{ "Event": { "analysis": "2", "date": "2022-06-07", "extends_uuid": "", "info": "[Threat Intel] MA-834.052022: MyCERT Alert - SMSSpy campaign to steal Malaysian banking user credential", "protected": false, "publish_timestamp": "1780382493", "published": true, "threat_level_id": "2", "timestamp": "1780382493", "uuid": "145ab1a4-7880-4eb5-91f8-dd900a76997a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#9f9a68", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake Website\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740751669", "to_ids": false, "type": "link", "uuid": "abe6068f-eb0f-49a6-bc82-884c52aace2f", "value": "https://www.mycert.org.my/portal/details?menu=431fab9c-d24c-4a27-ba93-e92edafdefa5&id=c2a5b8c1-fe94-489e-a772-dbb9d0fb8968" }, { "category": "Network activity", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780039984", "to_ids": true, "type": "ip-dst", "uuid": "d6232a28-08d1-441f-a933-a3aff0870b54", "value": "139.162.61.96", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#680e86", "local": false, "name": "asn:asn=\"63949\"", "relationship_type": "" }, { "colour": "#edf21f", "local": false, "name": "asn:as-owner=\"AKAMAI-LINODE-AP Akamai Connected Cloud\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005164", "to_ids": true, "type": "ip-dst", "uuid": "3250d4ff-f091-4ba6-b0cc-900c54aeb986", "value": "185.244.150.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005185", "to_ids": true, "type": "domain", "uuid": "9063096e-6956-4dea-bf52-8c4a017fd3c1", "value": "token2.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382480", "to_ids": true, "type": "ip-dst", "uuid": "39579bdc-622e-4eb4-808d-ec479622f9c2", "value": "194.195.211.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#680e86", "local": false, "name": "asn:asn=\"63949\"", "relationship_type": "" }, { "colour": "#edf21f", "local": false, "name": "asn:as-owner=\"AKAMAI-LINODE-AP Akamai Connected Cloud\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005227", "to_ids": true, "type": "domain", "uuid": "cd9debb1-ff2b-4891-9c5a-7c4b4df22518", "value": "grabamaid-my.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382482", "to_ids": true, "type": "ip-dst", "uuid": "70085fcd-7dc4-477a-bb32-f9a09430431c", "value": "172.67.177.79", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005269", "to_ids": true, "type": "domain", "uuid": "0a6db89b-7dda-4728-ac27-197735b7c3a3", "value": "maidacalls.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382483", "to_ids": true, "type": "ip-dst", "uuid": "98797f6e-091d-4088-967f-e2eaddfe021b", "value": "172.67.205.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005312", "to_ids": true, "type": "domain", "uuid": "d2b413d0-db67-4abf-b6fd-ab9e83441427", "value": "petsmore.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382484", "to_ids": true, "type": "ip-dst", "uuid": "8a0e0f6c-63ef-4f4d-bcf4-844a826c4594", "value": "172.67.174.195", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005353", "to_ids": true, "type": "domain", "uuid": "6ddf8577-62e3-41b1-bb9d-afc9130be27b", "value": "cleangmy.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005375", "to_ids": true, "type": "domain", "uuid": "465cb0de-f118-4df9-83cb-cc73a60323ae", "value": "my-maid4us.site", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005396", "to_ids": true, "type": "domain", "uuid": "b167ba96-d6df-4f20-a354-c1322d9e619b", "value": "yourmaid.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005417", "to_ids": true, "type": "domain", "uuid": "90ffeeb3-ad86-4f6e-b7ab-686b26fc74ec", "value": "muapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005438", "to_ids": true, "type": "domain", "uuid": "bae684ce-ca0c-44b1-ada6-f2d7d9873474", "value": "grabsapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382486", "to_ids": true, "type": "ip-dst", "uuid": "ee46e706-8bf0-41f8-a628-ec4c50125124", "value": "104.21.19.184", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005480", "to_ids": true, "type": "domain", "uuid": "f42292f7-65a1-4b48-a0ed-3a044ebd3eeb", "value": "grabmyapks90.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382487", "to_ids": true, "type": "ip-dst", "uuid": "3443f8aa-64f3-402b-8bc4-bf0779f28af4", "value": "104.21.29.168", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005522", "to_ids": true, "type": "domain", "uuid": "7fbfc53a-9b13-43b3-b1ad-c01d17bd3ac5", "value": "m4apks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382488", "to_ids": true, "type": "ip-dst", "uuid": "3b1450d2-9531-4d9b-869e-2a3e5ed8a46c", "value": "172.67.208.54", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005564", "to_ids": true, "type": "domain", "uuid": "f22f52be-7ff3-4cbe-835f-2d540b2dee49", "value": "maid4uapks90.