{ "Event": { "analysis": "1", "date": "2025-02-27", "extends_uuid": "", "info": "[Threat Intel] Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally", "protected": false, "publish_timestamp": "1780040377", "published": true, "threat_level_id": "3", "timestamp": "1780040376", "uuid": "2e6942b8-b695-4934-87b9-dcb18811d13c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#37f8da", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Shared Modules - T1129\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#9f6bd9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#bf6f24", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Dynamic Resolution - T1568\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": "" }, { "colour": "#cc5e96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#d82db7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"", "relationship_type": "" }, { "colour": "#07a4a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"", "relationship_type": "" }, { "colour": "#3c0f50", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Packing - T1027.002\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#2afb09", "local": false, "name": "misp-galaxy:target-information=\"Argentina\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#c385b5", "local": false, "name": "misp-galaxy:target-information=\"Morocco\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#4929fe", "local": false, "name": "misp-galaxy:target-information=\"Iraq\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": "" }, { "colour": "#098efb", "local": false, "name": "misp-galaxy:target-information=\"British Indian Ocean Territory\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1741492723", "to_ids": false, "type": "link", "uuid": "ff6af724-de92-4c00-8de3-6b5dc3fb63f0", "value": "https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1740999087", "to_ids": false, "type": "text", "uuid": "41e67b42-7327-43c7-a7ed-31763463d50c", "value": "The Vo1d botnet has infected 1.6 million Android TV devices across 200+ countries, posing a significant cybersecurity threat. This new variant demonstrates enhanced stealth and resilience, utilizing RSA encryption, DGA-based infrastructure, and a modified XXTEA algorithm. The botnet's scale and capabilities surpass previous major attacks, potentially enabling devastating DDoS attacks or unauthorized content broadcasting. Analysis reveals a sophisticated multi-component system including downloaders, backdoors, and modular malware for proxy services and ad fraud. The botnet's rapid growth and evasion techniques highlight the urgent need for improved security measures in smart TV devices and set-top boxes." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1740999087", "to_ids": false, "type": "text", "uuid": "00c1dcd1-4dc5-4764-82b0-d3df97fff8f7", "value": "Name: Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally\nAuthor: AlienVault\nAdversary: Vo1d\nTags: [\"vo1d\", \"proxy network\", \"botnet\", \"android tv\", \"set-top box\"]\nTgtd countries: [\"Brazil\", \"South Africa\", \"Indonesia\", \"Argentina\", \"Thailand\", \"China\", \"Morocco\", \"Philippines\", \"Germany\", \"Malaysia\", \"Pakistan\", \"Iraq\", \"Mexico\", \"Russian Federation\", \"Ecuador\", \"British Indian Ocean Territory\", \"India\", \"United States of America\"]\nMlwr families: [\"Vo1d\", \"Mzmess\", \"BigPanzi\"]\nAttack_ids: [\"T1129\", \"T1082\", \"T1071\", \"T1140\", \"T1036\", \"T1055\", \"T1112\", \"T1016\", \"T1059\", \"T1568\", \"T1036.004\", \"T1102\", \"T1608\", \"T1001\", \"T1027\", \"T1573\", \"T1012\", \"T1132\", \"T1027.002\", \"T1105\"]\nIndustries: [\"Media\", \"Telecommunications\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1740999087", "to_ids": false, "type": "threat-actor", "uuid": "58cd429a-57fe-4998-9814-c9bdd15981b8", "value": "Vo1d" }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818610", "to_ids": true, "type": "domain", "uuid": "fa047212-7f4a-4801-9ae7-1c600134e672", "value": "ssl8rrs2.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818633", "to_ids": true, "type": "domain", "uuid": "e1088ae3-69fa-45e9-a316-82e1a478c8c8", "value": "ttekf42.