{ "Event": { "analysis": "1", "date": "2025-10-17", "extends_uuid": "", "info": "[Threat Intel] Tracking Malware and Attack Expansion: A Hacker Group's Journey across Asia", "protected": false, "publish_timestamp": "1780041265", "published": true, "threat_level_id": "3", "timestamp": "1780041265", "uuid": "23d3c0be-cc64-4844-b0d2-d157f0f5da5e", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Fortinet\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#1cbe6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtualization/Sandbox Evasion - T1497\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#62f4c1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#fdd85e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#2613b0", "local": false, "name": "misp-galaxy:target-information=\"Taiwan\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1760960421", "to_ids": false, "type": "link", "uuid": "7de68024-c1b4-4afb-8bb5-c14f42d34a47", "value": "https://www.fortinet.com/blog/threat-research/tracking-malware-and-attack-expansion-a-hacker-groups-journey-across-asia" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1760960421", "to_ids": false, "type": "text", "uuid": "4e1511c2-47b7-4b5e-af78-98e7d167b662", "value": "FortiGuard Labs has traced a hacker group's evolving campaigns across Asia, starting with Winos 4.0 attacks in Taiwan and expanding to Japan and Malaysia. The group employs phishing emails with malicious PDFs and evolving malware delivery tactics. They've shifted from using cloud storage links to custom domains for malware distribution. The latest campaign in Malaysia uses a multi-stage attack flow, leveraging the Windows Task Scheduler for stealth. The malware, identified as HoldingHands, has been updated with new features, including the ability to update C2 IP addresses via registry entries. The attackers have demonstrated adaptability in their techniques while maintaining some consistent patterns, allowing researchers to link seemingly unrelated attacks." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1760960421", "to_ids": false, "type": "text", "uuid": "538e9188-3c33-4b73-9014-8c1f2a0273ce", "value": "Name: Tracking Malware and Attack Expansion: A Hacker Group's Journey across Asia\nAuthor: AlienVault\nAdversary: \nTags: [\"winos\", \"phishing\", \"task scheduler\", \"multi-stage attack\", \"holdinghands\"]\nTgtd countries: [\"China\", \"Japan\", \"Malaysia\", \"Taiwan\"]\nMlwr families: [\"Winos 4.0\", \"HoldingHands\"]\nAttack_ids: [\"T1082\", \"T1071\", \"T1053\", \"T1140\", \"T1036\", \"T1055\", \"T1112\", \"T1016\", \"T1059\", \"T1083\", \"T1497\", \"T1204\", \"T1057\", \"T1566\", \"T1574\", \"T1027\", \"T1012\", \"T1134\", \"T1105\"]\nIndustries: [\"Government\", \"Finance\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041255", "to_ids": true, "type": "ip-dst", "uuid": "1e1fbe13-cde2-481a-8f9a-a7f59496bb46", "value": "154.91.64.45", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041256", "to_ids": true, "type": "ip-dst", "uuid": "d935c591-39a4-4c13-8dc2-3a77ba96a1c8", "value": "206.238.199.22", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041258", "to_ids": true, "type": "ip-dst", "uuid": "0154c2ab-2faa-4df5-a1d9-71f4e3cb5b93", "value": "206.238.221.244", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/10/2025", "deleted": false, "disable_correlation": false, "timestamp": "1760975535", "to_ids": true, "type": "sha256", "uuid": "a312ec7a-3ff2-4565-913f-15376618b85e", "value": "031c916b599e17d8cfa13089bddafc2436be8522f0c9e479c7d76ba3010bbd18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/10/2025", "deleted": false, "disable_correlation": false, "timestamp": "1760975536", "to_ids": true, "type": "sha256", "uuid": "257bdbbc-d7b8-4d84-a0e5-0a1d1830e2a8", "value": "0db506d018413268e441