{ "Event": { "analysis": "2", "date": "2023-01-19", "extends_uuid": "", "info": "[Threat Intel] Roaming Mantis implements new DNS changer in its malicious mobile app in 2022", "protected": false, "publish_timestamp": "1780040116", "published": true, "threat_level_id": "2", "timestamp": "1780040116", "uuid": "0b8b636e-eefc-4ab6-8ffb-a272030fda47", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Roaming Mantis\"", "relationship_type": "" }, { "colour": "#66e036", "local": false, "name": "misp-galaxy:target-information=\"Austria\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Wroba\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740782788", "to_ids": false, "type": "link", "uuid": "8fcfdedb-f5e2-4d66-8258-a9b17b01af82", "value": "https://securelist.com/roaming-mantis-dns-changer-in-malicious-mobile-app/108464/" }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021241", "to_ids": true, "type": "hostname", "uuid": "d2826862-990a-4820-adc5-9d1c49ddb6ad", "value": "1hy5.cwdqh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021263", "to_ids": true, "type": "hostname", "uuid": "0d44f1b4-434a-4d31-897e-2df0c55252be", "value": "3.wubmh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021284", "to_ids": true, "type": "hostname", "uuid": "035aa583-f604-4a46-8ac7-3ac7090c7c9f", "value": "3y.tmztp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021305", "to_ids": true, "type": "hostname", "uuid": "a2ba9bc5-b6a6-4cc3-857e-c94df91c9132", "value": "53th.xgunq.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021327", "to_ids": true, "type": "hostname", "uuid": "c00614f1-02ee-4b6b-ad03-b199b30f28d9", "value": "5c2d.zgngu.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021348", "to_ids": true, "type": "hostname", "uuid": "02063563-a092-41aa-b873-bb9a3c50af52", "value": "5.hmrgt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021369", "to_ids": true, "type": "hostname", "uuid": "dd5d62f1-87c7-4ab7-a155-0bcaa8fcddbb", "value": "8.ondqp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021390", "to_ids": true, "type": "hostname", "uuid": "7927bb7b-5c30-475f-b022-fb4764202ef7", "value": "9v.tbeew.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021411", "to_ids": true, "type": "hostname", "uuid": "0bbb9a70-d59b-4c8b-b128-1944e7d2f4cc", "value": "d.vbmtu.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021432", "to_ids": true, "type": "hostname", "uuid": "7bcd1f7b-e5fd-484d-b390-68a7def012a2", "value": "g.dguit.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021454", "to_ids": true, "type": "hostname", "uuid": "6b7063b1-b998-4053-ba1a-8bfa8bf8e21e", "value": "j.vbrui.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021475", "to_ids": true, "type": "hostname", "uuid": "5b3d3491-ece2-433f-bf91-050bb8d15bc3", "value": "k.uvqyo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021496", "to_ids": true, "type": "hostname", "uuid": "36f3d458-eb5e-4da7-b34c-745ed8a22bd6", "value": "kwdd.cehsg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021517", "to_ids": true, "type": "hostname", "uuid": "95e77eef-6089-4c51-8914-0f22e99965df", "value": "mh.mgtnv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021538", "to_ids": true, "type": "hostname", "uuid": "d12ffc12-072a-45f9-ac47-a544df31fdba", "value": "o.wgvpd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021559", "to_ids": true, "type": "hostname", "uuid": "2ad9311a-6e75-473a-b595-3fe5b4824793", "value": "r48.bgxbm.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021580", "to_ids": true, "type": "hostname", "uuid": "ee15c6f0-5372-412b-95c2-6f2b4368ad09", "value": "t9o.qcupn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021601", "to_ids": true, "type": "hostname", "uuid": "f03ebd04-3494-40a2-bf8e-34c6c586b65c", "value": "vj.nrgsd.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021622", "to_ids": true, "type": "hostname", "uuid": "e7558f4d-713f-4613-9bb1-6f3db7a5ce95", "value": "w3.puvmw.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021644", "to_ids": true, "type": "hostname", "uuid": "9b5cb16d-e5ff-430f-9bb5-9ac460dc46f4", "value": "xtc9.rvnbg.