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818655", "to_ids": true, "type": "domain", "uuid": "6f50802d-454b-4e57-85c0-34ed02b9a052", "value": "ttss442.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818677", "to_ids": true, "type": "domain", "uuid": "41a29f4c-8c61-4167-879b-0976f235321d", "value": "works883.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818699", "to_ids": true, "type": "domain", "uuid": "b63a689b-5b74-43b7-b56b-8925f2a84b4e", "value": "csskkjw.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818721", "to_ids": true, "type": "domain", "uuid": "5d72bf47-fd02-4009-8491-80ff7c946759", "value": "catmore23.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818743", "to_ids": true, "type": "domain", "uuid": "7eb6108c-b7f1-40ad-ae77-2e0b371c13cf", "value": "synntre.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818765", "to_ids": true, "type": "domain", "uuid": "c04c0809-0779-413e-a377-be155adf1044", "value": "csok997.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818787", "to_ids": true, "type": "domain", "uuid": "2cd75618-c194-42f4-af24-c0622dfdcd34", "value": "conannt.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818809", "to_ids": true, "type": "domain", "uuid": "747b1f9f-9326-44f6-b03c-f13d0d55bcfc", "value": "qocoll.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818831", "to_ids": true, "type": "domain", "uuid": "c45490dd-040f-4ba1-bdcc-5625bdda935f", "value": "haveits.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818853", "to_ids": true, "type": "domain", "uuid": "c4038681-030a-470b-b1c3-70bb16159c79", "value": "remoredo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d C2", "deleted": false, "disable_correlation": false, "timestamp": "1741818876", "to_ids": true, "type": "domain", "uuid": "4ff34b9e-ec1d-49cc-9f55-6edec25c7e74", "value": "catmos99.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1741818898", "to_ids": true, "type": "domain", "uuid": "8b09fdb0-7cb5-44a7-8942-609686a35d01", "value": "ssl87362.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1741818920", "to_ids": true, "type": "domain", "uuid": "240dc49d-0c42-4196-b0e9-1eac4f5ed91b", "value": "wowokeys.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1780040337", "to_ids": true, "type": "ip-dst", "uuid": "fbb62149-56a2-4e6b-a582-2d6de8bbf52a", "value": "38.46.218.36", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e23f80", "local": false, "name": "asn:asn=\"26042\"", "relationship_type": "" }, { "colour": "#1d96b7", "local": false, "name": "asn:as-owner=\"FIBERSTATE\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1780040338", "to_ids": true, "type": "ip-dst", "uuid": "280e6193-6f32-49da-b95c-0c801cea46a3", "value": "38.46.218.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e23f80", "local": false, "name": "asn:asn=\"26042\"", "relationship_type": "" }, { "colour": "#1d96b7", "local": false, "name": "asn:as-owner=\"FIBERSTATE\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1780040340", "to_ids": true, "type": "ip-dst", "uuid": "3589b462-4452-4535-84f1-57d8fd99e8d1", "value": "38.46.218.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e23f80", "local": false, "name": "asn:asn=\"26042\"", "relationship_type": "" }, { "colour": "#1d96b7", "local": false, "name": "asn:as-owner=\"FIBERSTATE\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Downloader", "deleted": false, "disable_correlation": false, "timestamp": "1780040342", "to_ids": true, "type": "ip-dst", "uuid": "a4dbe361-c8c0-4a12-9e05-bff1c1129a01", "value": "38.46.218.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e23f80", "local": false, "name": "asn:asn=\"26042\"", "relationship_type": "" }, { "colour": "#1d96b7", "local": false, "name": "asn:as-owner=\"FIBERSTATE\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Reporter", "deleted": false, "disable_correlation": false, "timestamp": "1741819029", "to_ids": true, "type": "domain", "uuid": "6875f4ad-b33f-4a00-8310-ce6757fa57d3", "value": "works883.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Vo1d Reporter", "deleted": false, "disable_correlation": false, "timestamp": "1741819051", "to_ids": true, "type": "domain", "uuid": "4bdaee40-c3d8-483b-9d38-f88b79778a08", "value": "catmore88.