{ "Event": { "analysis": "1", "date": "2025-03-13", "extends_uuid": "", "info": "[Threat Intel] INDOHAXSEC \u2013 Emerging Indonesian Hacking Collective", "protected": false, "publish_timestamp": "1780041130", "published": true, "threat_level_id": "2", "timestamp": "1772902045", "uuid": "28430985-18eb-444f-bc75-8d174a1150bb", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Arctic Wolf\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"INDOHAXSEC TEAM\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1742306889", "to_ids": false, "type": "link", "uuid": "12a3dc19-bf16-40e5-b057-cd5cbd00b251", "value": "https://arcticwolf.com/resources/blog/indohaxsec-emerging-indonesian-hacking-collective/" }, { "category": "Payload delivery", "comment": "indohaxsec.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371290", "to_ids": true, "type": "sha256", "uuid": "34913544-73b5-4d8d-8694-225b61546ad8", "value": "cd8a7350b07311f2257eba7ed5d992cf7f00e869461f9a2c3c2003a05bfdcce0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "404.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371291", "to_ids": true, "type": "sha256", "uuid": "80a2b985-8d69-4d26-a388-9cad8f53b84a", "value": "9391014b5a567f4821603c97802c38d8f3053469f47533c57bcfdb787fd9cd57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "selbaru.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371293", "to_ids": true, "type": "sha256", "uuid": "33cc8c50-3041-457a-b540-de7e77303e26", "value": "3b1cb2248bf6b2c9cb493f6ef226a943042ccd8a5e98f4869c55a4efe0a0f835", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ihs_ori.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371293", "to_ids": true, "type": "sha256", "uuid": "d8083cb9-32cb-454b-b00a-3ec3f7cbdda6", "value": "464087d09b85c0bbed20e5369264ae21537926da24efca8aed4136c70fe5b1e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GOD.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371295", "to_ids": true, "type": "sha256", "uuid": "b7d07569-51ee-4e43-bae9-1376d660893c", "value": "eae18c62dbb29bc6749347d410a16b190cb1b2fdaff6d8318ca9ecb5e572391d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "bocil.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371296", "to_ids": true, "type": "sha256", "uuid": "0bb66b46-975f-4163-b9d8-5c45c2aec972", "value": "efd85fd28bcf10f32f0ac934ee0e9e71d34a0cbae66ee83abad9a929c3ca91f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "pwssd.txt No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371298", "to_ids": true, "type": "sha256", "uuid": "26ba662d-c4f1-4e2f-b889-2c9ba5cfd290", "value": "7fd271225602c021306c68157a2e17ace5f42853b4762c49f4d82ae8a4e2ebe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ihs.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371299", "to_ids": true, "type": "sha256", "uuid": "f8e0aa8d-34c5-483a-bd17-9be8c3cd36a0", "value": "02c3d44ec9a44558f516a5922b09b736c5786d2a675b89b2e86ce8f16e4041b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "lock.html No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371300", "to_ids": true, "type": "sha256", "uuid": "fe02a2b4-4d2a-4ec6-aac5-06a3a6a341b5", "value": "0c5e744a5aefe6d6d432b85c33f92f2e2beb75af311421806acb550f766dda41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "xss.pyc No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371302", "to_ids": true, "type": "sha256", "uuid": "674d8103-ac24-496a-92c0-96d0b980440d", "value": "658f468bc8a762ebef233d284bccb97d64d5b214ea49d9c1cac8b9976ee6c3dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rudal3.py, nuklir.py No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371303", "to_ids": true, "type": "sha256", "uuid": "603b1866-a37e-4488-a7a4-9c2b565b423c", "value": "1ba3ce9a93262e82a660b8b566134e08fa9680de8716a2893e4e4617086276f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rudal2.js, Rudal.js No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371304", "to_ids": true, "type": "sha256", "uuid": "db99ce42-5d3b-4ecc-a625-9186980a4712", "value": "959cce59fc5d15540e348945b0a18516d9afb56b1f21fd2db4ed209e87cf2657", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "proxy.txt No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371306", "to_ids": true, "type": "sha256", "uuid": "1d2ce82b-669e-4750-8074-062bd28f446e", "value": "393bff0edb5c229064ba54343eb38ba1b301246caaa30c20021776c822383bf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "white.php No sample in VT\r\nLast check:18/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1742371307", "to_ids": true, "type": "sha256", "uuid": "2478c6b1-dfab-4b83-ad70-1a7f09111eb1", "value": "49cf4ae0d9ffbfc0ff4918e34b1c5b066e62663eeee6da4d0fa91172850e03d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1742307104", "to_ids": true, "type": "url", "uuid": "981ba4ce-a8f0-4edb-a0ed-697ef3fdf5d4", "value": "https://t.me/INDOHAXSEC" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371278", "uuid": "cf43313e-74e5-45db-8b51-551eea432c16", "Attribute": [ { "category": "Payload delivery", "comment": "x.