414" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "a303fdab-a891-40fd-bc56-f76aa6425158" ,
"value" : "7e609404cc258bbe283bea6ddd7af293" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"SOURDOUGH\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157414" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "c1ed33fd-2f2e-4284-a413-3f05b7d59e93" ,
"value" : "502136707a70b768800640224e48c634057dc651892113b62522f0dd2fcf1e87" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"SOURDOUGH\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "SPICYTUNA" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157328" ,
"uuid" : "7bda7be8-2c04-46cb-97f1-483ead532476" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "be3c4932-cda2-456d-bfb9-7274120b4306" ,
"value" : "1f6c7c9219f6b6ea30cd481968ae1a038789be67" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "539781e8-c9d2-4a09-924d-833b82e38f2f" ,
"value" : "0821884168a644f3c27176a52763acc9" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "3f11010a-7774-41c7-9690-216df1878636" ,
"value" : "e7fae41c0bd8d3d95253bd75dce99015599ecc404bd8d737cec305fc3e4dd018" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "SPICYTUNA" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684157328" ,
"uuid" : "f2d66bf0-be0d-4edd-8ab5-0104eefeaa39" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "cf3badcd-7539-4dc8-a78d-3378276a89aa" ,
"value" : "636f2c20183b45691b742949d49b3d6c218c9cce" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "b3a1034c-ca67-4796-90dc-fbd954806da3" ,
"value" : "8ca84c206fe8436dcc92bf6c1f7cf168" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684157328" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "1273f2fe-df8b-49a2-9c81-99659829110e" ,
"value" : "7943bf9cc7b2adf50f7f92dd37347381e6d0aef23b34a3cd0a3afcda1d72e16d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"SPICYTUNA\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "TROIBOMB" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684156828" ,
"uuid" : "f64f1aab-3dbd-4f53-af57-270c24c7934b" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684156828" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "7b8a84a3-6f32-48da-abbf-d3c64e63738d" ,
"value" : "11f646095495d625e7d71038578cc838a6d5e111" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"TROIBOMB\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684156828" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "8504be8e-3c34-400c-b709-c97a95991280" ,
"value" : "18df13900f118158c33df904c662e875" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"TROIBOMB\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684156828" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "fc4ba564-caf8-4d3a-8775-5ccf3b2d2eef" ,
"value" : "98d4471fe549bb3067ac2f2d9afd50ed1baaddab41ec4270834989e7f1ade14d" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:backdoor=\"TROIBOMB\"" ,
"relationship_type" : ""
}
]
}
]
} ,
{
"comment" : "VENOMBITE" ,
"deleted" : false ,
"description" : "File object describing a file with meta-information" ,
"meta-category" : "file" ,
"name" : "file" ,
"template_uuid" : "688c46fb-5edb-40a3-8273-1af7923e2215" ,
"template_version" : "24" ,
"timestamp" : "1684155558" ,
"uuid" : "3620045f-c2a1-427d-b8cf-c413322cbf6e" ,
"Attribute" : [
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha1" ,
"timestamp" : "1684155557" ,
"to_ids" : true ,
"type" : "sha1" ,
"uuid" : "3d8768d4-8c19-44ec-9404-fd29b9177d74" ,
"value" : "75c516dde8415494c288e349d440ce778dede8e3" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"VENOMBITE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "md5" ,
"timestamp" : "1684155558" ,
"to_ids" : true ,
"type" : "md5" ,
"uuid" : "be292c3a-c644-4751-ac97-1855cfe5e0a0" ,
"value" : "107f917a5ddb4d3947233fbc9d47ddc8" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"VENOMBITE\"" ,
"relationship_type" : ""
}
]
} ,
{
"category" : "Payload delivery" ,
"comment" : "" ,
"deleted" : false ,
"disable_correlation" : false ,
"object_relation" : "sha256" ,
"timestamp" : "1684155558" ,
"to_ids" : true ,
"type" : "sha256" ,
"uuid" : "5e6f0fee-3b7c-467c-9684-18dc6f46ef75" ,
"value" : "2d41b04f5d86047dc2353a10595418b0d5239c22112f36eb9d253b2e8b6eb0d0" ,
"Tag" : [
{
"colour" : "#0088cc" ,
"local" : "0" ,
"name" : "misp-galaxy:tool=\"VENOMBITE\"" ,
"relationship_type" : ""
}
]
}
]
}
2023-06-24 09:36:52 +00:00
]
2023-12-14 14:30:15 +00:00
}
2023-06-24 09:36:52 +00:00
}