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382489", "to_ids": true, "type": "ip-dst", "uuid": "2baa25ee-7983-44c8-bdcd-8ebafebc500d", "value": "172.67.161.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005606", "to_ids": true, "type": "domain", "uuid": "dbaa0aac-4c65-4b29-a2a6-e05d1424fc2e", "value": "grabmaidsapks80.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382491", "to_ids": true, "type": "ip-dst", "uuid": "1d3fda41-cbe2-4956-a8f7-d2148ec13d2c", "value": "2.57.90.16", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6e3d21", "local": false, "name": "asn:asn=\"47583\"", "relationship_type": "" }, { "colour": "#ec60bc", "local": false, "name": "asn:as-owner=\"AS-HOSTINGER\"", "relationship_type": "" }, { "colour": "#0f6daf", "local": false, "name": "asn:as-country=\"CY\"", "relationship_type": "" }, { "colour": "#d60f3f", "local": false, "name": "misp-galaxy:country=\"cyprus\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005648", "to_ids": true, "type": "domain", "uuid": "0aa9c412-0293-422e-b154-a6118aa084b2", "value": "puapks.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382492", "to_ids": true, "type": "ip-dst", "uuid": "35d858d6-a106-4f44-8775-da0a2362e6f0", "value": "124.217.246.203", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b388f4", "local": false, "name": "asn:asn=\"45839\"", "relationship_type": "" }, { "colour": "#d72d0f", "local": false, "name": "asn:as-owner=\"SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1740751953", "to_ids": true, "type": "ip-dst|port", "uuid": "ecc7e153-7947-4a40-b880-7c0acb65f19d", "value": "124.217.246.203|8099" }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1780382493", "to_ids": true, "type": "ip-dst", "uuid": "ae2ae503-04d7-430d-9305-051197fdb1c5", "value": "172.67.166.180", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c4bd10", "local": false, "name": "asn:asn=\"13335\"", "relationship_type": "" }, { "colour": "#60003e", "local": false, "name": "asn:as-owner=\"CLOUDFLARENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "cleaning services campaign", "deleted": false, "disable_correlation": false, "timestamp": "1747005711", "to_ids": true, "type": "domain", "uuid": "44f57e3d-3613-470b-8e3c-729b99c626ed", "value": "meapks.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740752022", "to_ids": true, "type": "filename", "uuid": "ceecdf36-28d8-4382-8e39-c20ece502c33", "value": "mymaid_beta_v7.0.5.2.apk" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005732", "to_ids": true, "type": "url", "uuid": "5b23b80b-b3cf-4d7e-b114-d446d18d4c4a", "value": "https://api.lapubo.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005753", "to_ids": true, "type": "url", "uuid": "b607992d-5291-4e47-9740-c3db2f86f80b", "value": "https://mymaidkl.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747005774", "to_ids": true, "type": "url", "uuid": "e2c36e3b-d3b3-4f9b-a012-23d53aacfa68", "value": "https://mobile666.mymaidkl.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Person", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740752022", "to_ids": false, "type": "phone-number", "uuid": "e1aa0109-4792-44d7-afde-b9e5e3b925f6", "value": "+60172675873" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005795", "uuid": "0807b0d4-826d-4af4-9daa-c24769611469", "Attribute": [ { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005795", "to_ids": true, "type": "md5", "uuid": "b93f04a4-9225-4d53-b87b-13d25bd84b09", "value": "de2d81f884568834154507ecd0898bcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756678", "to_ids": true, "type": "sha1", "uuid": "2d12c3ba-49f3-4490-8cc4-48523e2b5fd4", "value": "78dc523f7c1e3fd4041626c0151828a0416a3547", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756678", "to_ids": true, "type": "sha256", "uuid": "24e3d1f2-a75f-4dd0-a46b-9527dd5b7d50", "value": "849d69c1f9d370f953ac99a7e96029f350dd6d02fbc21611ae610679e67f0c9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756678", "to_ids": true, "type": "ssdeep", "uuid": "2baa32de-5134-46fe-a9b4-057cce3145ca", "value": "49152:F2Q+MkWVbWdsSdyVu4Pn5L+opFVcbd0YKh5pC2y:cMxbSwVbn5L+S20YF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756678", "to_ids": false, "type": "size-in-bytes", "uuid": "06c4a67f-d5db-4c48-ab25-a9c8797b4d76", "value": "2145310" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756678", "to_ids": true, "type": "vhash", "uuid": "c0695cfc-10a6-4f95-ab8c-5ed542f19848", "value": "3376377b875daa241ae606b6b20d656f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756678", "to_ids": true, "type": "filename", "uuid": "e1bf63fd-32a7-4bc8-8685-f0476050f1db", "value": "191.