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1747021665", "to_ids": true, "type": "hostname", "uuid": "82b97ce3-875f-42fa-ae81-30a74279d697", "value": "y.vpyhc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040038", "to_ids": true, "type": "ip-dst", "uuid": "4744be4f-4302-4413-bc0d-4522ef21523b", "value": "103.80.134.40", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040039", "to_ids": true, "type": "ip-dst", "uuid": "f531ad9c-564f-4ab5-9e7c-c9dba023dfac", "value": "103.80.134.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040041", "to_ids": true, "type": "ip-dst", "uuid": "97004e45-a8fc-4ce1-beee-8f6ad7b92d94", "value": "103.80.134.42", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040042", "to_ids": true, "type": "ip-dst", "uuid": "5491b404-685a-4d78-9b3c-082600ca9df2", "value": "103.80.134.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040044", "to_ids": true, "type": "ip-dst", "uuid": "0952abe9-b3d2-4d99-a748-e6b6f067f03c", "value": "103.80.134.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040045", "to_ids": true, "type": "ip-dst", "uuid": "e5a6cdf5-7a1b-49a0-99ce-dad316ef3c60", "value": "103.80.134.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040047", "to_ids": true, "type": "ip-dst", "uuid": "5a3d47f2-6c50-47e4-b35a-0bdbd48ce196", "value": "103.80.134.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040048", "to_ids": true, "type": "ip-dst", "uuid": "698bd198-a1b2-4f1b-a2b5-bb0196d65cf1", "value": "103.80.134.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040050", "to_ids": true, "type": "ip-dst", "uuid": "bb1fd205-26c7-4752-bcdd-d4ee1b94e533", "value": "103.80.134.53", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040052", "to_ids": true, "type": "ip-dst", "uuid": "c3a88ff4-062e-4a73-872a-db4e88e26ef1", "value": "103.80.134.54", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#27b855", "local": false, "name": "asn:asn=\"3786\"", "relationship_type": "" }, { "colour": "#0613f3", "local": false, "name": "asn:as-owner=\"LGDACOM LG DACOM Corporation\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040053", "to_ids": true, "type": "ip-dst", "uuid": "71c3a432-c029-495b-8d95-0f92959374d3", "value": "134.122.137.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040055", "to_ids": true, "type": "ip-dst", "uuid": "4ea107f6-73f8-4135-8026-cc12ce84945d", "value": "134.122.137.15", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040056", "to_ids": true, "type": "ip-dst", "uuid": "b706fd89-ec43-4964-b4ff-6595a967bb2a", "value": "134.122.137.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040058", "to_ids": true, "type": "ip-dst", "uuid": "d6678eaf-b3bd-4981-869b-f8f8f527de35", "value": "199.167.138.36", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040061", "to_ids": true, "type": "ip-dst", "uuid": "a0153487-e83e-4e83-ac0e-fa735f60a5d7", "value": "199.167.138.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040062", "to_ids": true, "type": "ip-dst", "uuid": "1b7e9608-2272-421e-81e8-1d016f22225b", "value": "199.167.138.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040064", "to_ids": true, "type": "ip-dst", "uuid": "b60c71aa-410a-4b40-9199-afb4bcd18a73", "value": "199.167.138.40", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040066", "to_ids": true, "type": "ip-dst", "uuid": "314e83a8-074e-400f-8562-b46dd7259b57", "value": "199.167.138.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040067", "to_ids": true, "type": "ip-dst", "uuid": "20cc2e8a-2cc4-4f06-9ac2-c86befa4d756", "value": "199.167.138.43", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040069", "to_ids": true, "type": "ip-dst", "uuid": "422a2c10-4d6a-4d4c-a478-838836035468", "value": "199.167.138.44", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040072", "to_ids": true, "type": "ip-dst", "uuid": "ff6ca8ef-4e01-4e57-9ba7-6a6732f20237", "value": "199.167.138.45", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040074", "to_ids": true, "type": "ip-dst", "uuid": "a860dffe-0f68-4c92-af8c-7fb197c72d97", "value": "199.167.138.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040075", "to_ids": true, "type": "ip-dst", "uuid": "466ea2fe-f5a9-49ad-9fda-71e4c586c07f", "value": "199.167.138.