{ "Event": { "analysis": "1", "date": "2026-01-07", "extends_uuid": "", "info": "[Threat Intel] Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware", "protected": false, "publish_timestamp": "1780041347", "published": true, "threat_level_id": "3", "timestamp": "1779534095", "uuid": "284a5040-9bea-495a-9465-2080e97f08df", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"Cybercrime\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Fake App\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Vishing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Smishing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Phishing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Money Mules\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"CNP \u2013 Card Not Present\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Malware\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:financial-fraud=\"Compromised Payment Cards\"", "relationship_type": "" }, { "colour": "#9d320e", "local": false, "name": "misp-galaxy:target-information=\"Greece\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#9afac6", "local": false, "name": "misp-galaxy:target-information=\"Jordan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#5f0077", "local": false, "name": "ms-caro-malware:malware-platform=\"AndroidOS\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"b0c71d51-34fd-47b5-9eb4-dd406ffc607f\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769432937", "to_ids": false, "type": "link", "uuid": "eabe2b9f-b0d2-45ce-831b-2e6e4c5eeb0c", "value": "https://www.group-ib.com/blog/ghost-tapped-chinese-malware/" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533925", "to_ids": true, "type": "sha256", "uuid": "66d6fb49-7981-48be-bdaa-1837146e99bb", "value": "30cc52d1e1e3c544e186d2166f870cedb1e3f9472f6d7aad0fea0cf2d7040347", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533927", "to_ids": true, "type": "sha1", "uuid": "ec7d47b5-1c2b-40c2-b4c8-ced867c1af85", "value": "cabbb00f66713caf38412fb330e75456a68d0d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533928", "to_ids": true, "type": "md5", "uuid": "7cef75ae-dce0-4e3b-88f6-f4d5c04859ca", "value": "1824d0a6a37fb08d35f2463cc413adac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533930", "to_ids": true, "type": "sha256", "uuid": "f8ce0b44-c16a-4542-9314-8ef47eb22e7d", "value": "04eed57320f2d1ff8924cd62a211f63895d8b5d53ae0b38502197335207e26a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533932", "to_ids": true, "type": "sha1", "uuid": "8df42bbf-ae16-4ac0-a40b-7e0d0f8ca778", "value": "5e69f16d7b3015cf50b81d3985b524e2472a92d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533934", "to_ids": true, "type": "md5", "uuid": "2658dacd-df7f-48c0-9294-ad70aa99ed07", "value": "f390b92a5162d0576606acb966375dd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533935", "to_ids": true, "type": "sha256", "uuid": "67a18a8d-18ae-4ed5-9976-58e2124ddca5", "value": "9c2ab621533f49dd833acf1df253371ceb5b533cfc7e6f44667c2a8641e86ce6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533937", "to_ids": true, "type": "sha1", "uuid": "6de9ca38-84ab-426e-895d-0be0dcc0f763", "value": "291e10b261ff36962b3cf6e9ffeba4830dc558df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533939", "to_ids": true, "type": "md5", "uuid": "02861dc6-e7cf-48db-b05f-eec773d2bdda", "value": "8fec4fd0542d43db5ef44e220863f4e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533941", "to_ids": true, "type": "sha256", "uuid": "100df8ed-605c-4e07-b896-c903f02140bd", "value": "dbb178a385680a20afc59048b396d30e745e5bac1ff1163d0a3c713c06fc89ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533943", "to_ids": true, "type": "sha1", "uuid": "f859a4e5-01e7-41ad-a09b-60d234ea7dda", "value": "17bd829ca6901e8bc228f5020aefac2f89d64e8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533945", "to_ids": true, "type": "md5", "uuid": "a3c070d4-1b05-4b79-94ae-327d05d6d74b", "value": "65a7a66871619313853102fe42f8ea29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533947", "to_ids": true, "type": "sha256", "uuid": "d9c75a97-b52a-47dd-9774-730f5d1aa939", "value": "7eab00634a6b9f1866f2e74987d7f619215a45e34a421e7746e3c49ee148874e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533948", "to_ids": true, "type": "sha1", "uuid": "12e89d3e-cf41-40a8-a198-6ff69b2d6a55", "value": "725996ab655389bcd6b37d5f86b17859b4167f18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533950", "to_ids": true, "type": "md5", "uuid": "34b3abc9-6f47-412e-ac2a-69c814ace40b", "value": "96345d5bd63db21739db999d6f3dd28a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533952", "to_ids": true, "type": "sha256", "uuid": "0963d590-c850-4343-8e78-f8a59cda66ab", "value": "75aa5849eea643aad1f9a485dbf9898511395ab19bde6214002fac5447be8277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533954", "to_ids": true, "type": "sha1", "uuid": "58a7aab2-27c6-4ba0-bc31-d42f38c92fcb", "value": "40b94a2f7aaa7bd0299df832d1aae45d5a262bbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533956", "to_ids": true, "type": "md5", "uuid": "55641330-2a9c-407f-9b9b-2af0dd76c37f", "value": "2f59040e763a1556259a1929759bd695", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533957", "to_ids": true, "type": "sha256", "uuid": "c9d5ea16-0471-4333-9068-07a513b81a8f", "value": "c536c337a2a6eefb82e0459ea207dbc5fc584826294be5f2e6020fa54451166e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533959", "to_ids": true, "type": "sha1", "uuid": "35662d12-0bc9-47c3-b9c4-a0555ef04b1b", "value": "a3b66875129c9602c5b0764e67fbfb4e1d83b3f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533961", "to_ids": true, "type": "md5", "uuid": "0cb8ff9b-6b5c-408d-bbce-44bf2fd870ab", "value": "921cc0aeccfc1a6de065055d21b6b8a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533963", "to_ids": true, "type": "sha256", "uuid": "0a6bd554-70a0-4df4-904c-06fa3cad87ae", "value": "b9123df13d9862a618dd3007b1eedc558dd68ccf983025fcad21bf536c8d30ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533965", "to_ids": true, "type": "sha1", "uuid": "563044b6-33ed-4d55-b83a-6f22ca71b515", "value": "6a5d16ed45c7d82d2370deb79e2a622d7bfa5810", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533967", "to_ids": true, "type": "md5", "uuid": "9e9b30b6-97a1-4131-a2b5-a9cc111bfb0b", "value": "e1a3d35d298f75a6be3433d8237d9219", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533969", "to_ids": true, "type": "sha256", "uuid": "9e801d07-8d6a-4948-ad66-49d06ae3214d", "value": "943cc42b546e35b7a9f3c72c55e5cc0a8ea4593877d7aabc2f461595d43d6728", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533970", "to_ids": true, "type": "sha1", "uuid": "0561641f-2e72-4b6d-9e92-d9b67d5dbe54", "value": "e8075eff6efc16cf12b8b4d4334a2c7c83003e28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533972", "to_ids": true, "type": "md5", "uuid": "aa6464b0-a475-4c7b-920c-3129c4dce3a6", "value": "4e57c1e8f07a2187224f00abf7b8fce0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533973", "to_ids": true, "type": "sha256", "uuid": "d807307a-d2de-4c7a-a8f7-6de59a2fe294", "value": "d9ead920368b2f7a1c60e104ba0314fe5c8691da2525e5d776587df138558aeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533975", "to_ids": true, "type": "sha1", "uuid": "da504fe6-af4b-4d13-88c1-18ef79727dc6", "value": "d562058c5e0fdbac9daecbc1df72daa34dcbb271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533977", "to_ids": true, "type": "md5", "uuid": "6eac821e-6107-44ae-b396-85a2454c69c1", "value": "58244d7a24eb067628460a69d978e64f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533979", "to_ids": true, "type": "sha256", "uuid": "1d734c4d-b7da-417a-96be-defa0ee29b69", "value": "d8c35d8491c858d171175d2d478806c1a53478316e85b8f814e79e502b3015dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533980", "to_ids": true, "type": "sha1", "uuid": "ea0bf294-804b-4f8a-b761-e1695017d4c0", "value": "c26641321b6488de852ec26996fd067a97798ea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533982", "to_ids": true, "type": "md5", "uuid": "14b40f93-167b-4db1-a5e5-fb42dd12ac76", "value": "bbaf80ab7933ad19e55442e3ae8173dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533984", "to_ids": true, "type": "sha256", "uuid": "a03648a3-9459-4dd8-abb4-0d764aa3bf21", "value": "c0814d74914ba22ccf3e1d268cf3e24e8f496cac38497b08756573f979494de0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533986", "to_ids": true, "type": "sha1", "uuid": "f560ea0f-0b13-434d-a08b-f094a7dd35e5", "value": "7452cec6b191fc6597c33aede946e2c3327319b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533987", "to_ids": true, "type": "md5", "uuid": "e8a66a81-2052-4def-bcb1-afedd580f210", "value": "3dd93ca08bfa1bc25f0e5c66cd8cd4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533989", "to_ids": true, "type": "sha256", "uuid": "2b407b3f-c264-4915-8a22-8a6519060530", "value": "365af25a835580b170239e630edd3ab014269d35cd738d94a6fbfdafb931b491", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533991", "to_ids": true, "type": "sha1", "uuid": "f0ff66b0-c484-4104-bbcb-a8ecc46e0a86", "value": "66f2f6ce0535f51a2b19acd2933c9a3f67608ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533992", "to_ids": true, "type": "md5", "uuid": "c3cd1ea8-dc82-4be4-8da5-05c0fb6c57f5", "value": "35dd14589f7b11ece671377f1c5836d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533994", "to_ids": true, "type": "sha256", "uuid": "e9e7e139-710a-435a-b5d2-94e85ccd5e5e", "value": "2883604a5d6b5664ee314437ffd57145826668cb81db0641b1f3917ac1d55d1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533996", "to_ids": true, "type": "sha1", "uuid": "881d0064-2b51-453a-8b00-6a488c4c25d8", "value": "539f3c45556c4c06080f112c772b965ccc09a175", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533998", "to_ids": true, "type": "md5", "uuid": "871a2263-949d-4570-8d3c-feeb2ae5245b", "value": "2d91d95476d7392bdcbd4cf3b520b46c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779533999", "to_ids": true, "type": "sha256", "uuid": "6d9c11ff-6109-4ad7-80e7-ce3ec486a1c6", "value": "d88f10e2ac0d73f9bb0d6fa5acc6c85c34459ab76c7a1b78dc22d00ad4547c2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534002", "to_ids": true, "type": "sha1", "uuid": "280f60e1-d899-45d1-9a82-ec4ffc82dfcc", "value": "c7454940a07b0beab94138fd2a3c8bb50134bcab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534004", "to_ids": true, "type": "md5", "uuid": "954facc8-bd9c-4047-9907-cff7ca5ddacc", "value": "4f6fd902f7bfbf242bd9ed73dcc0c400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534006", "to_ids": true, "type": "sha256", "uuid": "2e5699df-7713-46c5-ad71-0657234412a4", "value": "a04ce09802ba6e45d26179dbd3d2d114af7c8d19110b43dd06f49b563e3829d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534008", "to_ids": true, "type": "sha1", "uuid": "b73d9dfb-f3be-4078-88ea-d82921b85d13", "value": "58fe37d630e5b471edc77a6d74d35c9c5185280d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534010", "to_ids": true, "type": "md5", "uuid": "057cf2a8-4193-4d58-9c69-8443e782278e", "value": "e8f512d7893b00dca9fa8577435a2da5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534011", "to_ids": true, "type": "sha256", "uuid": "804f1735-59aa-4021-ac68-8db0a104d762", "value": "2ff79fa1317a04f52d16b09dd8ca9a863cf176bf11410721a8592e1ebff598cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534013", "to_ids": true, "type": "sha1", "uuid": "b6adb2e4-a65e-4687-9302-5b716c6b2e90", "value": "e21352b054b4b50a844db4dffcb6290b13a5c9ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534015", "to_ids": true, "type": "md5", "uuid": "f3e2f3e8-127e-440f-88f4-91af1d0a176d", "value": "2c824e96e434646aa383afddc11f0562", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534017", "to_ids": true, "type": "sha256", "uuid": "ea7663be-79a2-45e1-94cf-ed99b22687e6", "value": "e44a30abf87f1b4403a7342c1447232d547bcf941ca001623802cd0d14f4d576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534018", "to_ids": true, "type": "sha1", "uuid": "5aa5df78-9ea4-41ad-b033-b3a873c9a1f1", "value": "83d013d40de7411495e6cffbd54f341461cf5e06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534020", "to_ids": true, "type": "md5", "uuid": "110cbd35-7e9f-4537-86b8-df1a341a4164", "value": "58fedd5ade8b7c1417c2bfb2aa0815df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534022", "to_ids": true, "type": "sha256", "uuid": "809fe282-80c6-42cf-9b04-0899d9f25a4f", "value": "9624fad943b1fc73d25c583f9bd9985d15e62cfe4a3db150f4f24b0cf48e52f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534024", "to_ids": true, "type": "sha1", "uuid": "1b23bbb3-f5b4-463b-adaa-9d7bb7135b13", "value": "6da3b5be62bee006ce6476ecb173f297f5a3e045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534026", "to_ids": true, "type": "md5", "uuid": "400b8a19-9b68-4444-b0f7-3b0fe8b344c1", "value": "12b7c73ede31313bf7459867a1f292aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534027", "to_ids": true, "type": "sha256", "uuid": "29eec3b0-a20f-4a90-a5ad-ba4d1ca9d9c1", "value": "966007f0de4be060426050a2176561ee299e2f9bf6e718c3de8ce27e14943783", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534029", "to_ids": true, "type": "sha1", "uuid": "5668b569-c575-4de9-a960-1aaf7e1cd721", "value": "c7d487bd0fcb4282e0ceb51ccf58d4dac9163dbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534031", "to_ids": true, "type": "md5", "uuid": "e01d78ce-3262-49f6-a4b1-45ed04464aac", "value": "a4c529428b2a83a0a2ce95b04787d191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534033", "to_ids": true, "type": "sha256", "uuid": "a98ab57d-98a7-4ba5-9216-9af2ca55aef6", "value": "9e5031688b1b0ee32ddb851e64c33bab6142cab51b27230e5bcf633467d90b10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534034", "to_ids": true, "type": "sha1", "uuid": "a1323df1-b884-417f-836b-a7231fcf9994", "value": "fea12fa7ed1b0889f473835109be9685055bd183", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534036", "to_ids": true, "type": "md5", "uuid": "791b5efe-643b-4e51-bb3d-dea2794114ae", "value": "5e43e0750854baea6dcc22d7ba546435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534038", "to_ids": true, "type": "sha256", "uuid": "c93d9a10-851a-464f-a9fe-fb529e40af70", "value": "3888e1394a803dc5ecdc3717298cee5037bcab98888538f2d051b90d7237e89e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534039", "to_ids": true, "type": "sha1", "uuid": "cb5c188e-9ad8-4f5f-9641-5fdcfdde67a9", "value": "e050dec14c6f7e7b203f8271a549a2daa5813520", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534041", "to_ids": true, "type": "md5", "uuid": "28202468-990c-41e7-9bd9-3bf859f29978", "value": "da22525907c121d585a2c65a2d78524d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534043", "to_ids": true, "type": "sha256", "uuid": "494d8074-99b7-4902-bce4-325f60f887f3", "value": "abecec0988075e28dfb2fb14aa8ccd721935d0e3371f6ddaf9ab2407d927153f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534045", "to_ids": true, "type": "sha1", "uuid": "e16d9de7-c772-492d-bf2c-40128e8c32d8", "value": "f8d9056c399aeccbd354e6f0a3b2eb3950c13c89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534046", "to_ids": true, "type": "md5", "uuid": "515168b6-d1c0-4d93-8713-9a27e355d764", "value": "e2ae7548c6053d308357d73da4299757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