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 19/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756678", "to_ids": false, "type": "text", "uuid": "704048f3-723a-42d0-bf2c-0819b6a9fd6e", "value": "LEA campaign\r\nType Description: Android\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:23/62\nFirst Submission:2021-12-30T16:30:40.000000+00:00\nLast Submission:2021-12-31T17:20:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005816", "uuid": "d849e37f-2fec-4f59-b774-3f418947452c", "Attribute": [ { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005816", "to_ids": true, "type": "md5", "uuid": "6bfcc2af-dfa0-4c01-8edf-9873949c8a2d", "value": "de5b6c66efd0b520845d4a7e926e85aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756699", "to_ids": true, "type": "sha1", "uuid": "5ea45b76-3f40-4161-90c6-c9e4654fc3ec", "value": "7c6fc65eca49220f1a2d8abc0373e3a2d5a19601", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756700", "to_ids": true, "type": "sha256", "uuid": "de2eb196-ffc4-4916-9947-09ead80b515f", "value": "c527f89bbbea34cce21a558dbc4ddcf88570b54dc887c8f8b44f5647ef061acc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756699", "to_ids": true, "type": "ssdeep", "uuid": "8b4ad064-b805-4058-bc71-d57b1ea1f891", "value": "49152:VAXT8oj8iG2zVZ7PklOcMozmevHpFVRzdQYly9T5pC29:ViFQiF/WZvVnQYIl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756699", "to_ids": false, "type": "size-in-bytes", "uuid": "c3efba28-515e-4701-85ea-ab73988a8c6b", "value": "2017510" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756699", "to_ids": true, "type": "vhash", "uuid": "ee996225-635a-4e7d-aba5-20402a60d0fd", "value": "3376377b875daa241ae606b6b20d656f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756699", "to_ids": true, "type": "filename", "uuid": "df328b42-bf2e-4442-baa6-5e969448b180", "value": "base.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/12/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756699", "to_ids": false, "type": "text", "uuid": "88e12744-87be-4257-b1ab-8d14403f4273", "value": "LEA campaign\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:11/61\nFirst Submission:2021-12-02T10:00:33.000000+00:00\nLast Submission:2021-12-02T10:00:33.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005837", "uuid": "9a66477b-3847-4d8b-b694-4443ec068e48", "Attribute": [ { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005837", "to_ids": true, "type": "md5", "uuid": "38262f54-b1f6-4724-929d-a72ffedfa54f", "value": "59939ecc0db40e4db79dd0078a829f2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756721", "to_ids": true, "type": "sha1", "uuid": "f10563cd-c3e1-4161-8006-464fd0e4e82a", "value": "2bfab41484c90d7988609486a3bd2d2ecaff9d0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756721", "to_ids": true, "type": "sha256", "uuid": "4373143f-71a4-4f79-b0c7-402b7a8665ec", "value": "c6cc383f1f6aa8b70e39ee60d95344b2f28ada02f5a47fb3d30912538738bb19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756720", "to_ids": true, "type": "ssdeep", "uuid": "f7472ba2-12eb-4316-98c2-04388deaefdc", "value": "49152:VAXT8oj8iG2zVZ7PklOcMozm//opFVey4Yn5pC2gbR:ViFQiF/WG/SYYk1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756720", "to_ids": false, "type": "size-in-bytes", "uuid": "ffc0c754-dbb2-4d15-b5d0-998042178e04", "value": "1923883" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756720", "to_ids": true, "type": "vhash", "uuid": "db7ca8ab-999a-433e-b7b4-df2d7afe1182", "value": "3376377b875daa241ae606b6b20d656f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756720", "to_ids": true, "type": "filename", "uuid": "64695e37-79d8-47b2-bce5-03e93291adfc", "value": "base.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756720", "to_ids": false, "type": "text", "uuid": "f846ba5f-6642-4327-9fbf-31d36659b208", "value": "LEA campaign\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:11/63\nFirst Submission:2021-10-18T10:17:26.000000+00:00\nLast Submission:2021-10-18T10:17:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005858", "uuid": "0edc6f35-3797-409c-b445-a3d818814c94", "Attribute": [ { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005858", "to_ids": true, "type": "md5", "uuid": "b43b72e6-b676-4e8d-9ffe-5cd9e7402c2a", "value": "78c73757f0f4d53b5f010d12daa606ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756744", "to_ids": true, "type": "sha1", "uuid": "522b868f-85fd-4858-9349-28191fa070a3", "value": "51528207babf803e743917884536cfcf187a4b99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756744", "to_ids": true, "type": "sha256", "uuid": "ea1341e6-8654-4152-84ea-7ad672a39d8d", "value": "c6e6066b7da082d6a8e8171e1901eea9cd18c9aaff2d1fb4062adef8ce0551c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756743", "to_ids": true, "type": "ssdeep", "uuid": "ca3192d8-00d6-40f0-b49f-352c011c96da", "value": "49152:eD/214v8Uz3Uuu82yVG9q0vipFVRzdQYly9T5pC2d:eD/FEUz3BNLVGPv8nQYIl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756743", "to_ids": false, "type": "size-in-bytes", "uuid": "ca869df6-19f7-4d96-8c68-54d0d2832267", "value": "2017506" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756743", "to_ids": true, "type": "vhash", "uuid": "24e1dbfd-1156-4b10-97c9-7decc38f7d33", "value": "3376377b875daa241ae606b6b20d656f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756743", "to_ids": true, "type": "filename", "uuid": "eec61a3e-3a57-4588-8cad-46c080e4cabe", "value": "base.