a34e6e134c9f5a33ceea338fc323d231de966401bb2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/10/2025", "deleted": false, "disable_correlation": false, "timestamp": "1760975537", "to_ids": true, "type": "sha256", "uuid": "253e227a-dc0f-455f-b86a-cc48de6e8a1b", "value": "c6095912671a201dad86d101e4fe619319cc22b10b4e8d74c3cd655b2175364c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:20/10/2025", "deleted": false, "disable_correlation": false, "timestamp": "1760975537", "to_ids": true, "type": "sha256", "uuid": "03166827-f156-4633-a92a-a924c6102b57", "value": "fb9c9ed91fc70f862876bd77314d3b2275069ca7c4db045e5972e726a3e8e04c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041260", "to_ids": true, "type": "ip-dst", "uuid": "a3416c02-e327-4024-8b10-93be4f5ac299", "value": "156.251.17.12", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041261", "to_ids": true, "type": "ip-dst", "uuid": "b6398bb6-cbc3-4b88-8259-ed9cf34d1f99", "value": "156.251.17.9", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041263", "to_ids": true, "type": "ip-dst", "uuid": "62b9f172-ee4b-406a-abf9-95350a28f112", "value": "206.238.221.182", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a4fdc7", "local": false, "name": "asn:asn=\"399077\"", "relationship_type": "" }, { "colour": "#d5daf8", "local": false, "name": "asn:as-owner=\"TERAEXCH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041265", "to_ids": true, "type": "ip-dst", "uuid": "99fed616-af91-410d-82e2-5b0845a6b5f1", "value": "38.60.203.110", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008609", "to_ids": true, "type": "url", "uuid": "cc5aacc0-7244-4960-87a5-80e9698a3edc", "value": "http://twsww.xin/download.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008630", "to_ids": true, "type": "url", "uuid": "1fd62d83-ab6c-408e-aec9-89849bb847f7", "value": "http://twswzz.xin/index.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008651", "to_ids": true, "type": "domain", "uuid": "15a52734-e623-4202-b55b-ab160a1557b7", "value": "gjqygs.cn", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008672", "to_ids": true, "type": "domain", "uuid": "03ab0597-dca6-45fa-8205-9b11564e71c6", "value": "jpjpz1.cc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008693", "to_ids": true, "type": "domain", "uuid": "a34104b8-ca59-4c00-85d1-53ba0af5d3fd", "value": "jpjpz1.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008714", "to_ids": true, "type": "domain", "uuid": "378a8c37-e560-4273-b79b-8ca4035787cc", "value": "jppjp.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008736", "to_ids": true, "type": "domain", "uuid": "6216446e-509f-4296-ada4-1bca595e1c6a", "value": "twczb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008757", "to_ids": true, "type": "domain", "uuid": "22f9ba6d-b1b5-4d9d-9471-fa490f2a3818", "value": "twsww.xin", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008778", "to_ids": true, "type": "domain", "uuid": "a616408f-43b7-4ce6-8504-0fd31e457b13", "value": "twswzz.xin", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008799", "to_ids": true, "type": "domain", "uuid": "d20ac07c-a2e9-47d3-ad27-3580ec9e9612", "value": "zcqiyess.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1761008820", "to_ids": true, "type": "domain", "uuid": "dcd67f03-dc6e-4522-bd87-e9573974801e", "value": "zxp0010w.vip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008842", "uuid": "5ac5c5cf-ea04-443d-8a3a-d0e041f30f39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008842", "to_ids": true, "type": "md5", "uuid": "6590fd4f-ff1e-4e3c-ba81-718adce72b1e", "value": "464f61eb09efcb46807cbabf92a9cdbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975525", "to_ids": true, "type": "sha1", "uuid": "a63597ce-aa64-4059-8430-0d54d97a7fbb", "value": "01ae15079d35a2465cdc6