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816672", "to_ids": true, "type": "md5", "uuid": "8e2ed3c6-6d20-4e26-803c-aa5cd8c4dcca", "value": "01a692df9deb5e8db620e4fb7e687836", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816693", "to_ids": true, "type": "md5", "uuid": "24402a89-6081-4b41-8875-44c71025ad03", "value": "de8f69efdb29cdf5fd12dd7b74584696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816715", "to_ids": true, "type": "md5", "uuid": "9a3d46d2-121d-415b-bde8-29fd64a3ed49", "value": "456e14aa644bd31d85e0fe6f78d8fc15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816736", "to_ids": true, "type": "md5", "uuid": "30a4b6b5-c27f-44e8-887e-afa82303c91c", "value": "30da72fda6d0f5e3972272332d7fc47b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816757", "to_ids": true, "type": "md5", "uuid": "aad48c7b-16ea-41d6-b582-cb825cdf7bb0", "value": "fc7dc3c5306d6a508023160953168a16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816778", "to_ids": true, "type": "md5", "uuid": "a5239e63-35fd-4d9c-a931-3f2e9c996747", "value": "53493b07fe423b1dbdc789803cbac7c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816821", "to_ids": true, "type": "md5", "uuid": "a2bbfd45-3c69-4beb-bb6b-a78141853bfa", "value": "9e116f9ad2ff072f02aa2ebd671582a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816843", "to_ids": true, "type": "md5", "uuid": "f03ae49d-6a1d-4086-9a78-c6d0914dcf60", "value": "b447aaf52c1efad388612f8220969c35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816864", "to_ids": true, "type": "md5", "uuid": "15629aa9-fd4d-47fa-b37b-71ebcc94eafc", "value": "6bb3258b688f81dfd03128bccf18823b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816885", "to_ids": true, "type": "md5", "uuid": "0b87d19e-ec9c-45c3-bea2-48b62b06b83c", "value": "0c454831bdb679bdd083c5a7cc785733", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816907", "to_ids": true, "type": "md5", "uuid": "7784643f-1ae1-4007-ab5b-e0f6c4bbd258", "value": "bb6b9aec7d4bfa524c7c5117257e4d78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816929", "to_ids": true, "type": "md5", "uuid": "8ab73419-4fb4-4a93-a0af-e3f3de9bea0b", "value": "6168dafc5a1d297cf33b26b65db315cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816950", "to_ids": true, "type": "md5", "uuid": "643a130b-d8e8-42e3-b26b-30b279c90856", "value": "4f4d5e37feda9e9556c816c100e1de30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816971", "to_ids": true, "type": "md5", "uuid": "9e5a867f-75de-4c44-a2c3-c5961f50c343", "value": "d9126d936d505b9fa9a8278fda1daaae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741816992", "to_ids": true, "type": "md5", "uuid": "2de0afd9-6ce2-449c-8f90-3c3fc2410130", "value": "5701ee051f80e92c1efc5ad32f8401d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741817013", "to_ids": true, "type": "md5", "uuid": "d9b746cf-817d-4d9a-baab-e3b1b2955114", "value": "a07533a9504fff0756a8ba59ca0af4d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741817035", "to_ids": true, "type": "md5", "uuid": "4a2b2fb2-9469-48af-ac4d-5c7a1e3b86aa", "value": "47c5bf4fbce983c2182ba103d2773dff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - with 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741817056", "to_ids": true, "type": "md5", "uuid": "d8acca7c-fb88-48f1-ab66-b73814ce59c0", "value": "4efa4566794d86e033c2362cad05f1f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - without 5 bytes size&cmd No sample in VT\r\nLast check:13/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741817099", "to_ids": true, "type": "md5", "uuid": "7ac35722-b486-48c8-b9dc-17da5995cec4", "value": "a774eb68f60621bfddd8db461d978c12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mzmess C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819074", "to_ids": true, "type": "hostname", "uuid": "b9534f44-bbce-4477-b982-9393f7b7a222", "value": "dcsdk.100ulife.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mzmess C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819095", "to_ids": true, "type": "hostname", "uuid": "57f12cf0-75f2-4042-8472-733168b847df", "value": "dcsdkos.dc16888888.