534048", "to_ids": true, "type": "sha256", "uuid": "4c36f5af-fd9a-48a5-bbc3-35f0f34396a6", "value": "4495b3fd162b5df16921f1114f4d85f38dd7ba4644a19d681c40fefebb597efb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534050", "to_ids": true, "type": "sha1", "uuid": "7b587be0-0fea-4a1a-b945-787de2f1fb67", "value": "e7fd43143fba664ff079c129bd9da7a62ca173e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534052", "to_ids": true, "type": "md5", "uuid": "f24be515-ad33-4ee6-a510-15bd6196be89", "value": "3a22cf5cebbfe2094fed3b01c91f518f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534054", "to_ids": true, "type": "sha256", "uuid": "8bda843e-3179-4104-b2ed-e230b5a0395c", "value": "9a9631ab469600514fd0bd30fe34a6daf90ca58bcf5bde5a872218422aeea7c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534055", "to_ids": true, "type": "sha1", "uuid": "197bc82b-acca-4ea1-8f31-764fda7daf57", "value": "35acd14621e34e179f3d88dc3eae83e544a49942", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534057", "to_ids": true, "type": "md5", "uuid": "e9cebd42-c702-4400-b2e1-9b529ac4e1c1", "value": "f771774e06676209a2546e6967d3cba2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534059", "to_ids": true, "type": "sha256", "uuid": "efeab0bf-9342-48d4-8db2-5bc0b34f3f66", "value": "b5e7b5c93500051787a9f3ee43ba47404ee762ef2477de7db4c74204278d2e05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534061", "to_ids": true, "type": "sha1", "uuid": "470f3d55-7453-4638-a921-d1b8b45c07dd", "value": "7e9bea5a8251e9b45ff5590161829a2a85e89851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534063", "to_ids": true, "type": "md5", "uuid": "2163526d-bd5c-4b4d-9d65-e89e2eef99f1", "value": "142818af6913b5bdb9bff3079b54ef86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534065", "to_ids": true, "type": "sha256", "uuid": "c0f39335-2630-49fb-b9c4-919bcae8bbbb", "value": "fc2c8cd05ef53d21b1c64dd9f9b826e996a2a2931b5d1f7a00d210a40d48deac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534066", "to_ids": true, "type": "sha1", "uuid": "f1a61165-c63d-414d-86f0-8faef6fd8a37", "value": "78d1380ef34e93ea0e3d8d9355c8cad90fc01aa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534068", "to_ids": true, "type": "md5", "uuid": "36f58162-b07c-47e5-a7ae-a11df7ef07d5", "value": "5f11bb9e5e2be2a1c8243777a192c95f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534070", "to_ids": true, "type": "sha256", "uuid": "591ef368-ed56-4b03-8a53-ca9d903ad4b4", "value": "c1a6a6e6b80b5bcdd71ba3a9abbac789a32aa9a727a2cb4777fddf9055ea6869", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534072", "to_ids": true, "type": "sha1", "uuid": "ff26d044-150b-4727-9dac-778f7f1fc908", "value": "b787f9a84151caf4a7f727a292216f3674c8662a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534073", "to_ids": true, "type": "md5", "uuid": "deee5753-1fe5-4bde-b986-4d0350727865", "value": "49f91198715119d68f2f5da98b77cfa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534075", "to_ids": true, "type": "sha256", "uuid": "3c734f0d-a1b5-4d22-a020-7fafc084263c", "value": "2149d796535e0eb084820976a6c7a036786760adfc14332632dc0f2ee020ee5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534077", "to_ids": true, "type": "sha1", "uuid": "edb19eb8-f264-4205-8c18-b234bdbaf4c1", "value": "481d3831de6d7a34669b56ec222fd91bbda69376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534079", "to_ids": true, "type": "md5", "uuid": "d1e3d840-0f14-4542-8b7e-23bd05d9cb52", "value": "68bdf29eea8b4270c10b880d34e57024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534080", "to_ids": true, "type": "sha256", "uuid": "6be68b14-00be-4f08-9ebc-d668077fbb59", "value": "282156d15c07da7aecf15fb7d1744a1283e8a3f5bb055815ba8108ede0ace588", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534082", "to_ids": true, "type": "sha1", "uuid": "d327b5cc-e013-4eae-9571-902ffb7fbdcb", "value": "12b9fe55cd97aab0e41066c7b29dad5c123da620", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534084", "to_ids": true, "type": "md5", "uuid": "4ee1ed97-686b-4533-bd7e-9b3b817501f9", "value": "7ffe4a86e435275af888c0c7c2512033", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534086", "to_ids": true, "type": "sha256", "uuid": "cd7846a8-5171-4fb9-87d9-17c91745793f", "value": "8635a715da2430542c7cb90e94b3c1fe0f95dcd8c7ed837d0fa4a4ce643db6c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534087", "to_ids": true, "type": "sha1", "uuid": "930db896-cdeb-4ce9-8e00-e8f555142bf2", "value": "9cc7247ea2d494f1dd36fd9fd4a61500a9731833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534089", "to_ids": true, "type": "md5", "uuid": "72ad7373-0464-4bb0-b46d-0eacc9f0f6e9", "value": "0b74b909adfadbb90808352a3c694b9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534091", "to_ids": true, "type": "sha256", "uuid": "18d2aab9-3008-43fb-a064-4de03c6269ad", "value": "28eeb9e47996434c07e84b733931f2b801cda21032e9af5d25f170454339f479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534093", "to_ids": true, "type": "sha1", "uuid": "b727415d-5cc7-4b7d-8289-37319bb4e0e8", "value": "748d6df07c7287090e286da68906908443bd5221", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:26/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1779534095", "to_ids": true, "type": "md5", "uuid": "25709aa7-0fb6-49bc-97c4-f0cc01e075e3", "value": "cba9544d540ebb5d86907645f376f86c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769440290", "to_ids": true, "type": "hostname", "uuid": "74486db6-1a2f-4121-9f5d-2c1d66901ede", "value": "nfc.rc8820.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769440311", "to_ids": true, "type": "domain", "uuid": "b9b59016-540c-4d42-8d56-2956e418370d", "value": "xxnfc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769440332", "to_ids": true, "type": "domain", "uuid": "cddf1480-c159-4fb7-8b6d-b7e32701f4ce", "value": "txnfc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769440354", "to_ids": true, "type": "hostname", "uuid": "4276cb1c-7a3a-4496-971d-d392c9d8c6c7", "value": "apk.nfu20251021.win", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769440376", "to_ids": true, "type": "hostname", "uuid": "dac9dd51-6482-41c7-8eb0-7696a1d454ff", "value": "app.nfu1010.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1769433252", "to_ids": false, "type": "link", "uuid": "976b3102-29fc-44b5-a516-b6a55bdf68d2", "value": "https://www.straitstimes.com/singapore/scam-syndicates-sending-foreigners-into-singapore-to-cheat-retailers-like-apple-store-and-best-denki" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533870", "uuid": "7e0fc7f3-511f-4928-be8c-4f6970f7ded1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533869", "to_ids": true, "type": "md5", "uuid": "c0f353c6-41c5-4be2-81c2-673e262294c6", "value": "38c559a701a15da5512c720f047b23a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533869", "to_ids": true, "type": "sha1", "uuid": "28ce83f5-9ced-4d13-a368-9d358c949e50", "value": "4243d0a770a5d91480ea600ab4fcc6464eccb31d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533870", "to_ids": true, "type": "sha256", "uuid": "dde595a1-96c1-4293-913a-f7c28e635b53", "value": "613631686aea4c2be25f0bd2dd7aba3f023739373b426eb363992d8489a26d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769433822", "to_ids": true, "type": "ssdeep", "uuid": "04d1b6ef-2ba6-4243-b13a-a7bc535de716", "value": "196608:UmrGeg7RfQ8DM5P5A0mcn+YTsQnmbdcpQLY:ZnkMR5A0Fn+YTVngc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769433822", "to_ids": false, "type": "size-in-bytes", "uuid": "5b44119d-e793-4f39-9362-f80c9cd826d2", "value": "6448135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769433822", "to_ids": true, "type": "vhash", "uuid": "dd321779-11d9-4abf-92e5-e14d5d6fb863", "value": "440cb0e0a8dfdc79a6ff8f71d171fa96" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769433822", "to_ids": true, "type": "filename", "uuid": "9664201f-c2eb-40ff-b0e1-2c361269868c", "value": "nfu.