bcd993e205db5c87e64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975526", "to_ids": true, "type": "sha256", "uuid": "5223636d-08e0-4337-ba7e-8e67e1734bf4", "value": "8d25da6459c427ad658ff400e1184084db1789a7abff9b70ca85cf57f4320283", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975046", "to_ids": true, "type": "ssdeep", "uuid": "fc748fd6-6c2f-438c-8106-bdc1151cc364", "value": "12288:iO3FD8Obxw3jyhT2D3RG88jnFo51HZPvtNouUOSwQF:iO358Obxw3jygDBG8snF4rXt6OSwQF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975046", "to_ids": false, "type": "size-in-bytes", "uuid": "55980b90-8428-451d-a87c-bd740063c3be", "value": "712080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1760975046", "to_ids": true, "type": "vhash", "uuid": "17dda541-2601-4b20-988e-75707da117b7", "value": "075086655d75555515755az55hz1lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975046", "to_ids": true, "type": "filename", "uuid": "c1597e52-03e8-4993-86d2-a607b9d1d967", "value": "Tax Filing Documents.exe" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975046", "to_ids": false, "type": "text", "uuid": "76081c6a-9bb9-4129-b3fa-a465346b697f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Egairtigado!rfn\nVT Total Detection:45/72\nFirst Submission:2025-06-23T05:39:41.000000+00:00\nLast Submission:2025-06-23T20:28:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008863", "uuid": "b50ec8d1-8abd-4ab6-bf29-56001053d6da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008863", "to_ids": true, "type": "md5", "uuid": "8bb3633c-d0c9-4766-8fbd-fac7aa27d726", "value": "147258c543d14949bce0253784f52342", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975527", "to_ids": true, "type": "sha1", "uuid": "c601716d-2ce9-40c9-a2bc-265b0182d9e2", "value": "f7acae9d57267e1b19b63114d9b8e5dcdf5597e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975527", "to_ids": true, "type": "sha256", "uuid": "7d1a2223-3bc4-4839-b76d-e65e03f440cc", "value": "03e1cdca2a9e08efa8448e20b50dc63fdbea0e850de25c3a8e04b03e743b983d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975089", "to_ids": true, "type": "ssdeep", "uuid": "c5bfc70c-dc83-4ce2-9f94-fb72758a4fdc", "value": "98304:MPWTa3+o5KRITKVBZDUyXL9t93bvvNEHHeoBXl+K3am8fX:MuTE+SB+RrptNHcT9qx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975089", "to_ids": false, "type": "size-in-bytes", "uuid": "b880a1dc-133b-4907-876d-df530bf97039", "value": "3647259" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975089", "to_ids": true, "type": "filename", "uuid": "03fd875f-fad4-4603-bc71-0549864f4be6", "value": "Dokumen Audit.rar" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975089", "to_ids": false, "type": "text", "uuid": "fa434e14-7120-468c-a6cb-09b102e212e2", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:34/65\nFirst Submission:2025-08-26T06:44:59.000000+00:00\nLast Submission:2025-08-26T06:44:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008884", "uuid": "b5543191-45d2-4fcd-a5a9-0becace9c316", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008884", "to_ids": true, "type": "md5", "uuid": "11719924-42ab-43ac-be26-1db590e41c55", "value": "bbc693fda0f07bcda481ef328c98775b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975528", "to_ids": true, "type": "sha1", "uuid": "d75e323e-38e7-44c2-9b7c-c49d23cf15bb", "value": "fae677d48ab6d6bc455624b76d4d409adac37443", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975529", "to_ids": true, "type": "sha256", "uuid": "009ea94a-b517-4e0f-b2dc-9c68b3ba9dbd", "value": "1c4bc67ae4af505f58bd11399d45e196fc17cc5dd32ad1d8e6836832d59df6e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975132", "to_ids": true, "type": "ssdeep", "uuid": "128b9e14-d6c0-4aa1-8bc9-0d77ca0d9ad4", "value": "1536:AFg1LaeH8h3zAov1nLXVRlKYh38d8eVmQNkZYvjc2i3/uBya:AFg1LaeH8h1NVRlh38JnkZkoa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975132", "to_ids": false, "type": "size-in-bytes", "uuid": "9921ca89-0758-4114-8905-91da6b942299", "value": "76794" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975132", "to_ids": true, "type": "filename", "uuid": "f6cc4538-d07c-40c8-8847-4ca0060ef2b1", "value": "Tax