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Mzmess C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040344", "to_ids": true, "type": "ip-dst", "uuid": "cad62700-516a-410b-90d4-f1447be8679d", "value": "8.219.89.234", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#836891", "local": false, "name": "asn:asn=\"45102\"", "relationship_type": "" }, { "colour": "#692b04", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Alibaba US Technology Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819140", "to_ids": true, "type": "domain", "uuid": "05382e0e-412c-411d-9beb-90ab821ce040", "value": "gmslb.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819162", "to_ids": true, "type": "domain", "uuid": "05a01f75-f487-4bed-834f-aed8e2b28143", "value": "phonemesh.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819184", "to_ids": true, "type": "domain", "uuid": "04abeacc-e355-4d73-89b5-3980705aed50", "value": "linkmob.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819206", "to_ids": true, "type": "domain", "uuid": "9c8bd069-cbda-4a23-8e2b-ea8739175003", "value": "peercon.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819228", "to_ids": true, "type": "domain", "uuid": "f7aff189-b422-41b2-8e29-b39c1d445a77", "value": "phonegrid.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819250", "to_ids": true, "type": "domain", "uuid": "1236c841-2600-4f62-8893-54dd79dc7f5c", "value": "safernetwork.io", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819272", "to_ids": true, "type": "domain", "uuid": "88ecfa5f-a11d-432e-a7b6-efbc7b3b67ff", "value": "lbk-sol.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819294", "to_ids": true, "type": "domain", "uuid": "4dcc7d4d-3f64-4fe5-a45e-481e2f793669", "value": "sklstech.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "popa C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819316", "to_ids": true, "type": "domain", "uuid": "83044498-b8ff-48d1-96e0-8875243c598b", "value": "kyc-holdings.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819339", "to_ids": true, "type": "hostname", "uuid": "e20fa056-b9da-4af2-90c2-8abd2637bccf", "value": "jaguar-distributor.syslogcollector.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040345", "to_ids": true, "type": "ip-dst", "uuid": "21808bac-f9f3-435c-82bf-a5df8de02a95", "value": "38.61.8.14", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040347", "to_ids": true, "type": "ip-dst", "uuid": "c547adf0-3c55-4d7e-91bb-b7b4b02a276b", "value": "38.61.8.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040349", "to_ids": true, "type": "ip-dst", "uuid": "e3eeb4bc-89cf-4e5d-893e-639b6ebfe16e", "value": "69.28.62.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040350", "to_ids": true, "type": "ip-dst", "uuid": "085e5529-e960-42fe-8b61-ba1d841efdff", "value": "69.28.62.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040352", "to_ids": true, "type": "ip-dst", "uuid": "af42b5ec-ed87-452e-9284-4a4af2dd7624", "value": "156.236.118.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#eededb", "local": false, "name": "asn:asn=\"137443\"", "relationship_type": "" }, { "colour": "#a9aa0b", "local": false, "name": "asn:as-owner=\"CHANGLIAN-AS-AP ChangLian Network Technology Co., Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040354", "to_ids": true, "type": "ip-dst", "uuid": "c8f42a84-b876-4feb-8fbe-83e1d183e6dc", "value": "69.28.62.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040355", "to_ids": true, "type": "ip-dst", "uuid": "8c8b1006-499e-498b-8a60-74ead8cb50b4", "value": "38.61.8.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040357", "to_ids": true, "type": "ip-dst", "uuid": "aed4ae22-1325-43a4-9bcd-228a14bb843e", "value": "38.61.8.13", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040359", "to_ids": true, "type": "ip-dst", "uuid": "4ee23d4a-49bb-41bd-b1c6-312e57ffdb95", "value": "69.28.62.38", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040360", "to_ids": true, "type": "ip-dst", "uuid": "668b4e8d-4dd8-40a7-86e2-f642a927f5a1", "value": "156.236.118.