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040077", "to_ids": true, "type": "ip-dst", "uuid": "d4418e60-2f16-4783-b286-ee044202b884", "value": "199.167.138.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040079", "to_ids": true, "type": "ip-dst", "uuid": "59283394-042d-43d4-9beb-7b7d8188997d", "value": "199.167.138.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040081", "to_ids": true, "type": "ip-dst", "uuid": "6ae05c9c-7985-4a11-bd74-1ac2df4512e3", "value": "27.124.36.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040083", "to_ids": true, "type": "ip-dst", "uuid": "25ac03c5-14f1-4e55-824a-a0f02d3dc6c5", "value": "27.124.36.34", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040084", "to_ids": true, "type": "ip-dst", "uuid": "8b22842d-7260-46a9-b992-ec672b2edd36", "value": "27.124.36.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040086", "to_ids": true, "type": "ip-dst", "uuid": "a72a3625-35e7-43bf-ac7f-c97bd609ad92", "value": "27.124.39.241", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040088", "to_ids": true, "type": "ip-dst", "uuid": "bb23cc0e-c2b2-4804-a959-8b6733c0d595", "value": "27.124.39.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040089", "to_ids": true, "type": "ip-dst", "uuid": "33f1edf3-d349-4547-b9e6-c4ef19704847", "value": "27.124.39.243", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#dd0399", "local": false, "name": "asn:asn=\"152194\"", "relationship_type": "" }, { "colour": "#8c0628", "local": false, "name": "asn:as-owner=\"CTGSERVERLIMITED-AS-AP CTG Server Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040092", "to_ids": true, "type": "ip-dst", "uuid": "a4e3db7c-630d-4d3a-a9f4-78303461d9a3", "value": "91.204.227.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040093", "to_ids": true, "type": "ip-dst", "uuid": "a4c31a23-c559-408c-942d-a57149d34189", "value": "91.204.227.132", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040095", "to_ids": true, "type": "ip-dst", "uuid": "37d1a539-81e4-43a6-9e76-6e362beb7250", "value": "91.204.227.144", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040096", "to_ids": true, "type": "ip-dst", "uuid": "327619ba-f269-4fa1-8325-51e5e1f6ee02", "value": "91.204.227.145", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs of landing pages", "deleted": false, "disable_correlation": false, "timestamp": "1780040098", "to_ids": true, "type": "ip-dst", "uuid": "295437ec-780c-4644-b132-615fdd64201e", "value": "91.204.227.146", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Rogue DNS", "deleted": false, "disable_correlation": false, "timestamp": "1780040099", "to_ids": true, "type": "ip-dst", "uuid": "100b88cf-77c8-4de2-b855-dc5a71536aba", "value": "193.239.154.15", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#72741f", "local": false, "name": "asn:asn=\"136038\"", "relationship_type": "" }, { "colour": "#f49ce4", "local": false, "name": "asn:as-owner=\"HDTIDCCLOUD-AS-AP HDTIDC LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Rogue DNS", "deleted": false, "disable_correlation": false, "timestamp": "1780040101", "to_ids": true, "type": "ip-dst", "uuid": "1d7ff73d-13e7-4c02-b631-0fbdd4737b37", "value": "193.239.154.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#72741f", "local": false, "name": "asn:asn=\"136038\"", "relationship_type": "" }, { "colour": "#f49ce4", "local": false, "name": "asn:as-owner=\"HDTIDCCLOUD-AS-AP HDTIDC LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Rogue DNS", "deleted": false, "disable_correlation": false, "timestamp": "1780040103", "to_ids": true, "type": "ip-dst", "uuid": "8f9ee5da-3641-4d05-93e9-4a0ae97c3807", "value": "193.239.154.17", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#72741f", "local": false, "name": "asn:asn=\"136038\"", "relationship_type": "" }, { "colour": "#f49ce4", "local": false, "name": "asn:as-owner=\"HDTIDCCLOUD-AS-AP HDTIDC LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Rogue