return documents.rar" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975132", "to_ids": false, "type": "text", "uuid": "eceed5e6-7132-4df3-a92f-6ba462a2bbf5", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:28/65\nFirst Submission:2025-09-23T17:04:27.000000+00:00\nLast Submission:2025-09-23T17:04:27.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008905", "uuid": "095a5912-cee1-44ce-b6ee-d3f5982582c3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008905", "to_ids": true, "type": "md5", "uuid": "b018d382-e46d-4a72-b88f-7f361220b975", "value": "8cfea9a3be505ae38f8f521b523206c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975530", "to_ids": true, "type": "sha1", "uuid": "e949f04d-4552-47f5-8a65-d8a7b38d0618", "value": "4955301929a1a9e12432314d336bda09d59c5adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975530", "to_ids": true, "type": "sha256", "uuid": "7e95abed-71ad-4d9a-84f4-4366a779643c", "value": "2b1719108ec52e5dea20169a225b7d383ad450195a5e6274315c79874f448caa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975154", "to_ids": true, "type": "ssdeep", "uuid": "b998630f-9f7b-441a-8e5e-b0e2eaeecdb2", "value": "98304:+EWTa3Ho5KRITKVBZDUyXL9t93bvvNEHHeoBXl+K3am86epI:+rTEHSB+RrptNHcT9qW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975154", "to_ids": false, "type": "size-in-bytes", "uuid": "efe523bf-9017-4ca0-acd9-103ac0a363cd", "value": "3647261" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975154", "to_ids": true, "type": "filename", "uuid": "573d1fd6-bfa2-49a9-bf43-4c4abeca07e1", "value": "DokumenPematuhanCukaiKastam.zip" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975154", "to_ids": false, "type": "text", "uuid": "d02b6946-50d0-4618-b22d-b53e1916f67a", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:32/65\nFirst Submission:2025-08-14T18:40:32.000000+00:00\nLast Submission:2025-08-14T18:40:32.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008926", "uuid": "5f4870cb-be16-4849-9a0e-86aa05127562", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008926", "to_ids": true, "type": "md5", "uuid": "2c635160-7619-44da-85f4-85540025685e", "value": "b1a05e693deb9d5a695e672161ef2bed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975531", "to_ids": true, "type": "sha1", "uuid": "bbb0b67d-d08e-4199-8071-1c241243b167", "value": "daa37b0ed558dfa00f7ae260649cdd8e9dc23c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975532", "to_ids": true, "type": "sha256", "uuid": "3591bbd1-316f-4bbb-b59c-c758d7f622e6", "value": "804dc39c1f928964a5c02d129da72c836accf19b8f6d8dc69fc853ce5f65b4f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975176", "to_ids": true, "type": "ssdeep", "uuid": "5b2da019-bee2-496a-a096-02d1df80abd1", "value": "1536:kr2eGjSucU6o3S8mS94ehLDhArXkpRpxvAi47Bgu6BJBz15Z1pciPQj6TIS:U2eZZU93S8mSv3yXA/xvAi4f6Vvpcios" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975176", "to_ids": false, "type": "size-in-bytes", "uuid": "a18ce5f0-d21a-4e9a-9be0-89d4780718e6", "value": "86913" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1760975176", "to_ids": true, "type": "vhash", "uuid": "1eea658a-37d8-430c-9d6b-5031a4412f0b", "value": "65df5e475a48a5a9b92d98c0adc87e73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975176", "to_ids": true, "type": "filename", "uuid": "6c5ffcf3-7229-4f1f-b9ad-bc2bd0fa346c", "value": "Dokumen Audit.zip" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975176", "to_ids": false, "type": "text", "uuid": "e08d013e-1bec-477a-a393-19747dc6ee42", "value": "Type