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 13/02/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756743", "to_ids": false, "type": "text", "uuid": "b77999bc-c3e5-440d-a519-46c2d98570b2", "value": "LEA campaign\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:12/63\nFirst Submission:2022-02-13T09:25:37.000000+00:00\nLast Submission:2022-02-13T09:25:37.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005879", "uuid": "4c32728b-a218-411e-8992-76b65aefba92", "Attribute": [ { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005879", "to_ids": true, "type": "md5", "uuid": "c0bf7335-1788-49b1-b43b-e1c62f746515", "value": "d87997a8bb6215d96f5d0e87fb487747", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756765", "to_ids": true, "type": "sha1", "uuid": "e1b731e0-f455-45e3-b5c2-11b52973e750", "value": "7a346e8e0417b6ea46b5aa3f7da6d4cfb4272489", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LEA campaign", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756765", "to_ids": true, "type": "sha256", "uuid": "2811fc5c-2a66-4794-9de2-23aa1213b65c", "value": "fc9d34436b4711d6f586903d07a99b089ca5aa61f931febd57abba9a7135d98d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756764", "to_ids": true, "type": "ssdeep", "uuid": "a1493499-e43e-4b39-ab30-20676468926a", "value": "49152:B2Q+MkWVbWdsSdyVa1/BpFVzDNCpjB5pC2y:IMxbSwVa1/vzF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756764", "to_ids": false, "type": "size-in-bytes", "uuid": "8645cdc7-5a92-401a-ad0d-1b05028decdc", "value": "1958908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756764", "to_ids": true, "type": "vhash", "uuid": "33135f2f-e720-4bf2-ba97-900a3f6cbac5", "value": "3376377b875daa241ae606b6b20d656f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756764", "to_ids": true, "type": "filename", "uuid": "d1f0773f-97cf-4652-b2a1-1d8689797796", "value": "110.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756764", "to_ids": false, "type": "text", "uuid": "c6e10384-a63d-4661-8a0c-891e5da60a3b", "value": "LEA campaign\r\nType Description: Android\nMicrosoft: TrojanSpy:AndroidOS/SAgnt.S!MTB\nVT Total Detection:28/64\nFirst Submission:2022-02-23T10:11:43.000000+00:00\nLast Submission:2023-07-29T12:57:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005900", "uuid": "27de90a0-c846-4a69-ac27-7024652d8fe8", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005900", "to_ids": true, "type": "md5", "uuid": "6ed0c30b-114c-4fbc-85f3-3904154688c8", "value": "cb66d916831de128ccb2fcd458067a7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756786", "to_ids": true, "type": "sha1", "uuid": "9c6e3774-fbe2-4cc0-a4da-ac28c19a2b9f", "value": "abc7f3031bec7cadd4384d49750665a1899fa3d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Grabmaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756786", "to_ids": true, "type": "sha256", "uuid": "21d563f5-841f-428d-a03b-381903a06a83", "value": "9b4a0019e7743a46b49a4d8704ffd6e064db2e5d8db6da4056f7eae5369e16f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756786", "to_ids": true, "type": "ssdeep", "uuid": "16b85820-cfbe-405c-8576-bfc1df05517b", "value": "98304:BLZP3IE1zfrThqoYG10JPoM4a80tlIAyf2yQd/kxLKW7e:BLR4PgWVenyl7cpiSnC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756786", "to_ids": false, "type": "size-in-bytes", "uuid": "b5623bc1-b84f-438e-82e3-3729ad0cffa5", "value": "3992079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756786", "to_ids": true, "type": "vhash", "uuid": "e2b067ed-9eef-4ac5-8caf-8650347c32a4", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756786", "to_ids": true, "type": "filename", "uuid": "09b423f0-c21a-46ba-972c-6130be249631", "value": "grabmaid.