DNS", "deleted": false, "disable_correlation": false, "timestamp": "1780040104", "to_ids": true, "type": "ip-dst", "uuid": "3bf35833-b52d-4306-8974-1d84ad3ac519", "value": "193.239.154.18", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#72741f", "local": false, "name": "asn:asn=\"136038\"", "relationship_type": "" }, { "colour": "#f49ce4", "local": false, "name": "asn:as-owner=\"HDTIDCCLOUD-AS-AP HDTIDC LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Rogue DNS", "deleted": false, "disable_correlation": false, "timestamp": "1780040106", "to_ids": true, "type": "ip-dst", "uuid": "e71ce9f0-b717-4a89-ab08-01106ad822df", "value": "193.239.154.22", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#72741f", "local": false, "name": "asn:asn=\"136038\"", "relationship_type": "" }, { "colour": "#f49ce4", "local": false, "name": "asn:as-owner=\"HDTIDCCLOUD-AS-AP HDTIDC LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Providing live rogue DNS server", "deleted": false, "disable_correlation": false, "timestamp": "1747022550", "to_ids": true, "type": "url", "uuid": "7ed88129-eea7-453c-b0ee-7e904c3ff773", "value": "107.148.162.237:26333/sever.ini", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022571", "to_ids": true, "type": "url", "uuid": "0dcdc7f3-4cd8-4f15-abd3-f8dace5853f4", "value": "http://m.vk.com/id668999378?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022592", "to_ids": true, "type": "url", "uuid": "40a6cdbf-b1d7-4ea8-a245-75cae4887941", "value": "http://m.vk.com/id669000526?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022613", "to_ids": true, "type": "url", "uuid": "0402fcad-d01a-4685-907e-7d05ef26629b", "value": "http://m.vk.com/id669000956?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022634", "to_ids": true, "type": "url", "uuid": "a392b6e1-0207-478e-a141-fad1e62adea1", "value": "http://m.vk.com/id674309800?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022656", "to_ids": true, "type": "url", "uuid": "ca84706d-52d3-4dc8-9d3f-3f093aa549f5", "value": "http://m.vk.com/id674310752?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022677", "to_ids": true, "type": "url", "uuid": "461ad1b8-e9e1-49e5-bb08-283baa655f7d", "value": "http://m.vk.com/id730148259?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022698", "to_ids": true, "type": "url", "uuid": "290c146b-0da8-4643-ad63-791424e7b15c", "value": "http://m.vk.com/id730149630?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022719", "to_ids": true, "type": "url", "uuid": "ad2268d8-78a0-4c71-b0f5-06691b3752a1", "value": "http://m.vk.com/id761343811?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022740", "to_ids": true, "type": "url", "uuid": "c4fee40e-8fc5-479d-9531-105062c47d59", "value": "http://m.vk.com/id761345428?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022761", "to_ids": true, "type": "url", "uuid": "aaaf5d93-e68f-478d-9ba3-c43a0d3664d5", "value": "http://m.vk.com/id761346006?act=info", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022782", "to_ids": true, "type": "url", "uuid": "69ec1451-3a28-4cb1-98d5-22f93cf86e7b", "value": "https://www.youtube.com/channel/UCP5sKzxDLR5yhO1IB4EqeEg/about", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022804", "to_ids": true, "type": "url", "uuid": "3c716eb8-5c70-4a8b-a845-6f61c117d4b6", "value": "https://docs.google.com/document/d/1s0n64k12_r9MglT5m9lr63M5F3e-xRyaMeYP7rdOTrA/mobilebasic", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Suspicious accounts/pages of some legitimate services for obtaining C2s", "deleted": false, "disable_correlation": false, "timestamp": "1747022825", "to_ids": true, "type": "url", "uuid": "78cbc586-dc37-4d75-b195-cad34aa4d2d1", "value": "https://docs.google.com/document/d/1IIB6hhf_BB1DaxzC1aNfLEG1K97LsPsN55AT5pFWYKo/mobilebasic", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040108", "to_ids": true, "type": "ip-dst", "uuid": "1685db35-0714-441b-ad6e-21028cbe67ec", "value": "91.204.227.32", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040109", "to_ids": true, "type": "ip-dst", "uuid": "7ae1887e-5025-41d3-897a-682c1d7de512", "value": "91.204.227.