{ "Event": { "analysis": "2", "date": "2018-07-10", "extends_uuid": "", "info": "[Threat Intel] Chinese Espionage Group TEMP.Periscope Targets Cambodia Ahead of July 2018 Elections and Reveals Broad Operations Globally", "protected": false, "publish_timestamp": "1780039858", "published": true, "threat_level_id": "1", "timestamp": "1772901984", "uuid": "025e2482-fbbe-402c-9f57-7c0b70fe34cb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Google Cloud Blog\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#e6caf2", "local": false, "name": "misp-galaxy:target-information=\"Switzerland\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Academia - University\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Chemical\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Engineering\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Shipping\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"AIRBREAK\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"HTran\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"homefry\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"murkytop\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"scanbox\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740406432", "to_ids": false, "type": "link", "uuid": "108b63d6-b208-4fda-9834-beb31a2aadc4", "value": "https://cloud.google.com/blog/topics/threat-intelligence/chinese-espionage-group-targets-cambodia-ahead-of-elections/" }, { "category": "Network activity", "comment": "AIRBREAK downloaders - Redirect Site (Not Malicious)", "deleted": false, "disable_correlation": false, "timestamp": "1746535288", "to_ids": true, "type": "url", "uuid": "a73cddea-e22c-415a-ace8-718a5d29892b", "value": "en.freshnewsasia.com/index.php/en/8623-2018-04-26-10-12-46.html", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK C2", "deleted": false, "disable_correlation": false, "timestamp": "1746535309", "to_ids": true, "type": "domain", "uuid": "a1cf5d17-30d8-4d48-80a5-0dcd95f4b06e", "value": "chemscalere.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK downloaders - Redirect Site (Not Malicious)", "deleted": false, "disable_correlation": false, "timestamp": "1746535330", "to_ids": true, "type": "url", "uuid": "2206e1af-240c-4490-bd03-ffbb32b0e930", "value": "iric.gov.kh/LICADHO/Interview-Questions.pdf", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746531496", "to_ids": true, "type": "md5", "uuid": "8b9e722e-5157-4863-9ebb-284681b503d3", "value": "c8fdd2b2ddec970fa69272fdf5ee86cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK C2", "deleted": false, "disable_correlation": false, "timestamp": "1746535353", "to_ids": true, "type": "domain", "uuid": "6e423801-f64f-4f81-b4dd-a71828228f9c", "value": "scsnewstoday.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK downloaders - Redirect Site (Not Malicious)", "deleted": false, "disable_correlation": false, "timestamp": "1746535375", "to_ids": true, "type": "url", "uuid": "936c8aa8-fe3f-4150-9ae1-0bb2b59b39e7", "value": "atimes.com/article/philippines-draws-three-hard-new-lines-on-china/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK C2", "deleted": false, "disable_correlation": false, "timestamp": "1746535397", "to_ids": true, "type": "domain", "uuid": "027a07ed-449c-40ac-9794-cf3a6b6a16a6", "value": "mlcdailynews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK downloaders - Redirect Site (Not Malicious)", "deleted": false, "disable_correlation": false, "timestamp": "1746535417", "to_ids": true, "type": "url", "uuid": "4b40085e-cbd6-4b76-8aba-c2e227dce45c", "value": "facebook.com/CNR.Movement/videos/190313618267633/", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "AIRBREAK C2", "deleted": false, "disable_correlation": false, "timestamp": "1746535438", "to_ids": true, "type": "domain", "uuid": "a7af7eb8-c1c9-418e-8f47-d9968b4bd292", "value": "partyforumseasia.