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371278", "to_ids": true, "type": "md5", "uuid": "4304951a-44c8-4d18-bae7-b7f7a89ea8e7", "value": "0ec283c1e655306879a8d5b2be05570b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "x.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307294", "to_ids": true, "type": "sha1", "uuid": "ea1798e7-251b-4f08-98f0-5c9efb07ae84", "value": "9a0a43d919d5acaf269f66091e39d7852f886af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "x.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307294", "to_ids": true, "type": "sha256", "uuid": "860c8d58-5808-494f-924e-7b2dfc836635", "value": "09092c5061322e3cdc33e3eb4d8379f77ec20ff121acd42b159e87407e421a57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307293", "to_ids": true, "type": "ssdeep", "uuid": "2c4792a5-3edd-4e0b-aec4-74def27d735b", "value": "384:V3S445KDL8sE+WtUDbGySd2ZQ8aoQR3vpjbEi1FXF4JsUv6GD9fxgwz14O1hybE0:V3SxRySwZ5ao4pjb51Fda9ZhCO1Iw0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307293", "to_ids": false, "type": "size-in-bytes", "uuid": "6ae1d2b2-24ba-4d44-884f-c2da78b038d3", "value": "27928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307293", "to_ids": true, "type": "filename", "uuid": "5956b2e1-9d88-4881-b421-e52d90978bae", "value": "x.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307293", "to_ids": false, "type": "text", "uuid": "fee067c4-21e9-4383-a25e-f7bb53fe19a4", "value": "x.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:7/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371281", "uuid": "69ff1b10-7908-4413-bc67-663a6ebf42b6", "Attribute": [ { "category": "Payload delivery", "comment": "masal.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371281", "to_ids": true, "type": "md5", "uuid": "7f7c4de5-5c70-4ce7-bbc9-b995f7a8d00e", "value": "2773a619e4b1d3582244255520dae58c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "masal.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307316", "to_ids": true, "type": "sha1", "uuid": "9bc8f171-84f3-43ca-9a38-d6048f0f4ff8", "value": "3ffd1648cceb075bffdc4e7f22bf75a9ca967535", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "masal.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307316", "to_ids": true, "type": "sha256", "uuid": "beaa41f9-e7d1-4164-a35b-70278f2b1430", "value": "e9a2379991d7ad9f3031c9cd62eab9277b9a2d0179a066b36dd95737182574c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307315", "to_ids": true, "type": "ssdeep", "uuid": "52a2f59c-7f8d-4f83-a04f-e46aacaf2b1c", "value": "384:R/Qdn4yobkCSrhaAuu22l2sQRQQQGr5RmiiJWy4586d:Ry460AePsQxr1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307315", "to_ids": false, "type": "size-in-bytes", "uuid": "0e9e63b4-c5c9-4e35-878c-8af1579133e2", "value": "20614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307315", "to_ids": true, "type": "filename", "uuid": "798c501e-11a5-4775-87fa-9c1639970d88", "value": "rss.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307315", "to_ids": false, "type": "text", "uuid": "9287e70b-7090-4088-9b62-527045a1a2e1", "value": "masal.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:13/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371282", "uuid": "1df5e296-ee91-4702-9949-a8e6dcc38bcf", "Attribute": [ { "category": "Payload delivery", "comment": "minishell.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371282", "to_ids": true, "type": "md5", "uuid": "900053a4-6267-4741-8075-5b9288f5318d", "value": "059e9c42514fadc19db18ca8405f38c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "minishell.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307360", "to_ids": true, "type": "sha1", "uuid": "afc39d75-6327-4275-a8e6-5f208bf4b40d", "value": "c6d859b199c5f0780ca2109638cef57e50bb57b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "minishell.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307360", "to_ids": true, "type": "sha256", "uuid": "1d38a839-d0ba-4ba1-9bc1-1980d1e62e11", "value": "ac9b107e35f7a8055bb4a556a1835b824f7b32bbc8af0c05dc67164678f25008", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307359", "to_ids": true, "type": "ssdeep", "uuid": "023267ab-6722-4539-9805-9611780a1b17", "value": "384:ef7/Nnj3CYe4ogke7zXydAHC9tHg1/Wus/IPV/G0zUxS/XAcaY:cdyYeK34THEDsAPV1wxS/naY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307359", "to_ids": false, "type": "size-in-bytes", "uuid": "d45151bf-7a60-4570-bc39-15315909b7f5", "value": "21277" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307359", "to_ids": true, "type": "filename", "uuid": "6c45c0a7-ebb3-4d9d-9b40-c685b2b5aee5", "value": "a.