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040111", "to_ids": true, "type": "ip-dst", "uuid": "99b62549-d7cd-48e8-8da7-a9322e87f908", "value": "92.204.255.173", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220b21", "local": false, "name": "asn:asn=\"29066\"", "relationship_type": "" }, { "colour": "#5847ca", "local": false, "name": "asn:as-owner=\"VELIANET-AS velia.net Internetdienste GmbH\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040113", "to_ids": true, "type": "ip-dst", "uuid": "702680d3-6454-495c-8307-45177918eb3d", "value": "91.204.227.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#67e164", "local": false, "name": "asn:asn=\"205960\"", "relationship_type": "" }, { "colour": "#428565", "local": false, "name": "asn:as-owner=\"KIDC\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040114", "to_ids": true, "type": "ip-dst", "uuid": "c70ec443-2a52-4dbf-a6e2-5e1b752dc8c3", "value": "118.160.36.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#65b804", "local": false, "name": "asn:asn=\"3462\"", "relationship_type": "" }, { "colour": "#d9a2f4", "local": false, "name": "asn:as-owner=\"HINET Data Communication Business Group\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C&C", "deleted": false, "disable_correlation": false, "timestamp": "1780040116", "to_ids": true, "type": "ip-dst", "uuid": "6cb928c9-b832-4fc1-b2af-28e9fe17e151", "value": "198.144.149.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a521f9", "local": false, "name": "asn:asn=\"7040\"", "relationship_type": "" }, { "colour": "#d46498", "local": false, "name": "asn:as-owner=\"NETMINDERS\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Hardcoded default ID and password to compromise DNS settings using the URL query", "deleted": false, "disable_correlation": false, "timestamp": "1746833216", "to_ids": false, "type": "text", "uuid": "6a108992-6de6-4e76-93ff-2b77c36c83cc", "value": "admin:admin" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747022972", "uuid": "c444adce-882e-4593-9e27-7ed82c4ffb64", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747022972", "to_ids": true, "type": "md5", "uuid": "5ad1bc70-d654-4a39-9892-f1916de3dc44", "value": "2036450427a6f4c39cd33712aa46d609", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792127", "to_ids": true, "type": "sha1", "uuid": "137bffb4-7d02-4e21-abb7-edb5ec250ed9", "value": "d93facaa2e5c9d792aec186315f932bdf2934c15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792127", "to_ids": true, "type": "sha256", "uuid": "e2e454b6-81b0-4639-a3f9-20c99acc5915", "value": "520a9cfd38933a632741a9a89a599930412d9f893185f78740cf6d46dba21455", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792127", "to_ids": true, "type": "ssdeep", "uuid": "336a80ea-24c1-41c4-bb3c-efaaa29f3782", "value": "6144:BwZBEHTUglVXX84kx+a8aSJ8+jqcVcB0puZVp7fi4:+ZB6Ugfn8/5SJ8s6BbpT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792127", "to_ids": false, "type": "size-in-bytes", "uuid": "45fbf4bc-e95d-4c95-99e6-14562eb80b1f", "value": "291321" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792127", "to_ids": true, "type": "vhash", "uuid": "321e66a5-ddd8-4d45-9783-d788ae86637c", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792127", "to_ids": true, "type": "filename", "uuid": "070001aa-cbf0-40f2-85a4-fd57208ad3bc", "value": "chrome.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792127", "to_ids": false, "type": "text", "uuid": "f31c757e-8706-444e-8ab9-795c1b66d0f8", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: Trojan:Linux/Multiverze\nVT Total Detection:33/70\nFirst Submission:2022-12-01T05:22:30.000000+00:00\nLast