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746535460", "uuid": "0bd338eb-1853-4740-a8d8-e45532d8224f", "Attribute": [ { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746535460", "to_ids": true, "type": "md5", "uuid": "dd5bb766-ae79-4cdf-ae67-525dc8fa6837", "value": "3c51c89078139337c2c92e084bb0904c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516072", "to_ids": true, "type": "sha1", "uuid": "e9569cdf-e537-41da-8cf3-5c24da48f1c0", "value": "fbd17cd58a6e584277d621f1cb2d471fba884990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516072", "to_ids": true, "type": "sha256", "uuid": "94fe1b20-b905-4205-8208-ca4e7439544f", "value": "075e66b5c3c5c2ce6f9d3aea86a72fed09f0eb91c03ec7dbbdb17d9d851807c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516072", "to_ids": true, "type": "ssdeep", "uuid": "f6b744ee-fa01-4d23-ace9-5d6658c06c25", "value": "192:OHIVjS6kUYgssXY3l7QSx7Jce0hkkLryqK/zgBe2hNMaG:NO6kUYgssI3l7QSx7Jce0ekLFK0Be2hm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516072", "to_ids": false, "type": "size-in-bytes", "uuid": "51319e0a-c274-4d11-b7e9-2b6473d888af", "value": "10578" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746516072", "to_ids": true, "type": "vhash", "uuid": "89b75054-99c1-4222-a3d1-c40446f8b3aa", "value": "726a4879f81de04a18db34791d0a1d19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516072", "to_ids": true, "type": "filename", "uuid": "5a80e905-2e9a-479a-bec9-a0e902220122", "value": "TOP_NEWS_Japan_to_Support_the_Election.js" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 06/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516072", "to_ids": false, "type": "text", "uuid": "5c133fb0-0de8-4820-ad25-4fb228b255d8", "value": "AIRBREAK downloaders\r\nType Description: JavaScript\nMicrosoft: TrojanDownloader:JS/Airbreak.A!dha\nVT Total Detection:35/61\nFirst Submission:2018-06-04T06:46:02.000000+00:00\nLast Submission:2021-11-08T08:49:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746535481", "uuid": "6814f396-a188-4e64-8a50-71be46c2c3da", "Attribute": [ { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746535481", "to_ids": true, "type": "md5", "uuid": "be9569d9-ae0c-4b8c-96c4-99d355c73f9b", "value": "e413b45a04bf5f812912772f4a14650f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516093", "to_ids": true, "type": "sha1", "uuid": "e5263190-72d4-4aa7-8d94-24e85775147d", "value": "edd6ec5084171793c4c73b0edb9b608cedada3a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516094", "to_ids": true, "type": "sha256", "uuid": "a1adc795-5ccf-43ac-84de-3070673238f3", "value": "9019d4876b049a867857e09fa50d10205e1c0d3d8ec6120f68c6e25a2bcc0222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516093", "to_ids": true, "type": "ssdeep", "uuid": "9370b3ca-a0e9-440f-9cd7-c7227d0c25e0", "value": "192:EH0oS6kUYgssXY3l7QSx7Jce0mkLryqKL5VZd6jFCbTPl1:L6kUYgssI3l7QSx7Jce0mkLFKL3v6jFm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516093", "to_ids": false, "type": "size-in-bytes", "uuid": "a3a0c896-b923-4028-a7fe-eb67fa860450", "value": "11094" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746516093", "to_ids": true, "type": "vhash", "uuid": "a5e6d6eb-13a7-4deb-8166-962a2ab7e1f6", "value": "2d1a308c3f38671062606a0f46361a97" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516093", "to_ids": true, "type": "filename", "uuid": "988dd8e9-45da-4f7d-b875-894ee48d65fd", "value": "[pdf]Interview-Questions.pdf.js" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516093", "to_ids": false, "type": "text", "uuid": "e0251a98-cc8a-4258-9bfd-c3f3037fe433", "value": "AIRBREAK downloaders\r\nType Description: JavaScript\nMicrosoft: TrojanDownloader:JS/Airbreak.A!dha\nVT Total Detection:34/61\nFirst Submission:2018-06-01T07:26:28.000000+00:00\nLast Submission:2021-11-08T08:49:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746535503", "uuid": "c425fb34-c9a6-4377-b679-b798e93fb881", "Attribute": [ { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746535503", "to_ids": true, "type": "md5", "uuid": "91c1e2e7-0e23-4c7e-8915-43a6624f5b5d", "value": "cf027a4829c9364d40dcab3f14c1f6b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516115", "to_ids": true, "type": "sha1", "uuid": "4124db39-7bc7-43ef-802b-16fb79f263e5", "value": "86c9d4374042b5556b5f3c68ceffb6e55975eb46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516115", "to_ids": true, "type": "sha256", "uuid": "74fad9d0-5dc9-4802-b0d3-80db9ca41b8d", "value": "c5985720c542567b906b2329036d872d0d4ab380d1ea19a38c5ec6551be380ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516114", "to_ids": true, "type": "ssdeep", "uuid": "122f7b36-2f3f-499d-b32c-4697c6a376f5", "value": "192:bHboS6kUYgssXY3l7QSx7Jce0mkLryqKL5VZd6jFCbTPlS:n6kUYgssI3l7QSx7Jce0mkLFKL3v6jFn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516114", "to_ids": false, "type": "size-in-bytes", "uuid": "57ecaef4-75a3-47bc-a689-42fe7612c93e", "value": "10873" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746516114", "to_ids": true, "type": "vhash", "uuid": "f1c84553-6157-4916-bd52-f7e4dc733b56", "value": "2d1a308c3f38671062606a0f46361a97" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516114", "to_ids": true, "type": "filename", "uuid": "dc90270e-072d-403e-9594-9206fcc375cf", "value": "[docx]Interview-Questions.docx.js" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 27/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516114", "to_ids": false, "type": "text", "uuid": "2a777c9c-0f73-4515-8cc6-7167454d1df1", "value": "AIRBREAK downloaders\r\nType Description: JavaScript\nMicrosoft: TrojanDownloader:JS/Airbreak.A!dha\nVT Total Detection:35/61\nFirst Submission:2018-05-23T09:34:42.000000+00:00\nLast Submission:2021-11-08T08:49:46.