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#eededb", "local": false, "name": "asn:asn=\"137443\"", "relationship_type": "" }, { "colour": "#a9aa0b", "local": false, "name": "asn:as-owner=\"CHANGLIAN-AS-AP ChangLian Network Technology Co., Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040362", "to_ids": true, "type": "ip-dst", "uuid": "e4c71208-776f-493b-8c4a-0371a254dc27", "value": "69.28.62.60", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040363", "to_ids": true, "type": "ip-dst", "uuid": "b98c958d-c5a4-45db-b1ca-033d1758c03e", "value": "38.61.8.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040365", "to_ids": true, "type": "ip-dst", "uuid": "bbe93c8c-7d1c-49c1-a23e-8345ef389b96", "value": "69.28.62.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040366", "to_ids": true, "type": "ip-dst", "uuid": "3431599c-12af-4779-b8c1-3265095b4424", "value": "69.28.62.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040368", "to_ids": true, "type": "ip-dst", "uuid": "d2223b02-3004-4f70-b0ba-22d863006c5d", "value": "38.61.8.12", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040370", "to_ids": true, "type": "ip-dst", "uuid": "80a2b401-5fb3-4d5c-9f2b-02a3a08eef41", "value": "128.1.71.243", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040371", "to_ids": true, "type": "ip-dst", "uuid": "ff97f3bb-e96e-41b4-aff4-a5d6e6693b99", "value": "69.28.62.48", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040373", "to_ids": true, "type": "ip-dst", "uuid": "71121691-4397-48ec-a130-55ff4484bc2a", "value": "69.28.62.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040375", "to_ids": true, "type": "ip-dst", "uuid": "87c4aa30-32df-4406-b752-c3e4ba2ecc00", "value": "69.28.62.42", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "jaguar C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040376", "to_ids": true, "type": "ip-dst", "uuid": "65db8734-f632-4ffa-a364-71940f5d6ee0", "value": "69.28.62.61", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#cf05b0", "local": false, "name": "asn:asn=\"21859\"", "relationship_type": "" }, { "colour": "#5e9494", "local": false, "name": "asn:as-owner=\"ZEN-ECN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "lxhwdg C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819803", "to_ids": true, "type": "hostname", "uuid": "88de1530-d39d-468a-8af7-c6ff85c8789d", "value": "g.sxim.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "lxhwdg C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819825", "to_ids": true, "type": "hostname", "uuid": "49e34530-003c-467e-847c-cf287c11a2eb", "value": "reg.sxim.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "lxhwdg C2", "deleted": false, "disable_correlation": false, "timestamp": "1741819847", "to_ids": true, "type": "hostname", "uuid": "8b5735d8-1d27-4692-9281-b05f6c99e2a1", "value": "ref.sxim.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819869", "to_ids": true, "type": "hostname", "uuid": "9dc45fc7-3196-473b-a21f-aaabd1a6c4c4", "value": "task.mymoyu.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819891", "to_ids": true, "type": "hostname", "uuid": "a2ebffcf-998c-4d0e-aa52-a20c5909531f", "value": "task.moyu88.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819914", "to_ids": true, "type": "hostname", "uuid": "cf14681f-e984-424c-9240-4a2d359f6d0f", "value": "task1.ziyemy.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819936", "to_ids": true, "type": "hostname", "uuid": "54d318f3-4c40-4b67-a0c1-556d99874a1c", "value": "task2.ziyemy.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819958", "to_ids": true, "type": "hostname", "uuid": "1c4c630d-6020-4927-887a-726fd4f498e6", "value": "adstat.moyu88.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741819980", "to_ids": true, "type": "hostname", "uuid": "6c464dc0-7465-4684-af1a-7e8bc3fe13d5", "value": "adstat.ziyemy.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741820003", "to_ids": true, "type": "hostname", "uuid": "02607aed-4cde-4a6a-a0dd-d9b9e8d0de17", "value": "adstat.ad3g.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741820024", "to_ids": true, "type": "hostname", "uuid": "e63887a1-301a-456b-87f1-772a25c4d90d", "value": "adstat2.ziyemy.shop", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741820047", "to_ids": true, "type": "hostname", "uuid": "a5159a04-4535-4d64-9fc0-10c052618c4f", "value": "update.ad3g.