Submission:2022-12-12T05:03:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747022993", "uuid": "9514fed7-200d-4c70-b749-1652ec0d5b85", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747022993", "to_ids": true, "type": "md5", "uuid": "46b9d36b-f18e-4ca6-92ff-c8a1bfa8f48a", "value": "8efae5be6e52a07ee1c252b9a749d59f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792149", "to_ids": true, "type": "sha1", "uuid": "a6654c2c-4cfb-46f4-99f9-7cd6f0406106", "value": "91ade4e246d0af33f71c4c8d6220ad390671df09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792149", "to_ids": true, "type": "sha256", "uuid": "73686b58-ab05-4391-a6cd-07a1fe501eac", "value": "6826475f9f9f780b24b6cbe01ca48db491e124938523508eb52bbfee5072a561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792149", "to_ids": true, "type": "ssdeep", "uuid": "e23b1393-9125-42b6-9043-288c8f2642d7", "value": "6144:wfohRxsFXdei4INSysymC8b67RJ4BbTGvy/LVxvWr9wsfXDDEvoyc:nRs0wNH8b67Azer9vTDE4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792149", "to_ids": false, "type": "size-in-bytes", "uuid": "34bcb094-276e-45a0-a531-8ed7de985ae3", "value": "290968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792149", "to_ids": true, "type": "vhash", "uuid": "d09c3f92-4e01-43a9-9ef8-d6a68f4751c1", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792149", "to_ids": true, "type": "filename", "uuid": "60fedc26-9b46-472c-847d-926aa9dbfa84", "value": "chrome.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792149", "to_ids": false, "type": "text", "uuid": "e374c581-7041-43df-bb3a-3efbd0a3ab2f", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/Wroba.L!MTB\nVT Total Detection:37/71\nFirst Submission:2022-11-21T18:28:03.000000+00:00\nLast Submission:2023-01-29T12:18:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747023014", "uuid": "d02364a8-df38-457b-8973-0e5f0f9b87a5", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747023014", "to_ids": true, "type": "md5", "uuid": "9b88254a-7f0d-4216-b3a5-fccc63301c87", "value": "95a9a26a95a4ae84161e7a4e9914998c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792171", "to_ids": true, "type": "sha1", "uuid": "8ec336b3-ff5e-4610-8e51-80c86d6ebcb5", "value": "309bc5b080051654c22568b437b69887f2f1ba90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792171", "to_ids": true, "type": "sha256", "uuid": "d48b244d-30cf-4efd-ae89-4555f8891cd2", "value": "bd3ead7a492f319cfa61b854f2f5d7217b02dd9f71a8833c49bb5873d6af69f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792171", "to_ids": true, "type": "ssdeep", "uuid": "29a872f1-7d0d-4058-903e-103954637e4d", "value": "6144:jvJXQsFXdei4buyluqPEv8PXfiG/vIy0b4byVY4gtskWY1udeGnmCPn:rJX10DlGv8PXfP/LbyuvWTdeGp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792171", "to_ids": false, "type": "size-in-bytes", "uuid": "7fc99b84-8f8a-4f80-8f5d-96461e09e1fd", "value": "291607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792171", "to_ids": true, "type": "vhash", "uuid": "16e74ac1-1650-42d3-b427-efa9671326a4", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792171", "to_ids": true, "type": "filename", "uuid": "ca9f8f3f-d5ea-4e51-901a-3d91768fa274", "value": "chrome.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792171", "to_ids": false, "type": "text", "uuid": "0eb3eb88-7977-45ca-bb53-65118f17a6e6", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:30/70\nFirst Submission:2022-12-10T15:36:10.000000+00:00\nLast Submission:2022-12-12T08:48:02.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747023035", "uuid": "91c37cdd-e4ef-4250-966f-6f01e37bc91a", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747023035", "to_ids": true, "type": "md5", "uuid": "7fc54f5e-b58d-490c-ba6a-c0bc3e23be48", "value": "ab79c661dd17aa62e8acc77547f7bd93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792193", "to_ids": true, "type": "sha1", "uuid": "ff9dc1b8-a7af-4f1b-8697-f6e0dcf27a47", "value": "5597d87f0b0783b9c27f09abb3fc8799b8c21238", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792193", "to_ids": true, "type": "sha256", "uuid": "639f5118-a964-4f7d-9e69-66ca17e03db7", "value": "89e593dc246cb0b4ef8decf59c3260697677e703d609a24807cb6ea58c0deda4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792192", "to_ids": true, "type": "ssdeep", "uuid": "91b0275f-e618-4569-aeb9-a9353a22d2dd", "value": "6144:ZvJXQsFXdei4buylulXTOefiG/vIy0b4byVY4gtskWY1udeGnmCPJD03b7:hJX10DlCTOefP/LbyuvWTdeGHo3b7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792192", "to_ids": false, "type": "size-in-bytes", "uuid": "1b2c8a95-507d-424b-81e3-5febea26f274", "value": "291646" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792192", "to_ids": true, "type": "vhash", "uuid": "86b0949b-d02d-4184-bef0-21d5c322f7db", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792192", "to_ids": true, "type": "filename", "uuid": "f7b87aaf-f19f-41cc-9f80-11f0c6d97301", "value": "4bfafd91-sample.