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756786", "to_ids": false, "type": "text", "uuid": "eae34a32-549f-4141-b6c9-5614b373daaa", "value": "Malicious app impersonating Grabmaid service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:29/66\nFirst Submission:2022-01-02T02:32:16.000000+00:00\nLast Submission:2022-01-15T02:45:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005921", "uuid": "f9be029c-a91b-45b1-9d73-ece9b3416214", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005921", "to_ids": true, "type": "md5", "uuid": "32f6279d-ea5f-433d-88c5-6eda342f38c9", "value": "8183862465529f6a46aed60e1b2eae52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756808", "to_ids": true, "type": "sha1", "uuid": "661ce219-9229-4e48-b106-4d2ded65a50e", "value": "beddfe5a26811dccca7938d00686f8f745424f57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonated Maria\u2019s Cleaning service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756808", "to_ids": true, "type": "sha256", "uuid": "639b6d93-cf22-4a02-b01e-bcf21527b741", "value": "e949bac52d39b6e207a7943ec778d96d8811fb63d4a037f70e5b6e6706a12986", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756807", "to_ids": true, "type": "ssdeep", "uuid": "ca681498-365e-4380-b75d-08da047b3f91", "value": "98304:ELjoqoYG10JPoM4a80tlIAyf2yQd/kxLKW7x51zfrTR:ELjngWVenyl7cpiSnH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756807", "to_ids": false, "type": "size-in-bytes", "uuid": "e6b4a3db-cda6-4de4-bb10-cb7c7f9972b4", "value": "4549135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756807", "to_ids": true, "type": "vhash", "uuid": "a2149b56-a2ff-4a6b-8b9f-d426174af3ce", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756807", "to_ids": true, "type": "filename", "uuid": "78aa97d4-8b94-46b0-b7f7-1f505f8233a9", "value": "mycleaningservice.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756807", "to_ids": false, "type": "text", "uuid": "05ea73a8-e5a7-4b7a-9067-9e2b930933bd", "value": "Malicious app impersonated Maria\u2019s Cleaning service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:30/67\nFirst Submission:2022-02-23T02:26:25.000000+00:00\nLast Submission:2022-02-23T02:26:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005942", "uuid": "b875c86d-0a71-418c-8e77-29a49ab30242", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005942", "to_ids": true, "type": "md5", "uuid": "b8ef4907-1019-4ea4-9f18-d73227298063", "value": "b6845141ec0f4665a90fb16598f56fac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756829", "to_ids": true, "type": "sha1", "uuid": "6d315cde-a90f-446f-80e9-6b2121d71947", "value": "1c984fb282253a64f11ee4576355c1d5efbee772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756829", "to_ids": true, "type": "sha256", "uuid": "4a16d052-73b4-4ed3-b92b-fbcfb4c2fa8f", "value": "d1017952d1ef0ceec6c2c766d2c794e8cc4fb61b2ffa10ed6b6228e8cadf0b39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756829", "to_ids": true, "type": "ssdeep", "uuid": "d94883d0-0ac1-45bd-bc08-30774a06c377", "value": "98304:xIZl1zfrT3qoYG10JPoM4a80tlIAyf2yQd/kxLKW7U:xIkgWVenyl7cpiSnI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756829", "to_ids": false, "type": "size-in-bytes", "uuid": "63c3ef7c-1175-4cc8-bdd4-bbba11efd898", "value": "3877391" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756829", "to_ids": true, "type": "vhash", "uuid": "1e27cff5-4b5d-4e40-a8e0-1e7cf3eb97a7", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756829", "to_ids": true, "type": "filename", "uuid": "73a7dac1-e745-4b79-af2f-a40cf45f8b5b", "value": "maids4u.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756829", "to_ids": false, "type": "text", "uuid": "9ff96b46-a845-467b-ae46-6635e56879a1", "value": "Malicious app impersonating Maid4u service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:30/67\nFirst Submission:2022-02-08T21:01:44.000000+00:00\nLast Submission:2022-02-08T21:01:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005963", "uuid": "fd6f9f3b-87bb-4480-953e-7ed0b847109e", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005963", "to_ids": true, "type": "md5", "uuid": "5fcab7f1-9c1f-4030-a702-803587b4a8a9", "value": "43727320e8bf756fe18db37483dad0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756850", "to_ids": true, "type": "sha1", "uuid": "9535a2c6-e614-4d5c-8aad-d25cad0691b9", "value": "e39c485f24d239867287dcd468fc813fdb5b7db6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756850", "to_ids": true, "type": "sha256", "uuid": "a27d3983-f4c3-42b5-9632-6e932f5ab64f", "value": "5f8a54d54e25400f52ce317bfdbbc866e11ea784ab2d5e3bd0a082a53c6b2d7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756850", "to_ids": true, "type": "ssdeep", "uuid": "293729dc-5c09-42dc-a4d9-ce3c99e435fe", "value": "98304:YwKoGCBUBIyTyuqQ+ZVa89g4iAlcRNQiHfrmYt:YwKwBUBTTaHa4g4iAlcRa8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756850", "to_ids": false, "type": "size-in-bytes", "uuid": "612e5047-f860-4aba-94ed-59551992fdb5", "value": "4186776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756850", "to_ids": true, "type": "vhash", "uuid": "93765f73-50d8-4f09-b302-4fd4a8a5508b", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756850", "to_ids": true, "type": "filename", "uuid": "6c6e2182-99dc-452c-9b0a-b1aabeae5e3a", "value": "maidacall.