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746535524", "uuid": "f9c1df76-c9c7-42b9-a9a6-d55e6c47da45", "Attribute": [ { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746535524", "to_ids": true, "type": "md5", "uuid": "6a8e10ab-8cbc-4b4e-8b3c-a5aacb31f26b", "value": "5d6ad552f1d1b5cfe99ddb0e2bb51fd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516156", "to_ids": true, "type": "sha1", "uuid": "bc229c4c-ce2b-4965-a571-e46e50ef467c", "value": "cc16ed1f5bec78a6cbc0f5c92a446528f8d64849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516157", "to_ids": true, "type": "sha256", "uuid": "c2153107-c19e-46f6-a84c-001d482135c3", "value": "4b635ef54ee1ef41c2ee3a65399f51c8171de25ab7c5ad3bd2bbe4257420f014", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516156", "to_ids": true, "type": "ssdeep", "uuid": "1597a606-3226-457b-adc8-50937ee3eb2f", "value": "192:OHTBlS6kUYgssXY3l7QSx7Jce0LZkLryqKvBYBYbIdfP81FVuOKanaeaaa4ozOi7:Ea6kUYgssI3l7QSx7Jce0LZkLFKvBYBt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516156", "to_ids": false, "type": "size-in-bytes", "uuid": "60202220-f315-41ad-a7ed-ca2964ee7042", "value": "10876" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746516156", "to_ids": true, "type": "vhash", "uuid": "6827e609-2f87-4bec-bb47-1b8f5504de94", "value": "726a4879f81de04a18db34791d0a1d19" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516156", "to_ids": true, "type": "filename", "uuid": "ab8040f3-4bb2-418e-9074-11e677dba368", "value": "Philippines-draws-three-hard-new-lines-on-china .js" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 04/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516156", "to_ids": false, "type": "text", "uuid": "d063ac2d-012d-4f3e-addf-f49b6a7088b1", "value": "AIRBREAK downloaders\r\nType Description: JavaScript\nMicrosoft: TrojanDownloader:JS/Airbreak.A\nVT Total Detection:36/61\nFirst Submission:2018-06-04T06:35:09.000000+00:00\nLast Submission:2018-06-20T11:25:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746535545", "uuid": "2845d67a-9dae-434d-b8e6-47953829ba82", "Attribute": [ { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746535545", "to_ids": true, "type": "md5", "uuid": "e5e66ccb-005c-47bf-ac65-c50a4630ca96", "value": "217d40ccd91160c152e5fce0143b16ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746516178", "to_ids": true, "type": "sha1", "uuid": "d39414b1-337b-43ff-9df2-6cd130d2c21b", "value": "73b20ebef0b0070314509d21e6be3bdea0ffd6a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "AIRBREAK downloaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746516178", "to_ids": true, "type": "sha256", "uuid": "904de2d2-9200-48ed-863f-221b3026b973", "value": "8ccab994fe0d51741a5579f41c67e2fb43982fc8e52103a321347ec1792679db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746516177", "to_ids": true, "type": "ssdeep", "uuid": "4e8432ce-6c50-4da0-962d-3177a872d7ec", "value": "384:C9cJZJ+JDJBJsJqbJ8JlJJJlJ0JlJQJlJ1J0JjJrJk+JtRIJtaNJt0nJQJlJMIHe:X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746516177", "to_ids": false, "type": "size-in-bytes", "uuid": "89dc0eac-a059-4d1b-ac11-d40b67c4bfcb", "value": "60400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746516177", "to_ids": true, "type": "filename", "uuid": "52efa520-34d3-4383-9aa2-511861ae87eb", "value": "JS_WSH_8ccab994fe0d51741a5579f41c67e2fb43982fc8e52103a321347ec1792679db.js" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 08/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746516177", "to_ids": false, "type": "text", "uuid": "0093d810-2399-4d06-a6c2-8a4acff53c16", "value": "AIRBREAK downloaders\r\nType Description: Text\nMicrosoft: TrojanDownloader:JS/Airbreak!dha\nVT Total Detection:33/62\nFirst Submission:2018-06-04T04:33:52.000000+00:00\nLast Submission:2025-03-19T16:20:55.000000+00:00" } ] } ] } }