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769433822", "to_ids": false, "type": "text", "uuid": "2117d353-fd9d-42b3-8acd-4877bc84e488", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:24/67\nFirst Submission:2025-10-10T09:23:36.000000+00:00\nLast Submission:2025-10-10T09:23:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533871", "uuid": "1d08e9ec-cefc-49c7-99e6-f4216a41fc22", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533871", "to_ids": true, "type": "md5", "uuid": "ba08a7eb-6513-403b-9d64-0c2e859028a1", "value": "12521a556512e0ce26249a1fdf466075", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533871", "to_ids": true, "type": "sha1", "uuid": "c7dcc292-ab9f-4a29-9cb2-7937a09e639c", "value": "83ed2b9da7765451873d10a6490185fdf9817647", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533871", "to_ids": true, "type": "sha256", "uuid": "f595b94e-a032-4353-b43f-0c2806caf177", "value": "0004b033ed1ec504b0bcd5471cd61850ac872d4e1c198d4c1e0360918df5aebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769433907", "to_ids": true, "type": "ssdeep", "uuid": "76260f45-8af1-449d-b626-00f7689919f0", "value": "98304:yX1dRa4DJn9ZuTYVGVKi0sqBE8p3dDcFzUxRZ0f+QeStL10DUWInmpbdvVGcK0Xo:yX1GGHtVs+EwXZ6+OtsQnmbdcpYZg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769433907", "to_ids": false, "type": "size-in-bytes", "uuid": "aafdea85-a8b9-4d7e-8ec1-2f5e09eb7437", "value": "7467150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769433907", "to_ids": true, "type": "vhash", "uuid": "f97e1b8b-5e7f-496d-b079-b3bf4915bba0", "value": "fd954a45a0a2457b7f25361ce0a7f365" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769433907", "to_ids": true, "type": "filename", "uuid": "a5591204-9d5b-4182-b4d7-b810504cc1c7", "value": "app-release.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769433907", "to_ids": false, "type": "text", "uuid": "0fa3aff2-0101-4dc6-9428-4ae5a3dfafe5", "value": "Type Description: Android\nMicrosoft: Trojan:AndroidOS/AVerseFalc!rfn\nVT Total Detection:27/66\nFirst Submission:2025-08-12T18:05:52.000000+00:00\nLast Submission:2025-10-29T16:27:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533874", "uuid": "76cb8284-e0e3-4469-9762-2284a037be37", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533873", "to_ids": true, "type": "md5", "uuid": "47b65a43-8309-47f1-89e8-f70e7bdd66a4", "value": "0823f249e7a1fa3005dd51abdf1a247e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533874", "to_ids": true, "type": "sha1", "uuid": "094054b9-388b-4ef5-9365-5a95aa8f59d0", "value": "61d7a697ccfc63ab72c021a450655a62866d156e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533874", "to_ids": true, "type": "sha256", "uuid": "20e3c760-ce90-4763-9376-bbf93abb78ba", "value": "598db3e9386fc4213d7d02b4d79e64761d4dfdd4202ca244e545d19f4b0f8ece", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434247", "to_ids": true, "type": "ssdeep", "uuid": "5ff59c09-0c4b-4259-9cf3-7ca07c9681de", "value": "196608:Inc185a+i8rtVs+EwXZ6+OtsQnmbdcp0ZC:+535VNXA+OtVngw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434247", "to_ids": false, "type": "size-in-bytes", "uuid": "46ab8c1d-6de0-4af3-a8ce-a75c8b329bb0", "value": "7467170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434247", "to_ids": true, "type": "vhash", "uuid": "dddb058b-1df6-40a9-8543-3898d4c8d6cc", "value": "fd954a45a0a2457b7f25361ce0a7f365" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434247", "to_ids": true, "type": "filename", "uuid": "8cd68b8a-5ecb-49cd-9262-3fa4874ad7f6", "value": "app-release.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434247", "to_ids": false, "type": "text", "uuid": "e8d89229-2d07-4560-b6ea-ae460920226b", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:23/66\nFirst Submission:2025-08-19T18:31:30.000000+00:00\nLast Submission:2025-08-19T18:31:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533877", "uuid": "132e5186-29aa-4e58-825b-f0a8f7f7903a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533876", "to_ids": true, "type": "md5", "uuid": "d84e01d3-c214-440b-9663-087e7ca381c3", "value": "978b6a611488de8b9c22546300c92cb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533876", "to_ids": true, "type": "sha1", "uuid": "344a1799-47cf-49a7-ad09-e4c3d49f53a3", "value": "6c4badf93062e4a8018dddd55649013ad1a97ef4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533877", "to_ids": true, "type": "sha256", "uuid": "5682a360-0ef0-41be-a297-b096d2e4237e", "value": "5e75aa2e0055f1225c45ab1902101d3a821dc9584f61534821715e67e2821573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434401", "to_ids": true, "type": "ssdeep", "uuid": "2cbf72c5-70ee-4e49-8914-272aace70d5e", "value": "196608:35J5sVHXsHuYor1jVNsSBQJzjo7gYWylPDp7/ChbMa4mPSue:JsdnYorBVNLQpo7gYbl9KdMa4mP6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434401", "to_ids": false, "type": "size-in-bytes", "uuid": "ae10951a-2068-4f03-a142-acc19d118a63", "value": "6440112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434401", "to_ids": true, "type": "vhash", "uuid": "84b84c13-ed79-4b88-b035-84ad25af4ef7", "value": "39ce9de7697204c88b48495d9e383df4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434401", "to_ids": true, "type": "filename", "uuid": "2a359509-9e4b-4968-baf8-2c914d4931a8", "value": "com.nfupay_rc.English-apkeditor-io.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434401", "to_ids": false, "type": "text", "uuid": "66dce25c-8fad-4e11-b540-6e5b2dbace1a", "value": "Type Description: Android\nMicrosoft: Spyware:AndroidOS/Multiverze!rfn\nVT Total Detection:22/65\nFirst Submission:2025-08-07T13:23:09.000000+00:00\nLast Submission:2025-08-28T13:22:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533879", "uuid": "c090a2f3-d3d6-4ea5-8d7f-653959b0ab4e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533878", "to_ids": true, "type": "md5", "uuid": "abb7a446-b722-4bf6-846d-93fa86869e9e", "value": "c673271d4912aae21546b76a2cab8fbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533879", "to_ids": true, "type": "sha1", "uuid": "4cc7f10d-fb27-41f3-814b-cd53d0fbc1b7", "value": "3b26fb3e86000f55e853e64f1b2f37f3e06bef54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533879", "to_ids": true, "type": "sha256", "uuid": "8514ed0b-0e72-4b9b-a72b-01fec92011cf", "value": "141adee79ed2ce22937c3abeabebe03deb711f51030c8d0e8a24e26b70468bd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434422", "to_ids": true, "type": "ssdeep", "uuid": "9c1a3c57-4a10-42f6-ae3c-9408347e6aee", "value": "196608:YyRoREijiBGTuCtRXAwtY0koyV3Okk3GZn4PPnZ1Eg:VRqEBiuCcwtYIS3OZWR4PPnZV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434422", "to_ids": false, "type": "size-in-bytes", "uuid": "4e81fb21-f470-4d9a-81c9-f6c0d0225ad6", "value": "8451499" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434422", "to_ids": true, "type": "vhash", "uuid": "3e8146c7-e88d-4da2-8335-4098b4ea1978", "value": "55eb9907865fda5557f0ab03c6a64818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434422", "to_ids": true, "type": "filename", "uuid": "ae53db8c-ed53-49bf-a09c-49d32119f099", "value": "base.