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792192", "to_ids": false, "type": "text", "uuid": "43d01770-0e9d-4888-916c-b1822f6127fa", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/Wroba.M!MTB\nVT Total Detection:30/70\nFirst Submission:2022-12-10T09:41:35.000000+00:00\nLast Submission:2023-08-13T13:27:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747023056", "uuid": "f1418973-24e6-42f7-87d3-4afda54da7c7", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747023056", "to_ids": true, "type": "md5", "uuid": "99ba6ab8-3633-4574-abf6-93af79cf859c", "value": "d27b116b21280f5ccc0907717f2fd596", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792214", "to_ids": true, "type": "sha1", "uuid": "f35fbedf-d0c8-4f79-9acb-f17c31c7f8f5", "value": "90cb7775a846cf7ddc3001cdc145ee2ccbee5d3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792214", "to_ids": true, "type": "sha256", "uuid": "808174c7-8847-47bc-a821-ed714798b5ea", "value": "6257da70cb01826a6ce575e23cd2e42a0dbdc742f9b529f06fa9a13224701823", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792214", "to_ids": true, "type": "ssdeep", "uuid": "5f487492-2620-4be5-a5a9-d45b4754a861", "value": "6144:3dvwcehNrxorDA2agYwU/+OG33QZxNvqruYPFYDuBvmKpKu:toce+vAFZ+OG38jWGEmKpn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792214", "to_ids": false, "type": "size-in-bytes", "uuid": "a4711d21-caac-4bb5-b622-e917a01c3a9e", "value": "291518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792214", "to_ids": true, "type": "vhash", "uuid": "2ab172e7-4d7c-4672-aa01-aaf167036114", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792214", "to_ids": true, "type": "filename", "uuid": "bef9f94c-ff5e-4144-851c-6a4853679dc5", "value": "chrome.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792214", "to_ids": false, "type": "text", "uuid": "908e07b5-eeef-4dba-bbc6-f002b2e5a48c", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:29/70\nFirst Submission:2022-12-09T10:01:18.000000+00:00\nLast Submission:2022-12-10T19:22:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747023077", "uuid": "46b86ee4-4c64-4e58-b882-fb3b9b9dc74f", "Attribute": [ { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747023077", "to_ids": true, "type": "md5", "uuid": "21fc9071-a5ef-4e4c-adea-654433362d1a", "value": "f9e43cc73f040438243183e1faf46581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746792235", "to_ids": true, "type": "sha1", "uuid": "feba5a24-ef90-4065-855d-fe310718c8f9", "value": "9a08e1c0b1ad9f0155fa11313402080a208e127a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Wroba.o", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746792235", "to_ids": true, "type": "sha256", "uuid": "2073bc37-6cfc-4652-a659-d84e481dc4e8", "value": "780992147fd4b8fd5c780f4fe1a5237a1729c61ec99dda010fe9313bb5ef5bac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746792235", "to_ids": true, "type": "ssdeep", "uuid": "3397d9ae-845e-42ac-a503-5fb2ea10feea", "value": "6144:5XYpa+kK2t7Jh9rsCLes8VjR/lrGM35UXBk7ygJ9aNBz:X+kKiFh9rsyR8VV/lp5UXBYEz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746792235", "to_ids": false, "type": "size-in-bytes", "uuid": "dd04e792-f3a4-4ef6-ac9c-15ccd835d1a6", "value": "261689" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746792235", "to_ids": true, "type": "vhash", "uuid": "85357f08-9902-4e59-809c-8db64e520fa4", "value": "0b3243e5056a5c57c5add6aeadcaa2e0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746792235", "to_ids": true, "type": "filename", "uuid": "aff1a56c-792c-4d94-8faf-0f9cc7d63c38", "value": "japanpost.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 17/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746792235", "to_ids": false, "type": "text", "uuid": "ecc0d54b-6d9f-4bbe-b9e3-31b2be668f0f", "value": "Wroba.o\r\nType Description: Android\nMicrosoft: TrojanDropper:AndroidOS/Wroba.F!MTB\nVT Total Detection:33/71\nFirst Submission:2022-08-04T06:53:29.000000+00:00\nLast Submission:2022-12-12T16:00:07.000000+00:00" } ] } ] } }