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 06/04/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756850", "to_ids": false, "type": "text", "uuid": "8ddad00f-956a-453e-b765-9091c515eb60", "value": "Malicious app impersonating MaidACall service.\r\nType Description: Android\nMicrosoft: TrojanSpy:AndroidOS/SMSSpy.F!MTB\nVT Total Detection:27/63\nFirst Submission:2022-01-02T20:49:58.000000+00:00\nLast Submission:2022-01-05T14:37:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747005984", "uuid": "21e90a08-cdf6-40b0-9a64-a28b99a71f45", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747005984", "to_ids": true, "type": "md5", "uuid": "75538e01-1d37-4910-a725-358303060ee6", "value": "c51bc547a40034f4828c72f37f2f1f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756872", "to_ids": true, "type": "sha1", "uuid": "8cfa567f-5c29-4a09-9485-3e61f38b043b", "value": "1d33f53e2e9268874944c2f52e31ccaf2bf46a93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MaidACall service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756872", "to_ids": true, "type": "sha256", "uuid": "d361ae5b-ead9-4cfb-bb04-e1081c7b96c6", "value": "d8be8f7b8b224fca2bb3e7632f6b97b67a74202dc4456f8a79a8856b478c0c6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756871", "to_ids": true, "type": "ssdeep", "uuid": "4b0d17ea-098b-40da-8df8-3faf1168ff1c", "value": "98304:dR/1zfrT9qoYG10JPoM4a80tlIAyf2yQd/kxLKW7o:dRegWVenyl7cpiSnc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756871", "to_ids": false, "type": "size-in-bytes", "uuid": "069bcd2f-853f-4b9d-b9af-808ccf3bba24", "value": "3742223" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756871", "to_ids": true, "type": "vhash", "uuid": "1471bc58-86d0-4c8f-a460-2ce385158bcb", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756871", "to_ids": true, "type": "filename", "uuid": "d6f90a5e-301d-48cb-b92a-8ba40b79f00a", "value": "tmphzC3yc.tmp" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756871", "to_ids": false, "type": "text", "uuid": "8e13e339-08f4-4027-bbb6-00ab9ce96834", "value": "Malicious app impersonating MaidACall service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:33/67\nFirst Submission:2022-02-09T14:48:11.000000+00:00\nLast Submission:2022-02-13T02:48:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006006", "uuid": "2d7efe43-b784-4f63-b7f2-51debb2bff22", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006006", "to_ids": true, "type": "md5", "uuid": "00dc5650-135d-4b3e-8d68-da9c300f1d60", "value": "4bec6a07e881db1a950367beb1702ada", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756893", "to_ids": true, "type": "sha1", "uuid": "055e4446-f14b-43e7-8f98-420037026b3f", "value": "9a5a57bf49dbbef2e66fee98e5c97b0276d03d28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756893", "to_ids": true, "type": "sha256", "uuid": "68ec0ac8-6685-4c35-bc6d-c4347d82bbb3", "value": "a5c7373be95571418c41af0de6a03ce78e82bc1f432e662c0dc42b988640e678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756893", "to_ids": true, "type": "ssdeep", "uuid": "fd678711-725a-4315-82b7-a3feee605a14", "value": "98304:B4ISKjzfrTqqoYG10JPoM4a80tlIAyf2yQd/kxLKW7B:yISqgWVenyl7cpiSnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756893", "to_ids": false, "type": "size-in-bytes", "uuid": "7d750cae-dce8-4141-9c08-49aea6086f8c", "value": "3758607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756893", "to_ids": true, "type": "vhash", "uuid": "6d8e4a22-e1f6-4350-8f2c-772dc5d04f4a", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756893", "to_ids": true, "type": "filename", "uuid": "a65f7873-2b05-4a98-831c-ece1472c9eec", "value": "tmpljxilP.tmp" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756893", "to_ids": false, "type": "text", "uuid": "99c41957-811a-46fe-80a3-e4646dba9d58", "value": "Malicious app impersonating PetsMore service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:27/66\nFirst Submission:2022-01-04T04:29:31.000000+00:00\nLast Submission:2022-01-04T04:29:31.