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434422", "to_ids": false, "type": "text", "uuid": "2cb68f82-a99b-44fb-ae96-54d298438898", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:19/67\nFirst Submission:2025-09-10T21:12:34.000000+00:00\nLast Submission:2025-09-10T21:12:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533882", "uuid": "dd5af4ed-33d1-400a-96e3-5c3295161678", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533881", "to_ids": true, "type": "md5", "uuid": "9d634e78-3f43-4e7e-929c-c6fa9d17c642", "value": "6a572f343635e7a26445c72b55a4d9f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533882", "to_ids": true, "type": "sha1", "uuid": "67f6dc00-9857-48cb-b191-545af7db03a5", "value": "28b3856d307a13449fb13c99e582027f3f283555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533882", "to_ids": true, "type": "sha256", "uuid": "082f8af6-ad36-4eaa-8aca-d455753d66b4", "value": "30d97d420f2ffe75cc4fb1af0356537204f084a0e8eae9b9b26ee26b5f05cf4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434764", "to_ids": true, "type": "ssdeep", "uuid": "127f6766-0bd8-468a-bc9d-6e20cda01623", "value": "196608:7Nm7/uEW+jdVahJC4/4rS1k0Fh8JKqPI1rsozSeszgjFXl8CsSvowG20bqM5xI2/:7NmruEtwVWS1FnScfuIuJfwCbjo2/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434764", "to_ids": false, "type": "size-in-bytes", "uuid": "fe2a9418-59a5-4cab-9180-badfbed1e0dc", "value": "12617245" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434764", "to_ids": true, "type": "vhash", "uuid": "080bb26a-a92f-4365-ac42-7b38cb7adb06", "value": "bdc1b3c994d3a122169ca20af914f246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434764", "to_ids": true, "type": "filename", "uuid": "c20bbb2c-ca46-449b-8151-fe375a187241", "value": "17086_10303-1-3-3.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 20/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434764", "to_ids": false, "type": "text", "uuid": "f003b0d7-565b-4899-bd57-2ad5807405b9", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:9/68\nFirst Submission:2025-01-16T08:59:12.000000+00:00\nLast Submission:2026-01-23T11:29:07.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533885", "uuid": "ca0a4340-9f75-4f32-9ce9-1fd097aaeeb2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533884", "to_ids": true, "type": "md5", "uuid": "ee4b9d21-0490-4ff9-82ea-5d31e220927a", "value": "05f7edd9dab87a1d44cf5472647dea83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533884", "to_ids": true, "type": "sha1", "uuid": "2784c511-ebd1-4271-9646-fa86266c5582", "value": "6eb22c3c6063a27b47ab5e18ea398009d8b503c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533885", "to_ids": true, "type": "sha256", "uuid": "b90c0d42-1cf9-4693-b174-46d6c63d5318", "value": "838e7280d139e982224be1d2f67a85c59050d359a59d15a115ef01d4c1983515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434786", "to_ids": true, "type": "ssdeep", "uuid": "6994d8b4-3a1c-4657-b5b5-14132d1e5899", "value": "393216:QRbB5ShRoVziOBbYpd/xzTLDEDX4jyuxFKblVBkR5l:QJC8ziOScEm4FalVCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434786", "to_ids": false, "type": "size-in-bytes", "uuid": "6f44fa58-1afa-4d49-a0b5-e2a06c285c94", "value": "12995500" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434786", "to_ids": true, "type": "vhash", "uuid": "5edc45ab-4a5c-4ddd-a40c-bc6efb8a391b", "value": "b94e66032d3ee39b2382e1fbdbcc2344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434786", "to_ids": true, "type": "filename", "uuid": "cc7975b8-7f13-4b4a-87b4-0f804cd1edaa", "value": "05F7EDD9DAB87A1D44CF5472647DEA83.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 25/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434786", "to_ids": false, "type": "text", "uuid": "37abda07-475c-402f-bd3b-3177b23dc3df", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:11/68\nFirst Submission:2025-01-15T13:10:32.000000+00:00\nLast Submission:2025-11-10T06:13:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533887", "uuid": "4afeb425-94a4-4e53-a99e-725273174a48", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533886", "to_ids": true, "type": "md5", "uuid": "6fb6b910-a626-4519-8a5b-a0dbf2d3db54", "value": "49cfbd21c8f9a985ddea15c47bb267e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533887", "to_ids": true, "type": "sha1", "uuid": "b3158a3e-43fd-4814-a8f0-b0f9f6a6cfb3", "value": "2bab45078f0b1384c6f5afd8e341231c9555abce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533887", "to_ids": true, "type": "sha256", "uuid": "9aa4fce9-a9c1-4b3e-bcae-32e57a25433d", "value": "b5b0af1c1aca4326c3fbda711ffb5ab9827b476cd80da9f892dd6c3109d8d153", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434808", "to_ids": true, "type": "ssdeep", "uuid": "04ee381c-5b1d-49cf-a8d8-53a810823847", "value": "196608:J2kUDJuN6ucSUD2WNuv2iGZtyvzsYgmuadKMuj2SuFSPW0bqBk:NUNuN6r2Xv2iTSmZdKFjvSGvbt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434808", "to_ids": false, "type": "size-in-bytes", "uuid": "5aa1bcbd-e0ce-43c4-9630-097440c50d0b", "value": "12793432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434808", "to_ids": true, "type": "vhash", "uuid": "734cf1fb-98c5-41ea-bcf3-265cc8a87e43", "value": "375973c2b7f9d18cd5a96432adf97201" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434808", "to_ids": true, "type": "filename", "uuid": "548b4115-e099-4975-9b4a-3901177d2e15", "value": "49CFBD21C8F9A985DDEA15C47BB267E4.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 25/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434808", "to_ids": false, "type": "text", "uuid": "9ed6b302-0a49-4f9d-9934-41d99ce8dd57", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:11/68\nFirst Submission:2025-05-19T12:30:55.000000+00:00\nLast Submission:2025-11-10T07:55:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533890", "uuid": "7f6ad13d-c557-494f-aa82-5996613cadd7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533889", "to_ids": true, "type": "md5", "uuid": "f89e9026-a9ff-4193-aa5e-e358e0414824", "value": "f317a2c35a424f4bf7e3a177bd795487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533889", "to_ids": true, "type": "sha1", "uuid": "37fc35d3-b2b4-41a6-b4ff-849885a073da", "value": "901abf01c93399419258e8dfbced665045afab40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533890", "to_ids": true, "type": "sha256", "uuid": "d37605dc-7311-497a-b7da-0305c948d0cd", "value": "03ac99d62a5d72248358a14a75c51d3324a453f0342829ca0787349c4e2e95c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434893", "to_ids": true, "type": "ssdeep", "uuid": "8e7dc2c5-8412-4d06-a537-04bff7931209", "value": "24576:0QPHqw9B6HS3c9++m62AalTwgC7uka20DGDy02KH+e6Qij5wCZAQ1h8/z5UVCeOC:xPqMB6Ha2++m62D0gC7/6ypaf9h276CA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434893", "to_ids": false, "type": "size-in-bytes", "uuid": "4e3a903a-9b00-4913-895e-ab86c916617a", "value": "1533025" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434893", "to_ids": true, "type": "vhash", "uuid": "a6b2941c-679e-4276-8c80-7ad22aa5b129", "value": "fa5481d356d2a5ea41510eb042e7681f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434893", "to_ids": true, "type": "filename", "uuid": "96595fd2-e399-4ec4-bbb8-f5882f69e082", "value": "xxnfc.