{ "Event": { "analysis": "2", "date": "2015-04-15", "extends_uuid": "", "info": "[Threat Intel] The Chronicles of the Hellsing APT: the Empire Strikes Back", "protected": false, "publish_timestamp": "1780039796", "published": true, "threat_level_id": "1", "timestamp": "1780039795", "uuid": "34fadfbd-2659-4bf5-8e4f-10f0a08de7d5", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Hellsing\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Diplomacy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740357186", "to_ids": false, "type": "link", "uuid": "4f28a7ce-b431-425a-a15f-b440efdc8a6f", "value": "https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388522", "to_ids": true, "type": "md5", "uuid": "8597848e-cd14-4a7a-b881-17d9b5d3e356", "value": "015915bbfcda1b2b884db87262970a11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388543", "to_ids": true, "type": "md5", "uuid": "cced0f31-afa5-441f-8f50-780621420fa3", "value": "036e021e1b7f61cddfd294f791de7ea2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388563", "to_ids": true, "type": "md5", "uuid": "11520d74-e0f9-4837-86b7-64fed73c1892", "value": "04090aca47f5360b84f6a55033544863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388606", "to_ids": true, "type": "md5", "uuid": "f302a9b0-1224-4bff-aab7-e962475e2a9c", "value": "085faac21114c844529e11422ef684d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388627", "to_ids": true, "type": "md5", "uuid": "f0b66a25-1217-47de-9ea7-3efe0a8c38ba", "value": "0ba116aa1704a415812552a815fcd34b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388648", "to_ids": true, "type": "md5", "uuid": "470894fb-b263-4c10-9e85-cec3aaeb0e0d", "value": "0cbefd8cd4b9a36c791d926f84f10b7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388669", "to_ids": true, "type": "md5", "uuid": "f013633b-eec8-4c78-a68d-45e54b0769fe", "value": "0cc5918d426cd836c52207a8332296bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388690", "to_ids": true, "type": "md5", "uuid": "b46ce5da-5513-4671-8b19-063e2a47608c", "value": "0dfcbb858bd2d5fb1d33cd69dcd844ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388710", "to_ids": true, "type": "md5", "uuid": "38eec271-b4ef-462c-987f-d758ace31ef4", "value": "0f13deac7d2c1a971f98c9365b071db9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388731", "to_ids": true, "type": "md5", "uuid": "c3f15ca9-da01-45dd-ab88-fc8340f537ac", "value": "0ffe80af4461c68d6571bede9527cf74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388752", "to_ids": true, "type": "md5", "uuid": "844593e7-1798-469b-b050-3eb95599f1a8", "value": "13ef0dfe608440ee60449e4300ae9324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388773", "to_ids": true, "type": "md5", "uuid": "88d0ad5f-3230-4543-84be-0561cb729ee1", "value": "14309b52f5a3df8cb0eb5b6dae9ce4da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388794", "to_ids": true, "type": "md5", "uuid": "7f689d02-dc07-44d8-9505-8816a6ba5954", "value": "17ef094043761a917ba129280618c1d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388815", "to_ids": true, "type": "md5", "uuid": "f6f07fad-9781-4c2f-8a15-5cfa6649b795", "value": "2682a1246199a18967c98cb32191230c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388836", "to_ids": true, "type": "md5", "uuid": "3932b489-bd5c-491b-9a85-db963dba7933", "value": "2cce768dc3717e86c5d626ed7ce2e0b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388857", "to_ids": true, "type": "md5", "uuid": "aa5e0b0d-a23f-4488-9324-b52d6c93e4cb", "value": "3032f4c7a6e4e807dd7b012fa4b43718", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388942", "to_ids": true, "type": "md5", "uuid": "2b2cf9cb-c7de-42ad-8757-0d30f470a05a", "value": "4dbfd37fd851daebdae7f009adec3cbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388962", "to_ids