Description: ZIP\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/69\nFirst Submission:2025-09-23T06:47:27.000000+00:00\nLast Submission:2025-09-23T09:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008947", "uuid": "a3e02a64-5ed1-4a87-be21-2f58c0d2b91c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008947", "to_ids": true, "type": "md5", "uuid": "b81f5b95-9f23-4fa1-b38e-73d5884ea7a7", "value": "e85a752c7a1c7bba1cb457cce8048039", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975532", "to_ids": true, "type": "sha1", "uuid": "838ed5c9-5b8c-4f53-b68e-483b65349f31", "value": "14a399824eb73c4b97ac80e8c67406736219dc37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975533", "to_ids": true, "type": "sha256", "uuid": "02a5e090-4941-4e39-acee-d7b64fe47de7", "value": "c138ff7d0b46a657c3a327f4eb266866957b4117c0507507ba81aaeb42cdefa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975199", "to_ids": true, "type": "ssdeep", "uuid": "273d2f85-770b-483d-85db-5cf7894c624b", "value": "192:75JSldFsHjRVK2KiFJK64qyoP53ZGND17tCKlolD0EJrmsvAM3Gs:7GldCHjXK2KiXxgoBpGND1ZTNarmsI7s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975199", "to_ids": false, "type": "size-in-bytes", "uuid": "386ecec1-a8fe-41d4-ab19-0a2ad7e479c3", "value": "10877" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1760975199", "to_ids": true, "type": "vhash", "uuid": "87ed5efc-f56c-40b6-bea6-a3a8fd5be757", "value": "c14177fa4fdbec25559cd07e95090fa0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975199", "to_ids": true, "type": "filename", "uuid": "f28c0801-a209-48e2-81b1-7660cd510ef0", "value": "\u3010\u91cd\u8981\u3011\u7d66\u4e0e\u5236\u5ea6\u6539\u5b9a\u306e\u304a\u77e5\u3089\u305b.docx" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975199", "to_ids": false, "type": "text", "uuid": "821b1778-565f-49c0-b05d-7887f9ae2cf6", "value": "Type Description: Office Open XML Document\nMicrosoft: None\nVT Total Detection:14/67\nFirst Submission:2025-05-16T04:21:10.000000+00:00\nLast Submission:2025-05-20T06:06:22.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1761008968", "uuid": "3755b026-ed3a-4333-9cf6-6b4ff5ade743", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1761008968", "to_ids": true, "type": "md5", "uuid": "7d1ef39e-f266-484e-96d3-be960c13e3c9", "value": "ef5aab202239614b3f6fc6de458d6e85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1760975534", "to_ids": true, "type": "sha1", "uuid": "46a96d96-6ee7-4b86-90b1-59ff2b1ac186", "value": "c5e868457cef75607888c7936b387e883b867e80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1760975534", "to_ids": true, "type": "sha256", "uuid": "9e4eeee6-235e-471f-9809-ae239f3f4a47", "value": "dc45981ff705b641434ff959de5f8d4c12341eaeda42d278bd4e46628df94ac5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1760975244", "to_ids": true, "type": "ssdeep", "uuid": "4be9a7c7-c827-4664-9ccd-272e2be6af44", "value": "98304:wNWTa3Ho5KRITKVBZDUyXL9t93bvvNEHHeoBXl+K3am8ZL:wQTEHSB+RrptNHcT9qz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1760975244", "to_ids": false, "type": "size-in-bytes", "uuid": "933e15ed-fb3d-47c2-92b1-a1433fad9c6f", "value": "3661537" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1760975244", "to_ids": true, "type": "filename", "uuid": "24cfde30-41aa-45b3-ad76-162ed5704721", "value": "Dokumen Cukai JKDM_2025-008.zip" }, { "category": "Other", "comment": "Checked: 20/10/2025\nLast-scan\t: 20/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1760975244", "to_ids": false, "type": "text", "uuid": "e18aaadc-fc92-43b3-9d3c-a6610ecda20c", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:30/65\nFirst Submission:2025-08-12T22:54:06.000000+00:00\nLast Submission:2025-08-12T22:54:06.000000+00:00" } ] } ] } }