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 19/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434893", "to_ids": false, "type": "text", "uuid": "c19e3169-a627-43b8-808d-04ad85842f88", "value": "Type Description: Android\nMicrosoft: Trojan:Win32/Kepavll!rfn\nVT Total Detection:25/66\nFirst Submission:2025-05-19T12:30:58.000000+00:00\nLast Submission:2026-01-20T15:13:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533892", "uuid": "e16791af-65c5-4e93-8066-2b6e86b7fdf7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533892", "to_ids": true, "type": "md5", "uuid": "dde3d5d7-9eef-4433-ad9f-eff037909fd8", "value": "c9fdbd1ea154a47dac277764ee11c82f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533892", "to_ids": true, "type": "sha1", "uuid": "0197ab59-504a-4f9b-a782-87acacf1e451", "value": "f3976b1820af00a2026f05dc7cbc37cac93bd05d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533892", "to_ids": true, "type": "sha256", "uuid": "c10d08e5-75a0-4423-9645-17dfb0179bea", "value": "09254c38d521b61582dc4cc7889d8d14735f1f2a8128eef54e7e3bfa05309ea7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434915", "to_ids": true, "type": "ssdeep", "uuid": "aa4584bf-0bff-4dae-b29f-34ac811629cc", "value": "24576:u5joQkJBHwYc9nbjWbLAl2pgC7uY3sofDHkjWp4mPU3W3st95UVCe4pn:oUQ0BHv2nbjWbIUgC7D3nE6pwZf6Cjpn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434915", "to_ids": false, "type": "size-in-bytes", "uuid": "d020af1c-440f-4248-8fd6-fac4466d967a", "value": "1512545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434915", "to_ids": true, "type": "vhash", "uuid": "673d36a8-de2e-4a89-932a-05db1f75a843", "value": "fa5481d356d2a5ea41510eb042e7681f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434915", "to_ids": true, "type": "filename", "uuid": "76aa2262-3262-4d7f-8d54-4bd03b3b93f0", "value": "pos22.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434915", "to_ids": false, "type": "text", "uuid": "26a1dc4f-2d6a-4674-a2b9-f6dbbb020ab7", "value": "Type Description: Android\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:24/66\nFirst Submission:2025-05-19T12:31:03.000000+00:00\nLast Submission:2025-05-22T01:38:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533895", "uuid": "83c5a7b3-2a01-4aae-81da-99988faf42f1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533894", "to_ids": true, "type": "md5", "uuid": "41bfaf41-f6eb-441e-a39c-0a6d701fdf79", "value": "389ac47a928a625b0cea82fadc138b44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533894", "to_ids": true, "type": "sha1", "uuid": "4dd5cc01-fce4-4b13-9b50-2a1f24e0dcac", "value": "ec6c8e38606b23cce1da5ac1c3a73745630349d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533895", "to_ids": true, "type": "sha256", "uuid": "7caaa7aa-5a55-4505-a313-f8279adc7b61", "value": "18ff8b56cf4364065c1ea75fec4bb580903d4254059f6aeba0d229c1606fc2fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769434937", "to_ids": true, "type": "ssdeep", "uuid": "8a5ec64e-49f5-4385-875f-ba6dbe0310bd", "value": "98304:syhqRcQeU+Z4H1G5c3areFVn22JG4TZ0ZMRXLrqhWHmi3MfJ8xuW7Ubrz:VhuzeiVMibFV2gmoPHMB8xuWobrz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769434937", "to_ids": false, "type": "size-in-bytes", "uuid": "344289c5-f7bc-4a0e-8b66-d402fb6148ce", "value": "4261557" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769434937", "to_ids": true, "type": "vhash", "uuid": "fb6752ec-d276-456a-a509-47ad711332c5", "value": "7a8d49a1d286d6fa308711de077250ae" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769434937", "to_ids": true, "type": "filename", "uuid": "1978f517-e137-46b3-87f9-2c1b5156cbfe", "value": "VCard20240510.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769434937", "to_ids": false, "type": "text", "uuid": "fdcc4f6a-dcca-4678-b6f0-68d3167884a3", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:12/66\nFirst Submission:2024-05-24T01:37:06.000000+00:00\nLast Submission:2024-05-24T01:37:06.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533897", "uuid": "f8f426f6-1794-4782-8698-14d3ea563a8b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533897", "to_ids": true, "type": "md5", "uuid": "683498b8-8790-46d8-903d-733f01bb3e3c", "value": "80128a8e5e9e42db727848ef8d9c9024", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533897", "to_ids": true, "type": "sha1", "uuid": "d660b1ed-2cae-45db-91b5-bec82f1dc5e5", "value": "463231b0c2c63448f6ad736fee8dd4a4f58ec418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533897", "to_ids": true, "type": "sha256", "uuid": "f0bf62a6-c8e3-4e22-b4e9-5cf33f1733b4", "value": "34b67a2dca6152d93280e2c6487058d141f7383ed5edd12ff1d80330cc98fcf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435086", "to_ids": true, "type": "ssdeep", "uuid": "9b3cd156-478e-4671-98f9-edb36fef3786", "value": "98304:1HLJ9/lDmMCbqEnWp0YwNCElGFZfe3r8PYsZayww4voOHaWFZ0Mg:1N9xmMalI03NCSG/C8FZ1D4voO3G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435086", "to_ids": false, "type": "size-in-bytes", "uuid": "9a989430-c8b3-48ea-a37e-a627c8f4f31d", "value": "4822508" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435086", "to_ids": true, "type": "vhash", "uuid": "5e3fe9e9-a4cd-477d-b5fc-fdc181b40b2d", "value": "dc5f4ada6673b667c036eea52ab21c41" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435086", "to_ids": true, "type": "filename", "uuid": "2e068063-64a3-4ba6-a37a-6f7d5d4d1fe5", "value": "\u673a\u65b9 \u70b9\u51fb\u4e0b\u8f7d.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435086", "to_ids": false, "type": "text", "uuid": "e3d14ec7-0fd7-4e3c-969b-4ab4fcdd46ae", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:15/67\nFirst Submission:2024-08-22T16:07:03.000000+00:00\nLast Submission:2024-09-04T15:28:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533900", "uuid": "d36ca487-3249-4819-a0c9-37908289d6e1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533899", "to_ids": true, "type": "md5", "uuid": "69eee6f2-5f6b-40ae-ad37-400e54a770a6", "value": "4d4bde78de99e228dfd871e57f72c4b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533900", "to_ids": true, "type": "sha1", "uuid": "34f52e2e-70c2-444a-8793-5043babe6963", "value": "57311b3dc34dc47a39415aa5545a604fbf194e8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533900", "to_ids": true, "type": "sha256", "uuid": "0cfa7949-16ad-4fcc-8fd8-bfb61185c91c", "value": "0b2d7d83ae7724102713e632920a93d08b9257a20d18002ff332cd5febf59837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435108", "to_ids": true, "type": "ssdeep", "uuid": "15a1dc09-fa58-4f05-9c6c-9ef71aa37a99", "value": "98304:qlXL0w8Spzd0HkHBSYGO0iRst5Xr6PIXYzK9Oz9M6HCgpZ8:q+6xBSOMXr2c9G9M6N4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435108", "to_ids": false, "type": "size-in-bytes", "uuid": "69da3a1d-4a50-4758-90e3-f92511ed215b", "value": "4326824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435108", "to_ids": true, "type": "vhash", "uuid": "7b678d67-ed70-474e-b4db-f190d343bcee", "value": "2ac2f9b4b6291ecceb0fb04530d5191f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435108", "to_ids": true, "type": "filename", "uuid": "986ce551-7fae-47ef-955d-1b3475ee3945", "value": "4D4BDE78DE99E228DFD871E57F72C4B3.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435108", "to_ids": false, "type": "text", "uuid": "38aa50e8-2561-470b-a3ae-329039a7930f", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:20/67\nFirst Submission:2024-10-24T07:40:40.000000+00:00\nLast Submission:2025-11-10T06:13:12.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533903", "uuid": "ca28e8c2-39b7-4050-a4f6-93b83ffaa10e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533902", "to_ids": true, "type": "md5", "uuid": "0c77a50c-6f83-46f2-b547-36e38391ee2d", "value": "283b3a71d1bace45dce1cbed812cbd55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533902", "to_ids": true, "type": "sha1", "uuid": "965cf67f-932d-4627-ac41-f96734a148f2", "value": "1e6db48e61f31169c00cb74ab446f92134c6f2fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533903", "to_ids": true, "type": "sha256", "uuid": "d860ccd2-3e77-464a-984c-8aad8cbf29ad", "value": "c741047bebd677db945ddb204629fe12d8112dac52dfd8010057aab6314d42c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435385", "to_ids": true, "type": "ssdeep", "uuid": "f2be3892-de35-4c38-8811-68bab1fab3a5", "value": "98304:HDRbfFYd8YGRFcfBAwB7XOBb4XPN8cXDdsmADhHH2Vv3ZZ:BgSAB0gBhnADhHyv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435385", "to_ids": false, "type": "size-in-bytes", "uuid": "5270f985-3730-4d3c-a15d-cefadc89a018", "value": "4343208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435385", "to_ids": true, "type": "vhash", "uuid": "8189164f-f68b-41dc-80fe-9b7ac1fbc7b8", "value": "2ac2f9b4b6291ecceb0fb04530d5191f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435385", "to_ids": true, "type": "filename", "uuid": "d282230d-c3d6-48ff-b757-cf71b3498d4b", "value": "C741047BEBD677DB945DDB204629FE12D8112DAC52DFD8010057AAB6314D42C1.