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006027", "uuid": "ad507199-00a7-4b9a-b8e7-195819bc4d31", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006027", "to_ids": true, "type": "md5", "uuid": "1ab916cb-d8b3-45ac-84cc-958ee9007ec6", "value": "4fd6255562b2a29c974235fd21b8d110", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756914", "to_ids": true, "type": "sha1", "uuid": "71445e46-3574-4ab3-a0cb-2325cbd32a8a", "value": "ba78b1177c3e2a569a665611e7684bceeaf2168f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating PetsMore service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756914", "to_ids": true, "type": "sha256", "uuid": "3a6a6866-7131-454c-b7af-23919652a4e7", "value": "dff93fd8f3bc26944962a56cb6b31246d2121ae703298a86f20ea9e8967f6510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756914", "to_ids": true, "type": "ssdeep", "uuid": "37029328-d39f-4765-8d66-899bb7e920eb", "value": "98304:qRSE1zfrT3qoYG10JPoM4a80tlIAyf2yQd/kxLKW7+fY:qRSVgWVenyl7cpiSnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756914", "to_ids": false, "type": "size-in-bytes", "uuid": "4987662d-532b-4a3d-afce-a0a347bd1285", "value": "3762605" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756914", "to_ids": true, "type": "vhash", "uuid": "37e53eba-2310-4251-a4ba-20e520132027", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756914", "to_ids": true, "type": "filename", "uuid": "495f13b6-723d-472e-b14c-fdf5d408d7b7", "value": "4fd6255562b2a29c974235fd21b8d110.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 11/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756914", "to_ids": false, "type": "text", "uuid": "1f2728b0-b06a-4e5c-b388-fe21a6cbbc79", "value": "Malicious app impersonating PetsMore service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:30/67\nFirst Submission:2022-01-21T00:02:25.000000+00:00\nLast Submission:2022-01-21T00:02:25.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006048", "uuid": "fd34c95e-3f58-4acc-89af-e8352cd1187e", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006048", "to_ids": true, "type": "md5", "uuid": "af59f5be-1667-4903-ab9a-dc307791f2a5", "value": "c7dcbd2b7f147a6450c62a8d67207465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756936", "to_ids": true, "type": "sha1", "uuid": "ae2e8d1e-0541-4761-8e9c-c675f3ea621e", "value": "0e910ad1c33bef86c9fdbbe4654421398e694329", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating YourMaid service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756936", "to_ids": true, "type": "sha256", "uuid": "92ab7fbc-a5fc-402a-965d-bc43f748e795", "value": "a091b15f008b117167a17a8db4c19e60bd9c99f1047bc82d60e3fd42157333ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756935", "to_ids": true, "type": "ssdeep", "uuid": "c80cd53e-6b4d-4b8a-b0ab-8ebd20ad53d4", "value": "98304:GRam1zfrTPqoYG10JPoM4a80tlIAyf2yQd/kxLKW7Fki:GRavgWVenyl7cpiSnai" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756935", "to_ids": false, "type": "size-in-bytes", "uuid": "f414d5a3-8a06-4afb-a010-680ecec64ebd", "value": "3824143" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756935", "to_ids": true, "type": "vhash", "uuid": "6ac4e227-5b14-44d2-8369-2b76c82e44fd", "value": "a55972342a7f4cf7cd656a30fcc2b613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756935", "to_ids": true, "type": "filename", "uuid": "c972da3a-e4b2-46d7-9926-8aa396ea2620", "value": "yourmaid.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 03/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756935", "to_ids": false, "type": "text", "uuid": "a3a97ba0-ecab-4d05-94ca-b27cceb6ac4e", "value": "Malicious app impersonating YourMaid service.\r\nType Description: Android\nMicrosoft: None\nVT Total Detection:30/67\nFirst Submission:2022-01-26T17:32:42.000000+00:00\nLast Submission:2022-01-27T18:17:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006069", "uuid": "33dce4af-8373-4fb5-a23d-bb5155266680", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006069", "to_ids": true, "type": "md5", "uuid": "bd0aa110-256b-454e-b2c8-2302e2562788", "value": "71341fc2958e65d208f2770185c61d7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756957", "to_ids": true, "type": "sha1", "uuid": "7cf55f3c-67b1-413b-a72d-5c561347bed3", "value": "5237d3fae84bb5d611c80338cf02eb3793c30f02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maid4u service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756957", "to_ids": true, "type": "sha256", "uuid": "5b470158-44e9-4a09-b52c-54c7fd16c8f2", "value": "4904c26e90dc4d18ad6a2d291af2cd61390661b628f202abfeddf8056502f64a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756956", "to_ids": true, "type": "ssdeep", "uuid": "8e45ccd8-4138-4169-99de-1b87175a3b2e", "value": "196608:zRQywmVcRaOnRL60KsNfHSseXZ+l+FE2klYKRDER:zPwmgRLNKkSp+llYKRDER" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756956", "to_ids": false, "type": "size-in-bytes", "uuid": "25735eb9-23c9-4fab-8c4d-db0ee3578a0b", "value": "6807974" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756956", "to_ids": true, "type": "vhash", "uuid": "9dd454c8-c77c-477f-a760-ee2d32b47548", "value": "65999a4be68dd0420f46076ea3c92b89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756956", "to_ids": true, "type": "filename", "uuid": "4a120204-1321-4a2f-b1f9-beeb59bcd398", "value": "71341fc2958e65d208f2770185c61d7a.virus" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 12/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756956", "to_ids": false, "type": "text", "uuid": "50f727eb-b2e4-4457-93c6-c04eb595e401", "value": "Malicious app impersonating Maid4u service.