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307359", "to_ids": false, "type": "text", "uuid": "aadac1e1-961c-4cb1-9e12-aef66b4b04b6", "value": "minishell.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:0/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371283", "uuid": "3a52b20d-db07-4498-844c-988db3c90cde", "Attribute": [ { "category": "Payload delivery", "comment": "ikeh.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371283", "to_ids": true, "type": "md5", "uuid": "37c82ff4-59a2-401b-9ca3-e3d861b0242e", "value": "9ae5ea27d1187336a31fc21d71192ccc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ikeh.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307446", "to_ids": true, "type": "sha1", "uuid": "3159a96d-f4b3-4f7c-b7f7-387a45dea418", "value": "eb29b900a603c047686f9df1713f772e18b72caa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ikeh.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307447", "to_ids": true, "type": "sha256", "uuid": "ba87b4c2-a76c-421e-a14f-eaf49cbbe4c8", "value": "9325343e22181eda59efce7b9d6a54c5565c1798337cb42f07a24dbe93f5b117", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307446", "to_ids": true, "type": "ssdeep", "uuid": "4e831fc8-7855-4f5c-9407-096c15b1dcdb", "value": "768:aFSYN853HKHc9VLO9P1GC00onl5ikJFiEvVLAnysHT6wxtlKIWu+GT3IndM0cq1i:ESFQHwlgPx0X/3iYtnsHewxtlKtu+i+O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307446", "to_ids": false, "type": "size-in-bytes", "uuid": "395b151a-79c9-4758-bbee-27715255601c", "value": "45036" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307446", "to_ids": true, "type": "filename", "uuid": "24f9eeb1-f0d6-403b-a403-607600aca729", "value": "test.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307446", "to_ids": false, "type": "text", "uuid": "e8f22291-a510-4b77-a084-824a91e2d297", "value": "ikeh.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:5/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371285", "uuid": "362e68f2-eb6b-426a-b324-93d0654f5cc6", "Attribute": [ { "category": "Payload delivery", "comment": "rudal1.py, misil.py", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371285", "to_ids": true, "type": "md5", "uuid": "f9b5255c-a59f-4066-a30b-b1fa302bd8e1", "value": "1dfded44293e4e2c01c36c120adbec5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rudal1.py, misil.py", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307555", "to_ids": true, "type": "sha1", "uuid": "3bffa99b-faa9-420c-bad0-e95ffa59bfad", "value": "ba71f961ab67a22db1d006c8dd4bf1606ab25fc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "rudal1.py, misil.py", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307555", "to_ids": true, "type": "sha256", "uuid": "0e3d0c19-0c69-4b5e-afc2-aba984a6e194", "value": "f9a3f810fb81b3a605038d997341223eb6914aed4f13f4d93466906dc83b1942", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307554", "to_ids": true, "type": "ssdeep", "uuid": "ce30778a-23de-4059-a3ec-965c25185002", "value": "768:gAcccgtNQ7GRccclPgDcccgacccozcccccccHs2cccZcccccccYst8h8NcccccZo:F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307554", "to_ids": false, "type": "size-in-bytes", "uuid": "cb67c10f-fb5d-45f5-93c7-e248d2b75c9f", "value": "28552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1742307554", "to_ids": true, "type": "vhash", "uuid": "9fa291fb-89a4-4eac-bdc7-0dab2dc2188c", "value": "a36633649e9d49e47d44453ea38f05f4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307554", "to_ids": true, "type": "filename", "uuid": "2aafe1e7-7c3b-4707-bb91-dd046b9102e8", "value": "main.py" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307554", "to_ids": false, "type": "text", "uuid": "d0358c28-92b9-4a33-9fea-a2743dcef0e7", "value": "rudal1.py, misil.py\r\nType Description: Python\n\nMicrosoft: None\nVT Total Detection:2/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371286", "uuid": "7d5abd1b-9df1-4cd0-9b02-712d68953406", "Attribute": [ { "category": "Payload