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435385", "to_ids": false, "type": "text", "uuid": "636161dc-12c3-4dfb-9317-979287fdf5bc", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:17/67\nFirst Submission:2024-12-17T12:14:05.000000+00:00\nLast Submission:2025-05-27T12:27:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533905", "uuid": "ac6f04c9-9aa6-4a99-966c-54644859e1fd", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533904", "to_ids": true, "type": "md5", "uuid": "84030c9b-da29-4ac3-b913-b2b8b4262048", "value": "b284adf3760bfcd792f5b1edcdc3f784", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533905", "to_ids": true, "type": "sha1", "uuid": "73980efa-c8ac-4420-ad27-0c4883da38f3", "value": "a3b062f967c989988b86d1af3019cb964e2b4b95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533905", "to_ids": true, "type": "sha256", "uuid": "34fa1cc2-7412-4ab6-8809-0e6ae9ae0ed2", "value": "710d1a6cfe6d428de8aaeab55674bb22bab0ad044cc70b132659490a79f198e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435408", "to_ids": true, "type": "ssdeep", "uuid": "fd8c1a62-db5f-4f66-9786-cb5e3a3a8cb8", "value": "98304:ADRbfFYdHYGRFcfIAwB7XOBb4QPN8cXDccBm2N37dHIhZZn:YgvfB0/B4cBm2N37dyT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435408", "to_ids": false, "type": "size-in-bytes", "uuid": "82989578-4ac2-4b20-b7ca-4d73d636510f", "value": "4330920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435408", "to_ids": true, "type": "vhash", "uuid": "bdd73160-11ba-4fcd-a806-91a4af7478f2", "value": "2ac2f9b4b6291ecceb0fb04530d5191f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435408", "to_ids": true, "type": "filename", "uuid": "61e14528-ffc5-4300-8de5-581bfe755a7d", "value": "a3b062f967c989988b86d1af3019cb964e2b4b95.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435408", "to_ids": false, "type": "text", "uuid": "ee186438-601f-4ced-9add-2f731f0683e0", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:18/67\nFirst Submission:2025-03-31T06:16:23.000000+00:00\nLast Submission:2025-03-31T06:16:23.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533908", "uuid": "6610d769-c7a1-4b44-a271-a630dbd13d0c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533907", "to_ids": true, "type": "md5", "uuid": "15411b68-2879-482b-93b0-65132c423926", "value": "bccb8dbce033d5db7c25411d852692cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533907", "to_ids": true, "type": "sha1", "uuid": "e63a1892-0950-45fd-bbd7-4d36dbb2f61f", "value": "befe9aa75cf43489f924875bdd181116e5f45693", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533908", "to_ids": true, "type": "sha256", "uuid": "b103ca02-c837-4a42-8373-16df72402933", "value": "138d417d48677c8ddb6b9371b7f792272c99f996a15e0b79bef8aacdb2ca1445", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435749", "to_ids": true, "type": "ssdeep", "uuid": "6a2dbcd0-7d2c-4451-905b-a04d1b98eaf1", "value": "98304:ylXL0t8Spzd0HkHiSYGO0iRst5XM6PIXYqwCO08aHV7x9XH+Z7lZA:y+hxiSOMXM26Ov07x9XeI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435749", "to_ids": false, "type": "size-in-bytes", "uuid": "23abb3b5-79ab-498b-932e-11323b7ef44a", "value": "4339112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435749", "to_ids": true, "type": "vhash", "uuid": "c6f22667-4d0a-41b2-982a-fa5adea171a1", "value": "2ac2f9b4b6291ecceb0fb04530d5191f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435749", "to_ids": true, "type": "filename", "uuid": "c25e1d1f-39f8-4d37-a097-55106bfd931b", "value": "\u5361\u65b9 \u70b9\u51fb\u4e0b\u8f7d.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435749", "to_ids": false, "type": "text", "uuid": "f4d4827c-499a-4296-abc7-dd99ff2fe741", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:13/67\nFirst Submission:2024-10-16T11:29:39.000000+00:00\nLast Submission:2024-11-11T11:39:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533910", "uuid": "d2d278c1-5789-465e-a538-17a9eceecdbc", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533909", "to_ids": true, "type": "md5", "uuid": "7fae6980-a444-433f-88e0-389d4c05880f", "value": "28029b63be994adf7c2b24de9a0010ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533910", "to_ids": true, "type": "sha1", "uuid": "5596ac4a-183a-476c-aaf2-03be30edd4e3", "value": "a7ef2f94f3cd1147dd771d5e3d2edb347f6fb724", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533910", "to_ids": true, "type": "sha256", "uuid": "a81ede82-61c7-4e25-81b9-dedac57c3daf", "value": "b31177a046ddaa4822e137c0c91a15cc250de285dcac534724cc61262397ebde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435834", "to_ids": true, "type": "ssdeep", "uuid": "52df2957-797a-458d-9336-00a9b525e485", "value": "49152:DoFPTyfTVNxcdkULbRjd2LoMgysSsH7avg2Af6Cj:sTsTVTjUZGsSsHuOZj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435834", "to_ids": false, "type": "size-in-bytes", "uuid": "66941134-3e54-4cb7-9089-91ea6940f0df", "value": "2140408" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435834", "to_ids": true, "type": "vhash", "uuid": "1eed080c-2e5e-4dce-9f39-5fb4cd57be1f", "value": "26caee9abe6af5ea831cfbc19731d7f0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435834", "to_ids": true, "type": "filename", "uuid": "f04f59e7-1ba4-402b-99a5-f3b00f6309f9", "value": "clob2cs.exe" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435834", "to_ids": false, "type": "text", "uuid": "b6d5951e-1ed0-496c-b681-ea7fb20c27a0", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:22/66\nFirst Submission:2026-01-09T06:08:58.000000+00:00\nLast Submission:2026-01-09T06:08:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533913", "uuid": "b328408e-56ca-4b41-9ddf-f4c4ec801586", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533912", "to_ids": true, "type": "md5", "uuid": "d0f9b717-7ba9-4ca8-8dc0-3f2ef78a88db", "value": "45adbdf187bb7d19088a5de8f43444a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533912", "to_ids": true, "type": "sha1", "uuid": "c8227feb-0f30-428e-b204-0233878b7165", "value": "73153312ca2d138e044079cf6257d67a85bf448d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533913", "to_ids": true, "type": "sha256", "uuid": "27a0507c-66d1-4b3c-9c4c-42a8545e453b", "value": "9a9494b0dd3819c7b23f77b9caafca9896e74252efeb24d253a053da5c6e9085", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435919", "to_ids": true, "type": "ssdeep", "uuid": "9a1e2c86-3801-4e4e-ba59-c083ae1ca720", "value": "24576:4j/3Osl2Hmbc9KaSaCI6l/5gC78MX3QFjMVEJO/L8YBgoKq2v5UVCeGTJF:G/Oo2HW2KaSaC7xgC71X3TOJc9hA6CZL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435919", "to_ids": false, "type": "size-in-bytes", "uuid": "73fb8d42-6e82-4dad-859b-c64eb74f4701", "value": "1512545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435919", "to_ids": true, "type": "vhash", "uuid": "fb87dc42-4d62-4fcc-9558-6405398aaeb7", "value": "fa5481d356d2a5ea41510eb042e7681f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435919", "to_ids": true, "type": "filename", "uuid": "b85add9a-6cd7-43a2-86cf-88b18a854d02", "value": "j43xp.exe" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435919", "to_ids": false, "type": "text", "uuid": "b869583b-3f7f-4a13-a3f5-f1c412332a14", "value": "Type