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "spirit", "deleted": false, "disable_correlation": false, "timestamp": "1741820069", "to_ids": true, "type": "domain", "uuid": "2ad9ae7d-d02b-4ac3-b1a4-5f43197d8b96", "value": "spiritlib.cyou", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741820091", "uuid": "3e126215-686f-4add-af0d-38c8393d9e58", "Attribute": [ { "category": "Payload delivery", "comment": "Vo1d Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741820091", "to_ids": true, "type": "md5", "uuid": "5bdcab79-252d-4d7f-bc9b-df871e0f7455", "value": "2d6d91c5988dcab2eb4dab1ec55cfbb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741816780", "to_ids": true, "type": "sha1", "uuid": "eff76917-552d-4f75-9bc7-67f4c6661bf1", "value": "a949db3ba7b164a13427975fc628f4cbc2f77b05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741816780", "to_ids": true, "type": "sha256", "uuid": "cdd7c5b6-dd37-4622-9a5f-3dc19431264a", "value": "d9c8de989c758f746e2b40ae507b3d160dcd6749dcec99f7045461c691d41bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741816779", "to_ids": true, "type": "ssdeep", "uuid": "e9c4b3d2-8a10-4561-85e7-b5f86d485d9f", "value": "384:2DbB2QOOpVub9644umxrQqzJIUA4c9Z3KrM:2PpUb0uTtU5GZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741816779", "to_ids": false, "type": "size-in-bytes", "uuid": "b9cf632c-c2a0-4c59-91a3-ce20b5ce8462", "value": "17204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741816779", "to_ids": true, "type": "vhash", "uuid": "a8a7a6d8-d8fb-452c-b38b-ec199a157755", "value": "97013a3b58def109fa3e499f57defc57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741816779", "to_ids": true, "type": "filename", "uuid": "04dd9a7a-68f3-4920-9bb9-00f3d523d4cb", "value": "jtxx" }, { "category": "Other", "comment": "Checked: 13/03/2025\nLast-scan\t: 07/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741816779", "to_ids": false, "type": "text", "uuid": "bec42879-caa9-4ce4-a582-dc82d367d9a8", "value": "Vo1d Sample\r\nType Description: ELF\n\nMicrosoft: None\nVT Total Detection:5/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741820113", "uuid": "158e24e7-bcc4-42ac-8d3d-a9020d664a52", "Attribute": [ { "category": "Payload delivery", "comment": "Vo1d Payload - without 5 bytes size&cmd", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741820113", "to_ids": true, "type": "md5", "uuid": "3e7980a0-c2c5-4ab0-8695-7b096c280194", "value": "2de1775908db39f3c4edbb7a7d99268d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - without 5 bytes size&cmd", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741817057", "to_ids": true, "type": "sha1", "uuid": "357274fa-e7ae-4101-aee6-cbd550f8970f", "value": "0837d77b6a635755b26fedc6bb19adee36fdcc60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Vo1d Payload - without 5 bytes size&cmd", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741817057", "to_ids": true, "type": "sha256", "uuid": "e3ff7a0e-fcd9-476a-acfb-b0e758502ac0", "value": "d70f4b94e242b809a1e1a53c6e39b3d986455a205c3e9a2170210a68c75a22a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741817056", "to_ids": true, "type": "ssdeep", "uuid": "8c0c29bc-631c-4c78-979e-6be92b82f469", "value": "3072:o6tS408/IwO/y3VFeuf+fcbzmH6HXSKOtOmrFg5zBSqM72dfoYJJjRx2+h3V:oC7/YMFeuScXma3T8Om+pQqM72dflJjt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741817056", "to_ids": false, "type": "size-in-bytes", "uuid": "13f84a94-e222-42d8-92c0-e5fff97bb650", "value": "159008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741817056", "to_ids": true, "type": "filename", "uuid": "175fcd04-cffb-4e9a-a956-ca7b8dfed114", "value": "b7027626" }, { "category": "Other", "comment": "Checked: 13/03/2025\nLast-scan\t: 05/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741817056", "to_ids": false, "type": "text", "uuid": "ef66cd08-86e7-4261-bf81-0d7678674910", "value": "Vo1d Payload - without 5 bytes size&cmd\r\nType Description: unknown\n\nMicrosoft: None\nVT Total Detection:2/61" } ] } ] } }