delivery", "comment": "scrape.py", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371286", "to_ids": true, "type": "md5", "uuid": "245c2afb-b6e1-4f4a-8883-435720a3c2b4", "value": "bea9e27b83714ff2f15a770aa8614aa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "scrape.py", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307641", "to_ids": true, "type": "sha1", "uuid": "c200d72f-dd1c-4d02-a25f-a2f30a7ffbee", "value": "cd47fab650bda7a70902cbec2cf16943ef019f39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "scrape.py", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307642", "to_ids": true, "type": "sha256", "uuid": "f2e951f0-ba32-491f-b70c-d2b4cd1a1e06", "value": "a5c8d558af0e8e3853cdd03be91dc7d915113a291466383005dbe1951809f663", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307641", "to_ids": true, "type": "ssdeep", "uuid": "94ff2a49-3a25-47da-bdcb-ce5e270800e0", "value": "48:ZHXok858xRUUwwH7o7bXtvdEjOTkgWTbB1AFACbBwUPNB9hNOqHBpzhbqHBplGE:ZDwGOTkg491UAC9JPj9zL7s3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307641", "to_ids": false, "type": "size-in-bytes", "uuid": "6bd267d6-f515-46d4-8265-71e3833949c6", "value": "3001" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307641", "to_ids": true, "type": "filename", "uuid": "9f2e40d2-7ccf-4f3a-955f-881e4061c6af", "value": "scrape.py" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307641", "to_ids": false, "type": "text", "uuid": "c36defb3-2ce2-4cf2-9e80-5c791de5d3a2", "value": "scrape.py\r\nType Description: Python\n\nMicrosoft: None\nVT Total Detection:0/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371287", "uuid": "027783ca-a95b-44f7-be04-bc7b68d37583", "Attribute": [ { "category": "Payload delivery", "comment": "dancokware.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371287", "to_ids": true, "type": "md5", "uuid": "c5106f3e-3d2b-4e80-8013-48ede8f8e61c", "value": "5c351dad79c65ed0acd0f62cae98cb75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "dancokware.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307685", "to_ids": true, "type": "sha1", "uuid": "168fcece-6a95-4237-8f0e-ecaca7bb17fa", "value": "60981949314b54556bc0af4614e5687e8676f607", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "dancokware.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307686", "to_ids": true, "type": "sha256", "uuid": "613f1f0f-8afe-4214-85d9-158eeeafd34a", "value": "a82e254ec16d3505322b487cfa2cc0f9e629ef72a4f474dbae81b1ec5bd7f2c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307685", "to_ids": true, "type": "ssdeep", "uuid": "3970682c-202b-48b9-87a8-2bf73c3dd917", "value": "96:eoI/YBFWsHjuyradFXlGW0IzcoDobGs2yB8JgeZMUUd9:1BFRHj/a170IzcoDobGs2yB8JgeZa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307685", "to_ids": false, "type": "size-in-bytes", "uuid": "ecbb1984-0a91-473b-856b-31fba8ca1ee9", "value": "6150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307685", "to_ids": true, "type": "filename", "uuid": "0edf2e1f-690d-42ed-b1e0-9b25f37a5b11", "value": "dancokware.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307685", "to_ids": false, "type": "text", "uuid": "1328a7f6-c60a-42e5-a1ab-b08faddd7839", "value": "dancokware.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:0/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1742371289", "uuid": "d049a5e5-3922-4ea6-8f2d-1a6af6e928e2", "Attribute": [ { "category": "Payload delivery", "comment": "ransomweb.php", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1742371289", "to_ids": true, "type": "md5", "uuid": "7c302865-5710-445a-b756-5c519aa35d2e", "value": "d4f8248c4dc809aea91299ef6b2d9f0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ransomweb.php", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1742307707", "to_ids": true, "type": "sha1", "uuid": "49287187-2847-4c0e-93e9-7c3cc9378e06", "value": "174b465eb4a912726b5801e6d058542cbe669d89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ransomweb.php", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1742307708", "to_ids": true, "type": "sha256", "uuid": "883dcc7d-2ec2-4aee-8e26-403349976e36", "value": "b3a7f14df7b52a0acadc02c58d602bd21e28b7968621f9181531d4977e216ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1742307707", "to_ids": true, "type": "ssdeep", "uuid": "96e5a12b-de1e-4e46-a823-57bfc6cb242c", "value": "24:lvFpEwfCszhstEswn2DVssbsjg0j5687NDJ/MgHI0qMGJpUPdxJMM:75CViTDJUmZxSgvMM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1742307707", "to_ids": false, "type": "size-in-bytes", "uuid": "992716e5-1b14-4884-9f59-3b0019fab6d7", "value": "1825" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1742307707", "to_ids": true, "type": "filename", "uuid": "4d93da07-74ae-4b7f-9102-d2baa4eaa4b1", "value": "ransomweb.php" }, { "category": "Other", "comment": "Checked: 18/03/2025\nLast-scan\t: 18/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1742307707", "to_ids": false, "type": "text", "uuid": "74eef8bb-b938-4f3f-8011-be8df99b2213", "value": "ransomweb.php\r\nType Description: PHP\n\nMicrosoft: None\nVT Total Detection:0/62" } ] } ] } }