Description: Android\nMicrosoft: Spyware:AndroidOS/Multiverze!rfn\nVT Total Detection:24/66\nFirst Submission:2025-09-08T15:26:05.000000+00:00\nLast Submission:2025-09-08T15:26:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533915", "uuid": "f54bb806-47cd-4f48-8cd4-e6c13d416a29", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533915", "to_ids": true, "type": "md5", "uuid": "ca8d8b2c-0c3f-422f-8a7c-575c047dbc54", "value": "472ed74ab3454f6571f4f9889f9d5b86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533915", "to_ids": true, "type": "sha1", "uuid": "1b44105c-7c73-4699-8fae-8d5f2d40c033", "value": "7194614dbd9fe0e438d2d24d55e5ad617c55e1df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533915", "to_ids": true, "type": "sha256", "uuid": "8e157a26-9bf3-426c-8a49-ee178d8c536c", "value": "37d37b96f62899c27c27b2abff9e7e9f0e74de27d963a896c45fb18de4575a7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769435942", "to_ids": true, "type": "ssdeep", "uuid": "0adf2f84-b698-46ba-a71c-99bebe74b642", "value": "49152:fK4Vj1Cntxhsz0f+Z5Ti5yLbc+JTxVf9GnH5zA2sItBjULzgC7C6Cbs:l5AntqJlPTxx4nHFVULGZA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769435942", "to_ids": false, "type": "size-in-bytes", "uuid": "1b0b7b92-0ef6-4701-aedc-53486096be93", "value": "2516570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769435942", "to_ids": true, "type": "vhash", "uuid": "cf6e932c-3dbc-4100-88bf-a1493ca6d39b", "value": "4bfbf6a3f0458d944e30fbb8370a43da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769435942", "to_ids": true, "type": "filename", "uuid": "95abb7c2-5398-4424-acbb-b55a9f837110", "value": "my4fucge.exe" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769435942", "to_ids": false, "type": "text", "uuid": "893152bf-8eef-4d7d-ac3d-3a1cd8381fd7", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:22/67\nFirst Submission:2026-01-11T06:50:52.000000+00:00\nLast Submission:2026-01-11T06:50:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533918", "uuid": "a8903977-1e4e-4f92-a9bf-2ae14969baf9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533917", "to_ids": true, "type": "md5", "uuid": "9179c7c3-9e42-467b-99b8-d253b28569c5", "value": "e1d3ccdf0caea2775f2602342b7fe7d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533918", "to_ids": true, "type": "sha1", "uuid": "d9cd6f4b-74ea-4a4f-b28e-205c9724f438", "value": "d463177dafb90b041b78b3a64d70f7a4a358056f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533918", "to_ids": true, "type": "sha256", "uuid": "2dadbd0d-e415-491d-a9b3-b67646815a53", "value": "2bbfc301c87ab123c0295bb4c07b977c2557e81ef79faf475efc859e30637475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769436219", "to_ids": true, "type": "ssdeep", "uuid": "e8984a41-4af6-4a88-a6d5-824a30c10dfc", "value": "196608:j4mNWdVs4inxjaAk9Oed6obaCgZ6YvjJVmYMoOTof9K720bqc5xQDp:j4mNyVmxjahOeLbZ6mYOfTbNwDp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769436219", "to_ids": false, "type": "size-in-bytes", "uuid": "d283b294-aac5-4ca4-aca3-1d4ecfb956ee", "value": "12629477" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769436219", "to_ids": true, "type": "vhash", "uuid": "b7e25ae5-4257-4a84-bf61-a3d021909416", "value": "bdc1b3c994d3a122169ca20af914f246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769436219", "to_ids": true, "type": "filename", "uuid": "6d8f68d3-fc50-4d22-8cf0-10d3f6700f9b", "value": "\u0639\u0633\u064a101.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 22/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769436219", "to_ids": false, "type": "text", "uuid": "74abc4bf-f5ba-4510-b77d-b475c8410194", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:9/67\nFirst Submission:2024-10-21T17:08:23.000000+00:00\nLast Submission:2026-01-15T04:01:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533920", "uuid": "9416b82c-ed3b-4437-a832-612bcb9fd154", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533920", "to_ids": true, "type": "md5", "uuid": "73120e6e-b855-4903-babd-b4f465bc86a6", "value": "6295e7bc410db98baa395d21b0bd56d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533920", "to_ids": true, "type": "sha1", "uuid": "f3a93147-db88-4dad-9e5f-1117ee23532c", "value": "fcdbc34de1bdb4b22ff279033fb06c3b5e1b0bdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533920", "to_ids": true, "type": "sha256", "uuid": "c7c291e0-f510-4d6c-85bd-89b90f1ee3f8", "value": "eddb450375a4c2de5215f92bee50aa5f132051f19c8dd265ac10dda20118a8dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769436304", "to_ids": true, "type": "ssdeep", "uuid": "581cfeb3-7737-4ade-bf63-85133259f7fa", "value": "196608:qi8gJd1B5WWC0bqwev31sICecKCssN8YwX5cJ7p5fBZWYM+WGPnY:qKJvT3rbb4WICr6K8qLfBZWYMmnY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769436304", "to_ids": false, "type": "size-in-bytes", "uuid": "0791c9c1-6950-4d07-939e-6950162498c5", "value": "10737087" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769436304", "to_ids": true, "type": "vhash", "uuid": "2a23960b-d93f-4c3a-9694-f8de4b593546", "value": "35d230a204d2a8126dfdd71737a5eda9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769436304", "to_ids": true, "type": "filename", "uuid": "178f02e8-4ba9-43c6-8c53-c9bd075e2bee", "value": "ahtzlweo.exe" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769436304", "to_ids": false, "type": "text", "uuid": "b69c09b7-89fc-4269-92c8-ed10bc1f5fff", "value": "Type Description: Android\nMicrosoft: PUA:AndroidOS/Maltiverza\nVT Total Detection:20/65\nFirst Submission:2026-01-09T08:49:05.000000+00:00\nLast Submission:2026-01-09T08:49:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1779533923", "uuid": "d345125d-b963-40b2-babc-3981b2f85855", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1779533922", "to_ids": true, "type": "md5", "uuid": "8caa36ba-3878-45db-83b6-c5e7bb0939ea", "value": "db877081bec683fd1d624aadbf50e660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1779533923", "to_ids": true, "type": "sha1", "uuid": "938c06c7-c802-45fb-bfb0-783fa67ca5eb", "value": "7c72d9a9065e448b0511975dd583d13ed179e43c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1779533923", "to_ids": true, "type": "sha256", "uuid": "787feafd-d3a0-4352-be1e-35db8087f367", "value": "282712a57768b1bc4cea5764e0b045546f281a4da0fd58d346f09499f892ba7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1769436326", "to_ids": true, "type": "ssdeep", "uuid": "6fbc1560-6ecd-4fd6-a42e-d0fe2fb1343e", "value": "196608:t8F0bq8KJd1B5WFSvU7pGokKG2Y2EOPETgpP:tRbAJvT4SOB1e2NPNP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1769436326", "to_ids": false, "type": "size-in-bytes", "uuid": "6a89c8fa-f9b3-4590-af0c-cde8ed9bd344", "value": "10597823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1769436326", "to_ids": true, "type": "vhash", "uuid": "e4c49766-3540-41c3-8689-ee2207096187", "value": "728de346cc57269fd59b269d56787891" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1769436326", "to_ids": true, "type": "filename", "uuid": "9a12addf-2082-4f24-baea-2c2c0086f56e", "value": "base.apk" }, { "category": "Other", "comment": "Checked: 26/01/2026\nLast-scan\t: 18/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1769436326", "to_ids": false, "type": "text", "uuid": "3beb0992-60cc-475d-8a12-23f70146941e", "value": "Type Description: Android\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:14/66\nFirst Submission:2025-09-25T15:40:45.000000+00:00\nLast Submission:2025-11-04T21:10:38.000000+00:00" } ] } ] } }