\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:26/64\nFirst Submission:2021-10-08T02:09:58.000000+00:00\nLast Submission:2022-05-04T20:30:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006090", "uuid": "32a371cc-d9b5-4719-b97e-2870cb4ec14a", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006090", "to_ids": true, "type": "md5", "uuid": "dff61b27-f7ff-4d80-996f-1e9430febce2", "value": "cf3b20173330fea53e911a229a38a4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756978", "to_ids": true, "type": "sha1", "uuid": "db1340ea-6e8c-46d3-a040-f5e3281eb2fb", "value": "b42cd5ec736fcc0d51a1d05652631be50c9456a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating Maideasy service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756978", "to_ids": true, "type": "sha256", "uuid": "cc2d8833-f46f-4672-8e9e-cc45d71e3ffd", "value": "6db2d526c3310fad6c857aa1310f74dc0a5fe21402e408937330827aca2879b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756978", "to_ids": true, "type": "ssdeep", "uuid": "c2d9c8e0-6081-478d-a009-b744dfbc63d4", "value": "98304:pAVi8Szfr/TGR6mnMy3Sz+uQvzBXzBQDyj0:yV5RVvo1uzJzBWyA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756978", "to_ids": false, "type": "size-in-bytes", "uuid": "924c489f-285d-45a2-8f71-719b360744f6", "value": "3770905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756978", "to_ids": true, "type": "vhash", "uuid": "49e99b17-dcca-44b7-9d1f-0b5a722b9ce2", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756978", "to_ids": true, "type": "filename", "uuid": "4e40d885-b102-400e-b656-e0b245e19013", "value": "tmpAaOnLb.tmp" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 12/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756978", "to_ids": false, "type": "text", "uuid": "64beca5f-0255-444c-9ef2-70ce03d40488", "value": "Malicious app impersonating Maideasy service.\r\nType Description: Android\nMicrosoft: Trojan:AndroidOS/Piom.K\nVT Total Detection:25/64\nFirst Submission:2021-12-13T07:37:18.000000+00:00\nLast Submission:2021-12-14T02:56:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747006111", "uuid": "37acee84-612d-47d0-bd5a-e764ac827afa", "Attribute": [ { "category": "Payload delivery", "comment": "Malicious app impersonating MyMaidKL service.", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747006111", "to_ids": true, "type": "md5", "uuid": "eaa10aec-0000-48c2-bd93-052567836eb0", "value": "e58ffc4e23292d80916b0e19c184cdef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MyMaidKL service.", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746756999", "to_ids": true, "type": "sha1", "uuid": "9bfe5728-9df9-4736-a41f-7aad53719438", "value": "d5d37be2ff3338c89e77c77e025de58464ef19e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Malicious app impersonating MyMaidKL service.", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746756999", "to_ids": true, "type": "sha256", "uuid": "3907fd98-4b16-4c62-9513-819aea159fde", "value": "8bc920af87fa19c3bfe76b40f85390d983b81340af690a49113f247cca957456", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746756999", "to_ids": true, "type": "ssdeep", "uuid": "ffb8f834-9f2a-4c3a-bf87-cde7aaadfbe3", "value": "98304:86omzfr/Pjpaxjd2tPEpWvm9IaiLwQ2Vjy:86oNdyPvm9ViLSu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746756999", "to_ids": false, "type": "size-in-bytes", "uuid": "aab6c326-07dc-4579-9577-1e4ae6047b77", "value": "3600970" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746756999", "to_ids": true, "type": "vhash", "uuid": "a36833c4-0123-44d7-bc46-17afd4c33348", "value": "cb1ce0cec73f026f3444dfde160eccab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746756999", "to_ids": true, "type": "filename", "uuid": "e29dd398-04b5-450b-82e4-c633b64702e7", "value": "mymaid_beta_v7.0.5.2.apk" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 15/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746756999", "to_ids": false, "type": "text", "uuid": "3bffef08-a52d-42b7-8418-1c53dbd88886", "value": "Malicious app impersonating MyMaidKL service.\r\nType Description: Android\nMicrosoft: TrojanSpy:AndroidOS/SmsSpy.J!MTB\nVT Total Detection:26/63\nFirst Submission:2022-04-22T14:26:09.000000+00:00\nLast Submission:2022-04-24T09:20:40.000000+00:00" } ] } ] } }