": true, "type": "md5", "uuid": "7dd4bbc2-723f-4270-b3fe-4f5b24409c17", "value": "4f19d5d2c04b6fc05e56c6a48fd9cb50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741388983", "to_ids": true, "type": "md5", "uuid": "43b3b7dd-0543-4fe2-9b68-9595a7c7643f", "value": "58670063ec00caf0d2d17f9d52f0ac95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389004", "to_ids": true, "type": "md5", "uuid": "e50c9faf-0a60-40f1-9028-97d9a8d156da", "value": "588f41b1f34b29529bc117346355113f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389025", "to_ids": true, "type": "md5", "uuid": "579a6b02-7261-44c6-a486-a0ffcb7af864", "value": "5dec2e81037b2d72320516e86a2bcfbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389046", "to_ids": true, "type": "md5", "uuid": "e857f1a2-9698-4922-8669-ec5ec47802cd", "value": "5f776a0de913173e878844d023a98f1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389067", "to_ids": true, "type": "md5", "uuid": "690a43a3-220e-4462-82a4-b549e1da02b0", "value": "5fc86559ae66dd223265540fd5dfaf3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389088", "to_ids": true, "type": "md5", "uuid": "23314285-f7db-4c07-a400-f0609985d375", "value": "621e4c293313e8638fb8f725c0ae9d0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389109", "to_ids": true, "type": "md5", "uuid": "fcbf1086-0787-4e9c-a2cc-1b8002a2545a", "value": "67e032085dc756bb7123dfe942e5dca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389130", "to_ids": true, "type": "md5", "uuid": "18872bbf-42fe-4845-ae0b-9e1408b8b2e7", "value": "73396bacd33cde4c8cb699bcf11d9f56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389172", "to_ids": true, "type": "md5", "uuid": "17746786-0dfc-4bee-ab8e-76feaa156ec8", "value": "8befabb08750548d7ba64717d92b71e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389193", "to_ids": true, "type": "md5", "uuid": "56733bdf-d540-4125-b17e-e6afc44958bd", "value": "8e5fd9f8557e0d39787dd205abffa973", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389214", "to_ids": true, "type": "md5", "uuid": "75913b54-c99d-4811-9b3c-fed3ee078af0", "value": "9317458e0d8484b77c0b9fa914a98230", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389256", "to_ids": true, "type": "md5", "uuid": "6754c24b-fbb0-4c15-a6d9-e63233881cab", "value": "a642c3dfd7e9dad5dc2a27ac6d8c9868", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389277", "to_ids": true, "type": "md5", "uuid": "d2053d4b-8138-429b-8e95-87c5875cf057", "value": "a6703722c6a1953a8c3807a6ff93d913", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389341", "to_ids": true, "type": "md5", "uuid": "04baaaf1-d092-4b1d-a518-836601067ddb", "value": "e8770d73d7d8b837df44a55de9adb7d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039785", "to_ids": true, "type": "ip-dst", "uuid": "62e8f663-76e9-466d-a2e8-9193a092a6c9", "value": "122.10.9.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#44ec52", "local": false, "name": "asn:asn=\"134548\"", "relationship_type": "" }, { "colour": "#fce2d0", "local": false, "name": "asn:as-owner=\"DXTL-HK DXTL Tseung Kwan O Service\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039788", "to_ids": true, "type": "ip-dst", "uuid": "63ae9931-318d-47ce-aae1-4f0c791a88f3", "value": "122.9.247.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d69a9e", "local": false, "name": "asn:asn=\"55990\"", "relationship_type": "" }, { "colour": "#1c4365", "local": false, "name": "asn:as-owner=\"HWCSNET Huawei Cloud Service data center\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039791", "to_ids": true, "type": "ip-dst", "uuid": "29bf2b4f-e1b9-4ece-aab5-97524ebfce81", "value": "122.10.9.155", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#44ec52", "local": false, "name": "asn:asn=\"134548\"", "relationship_type": "" }, { "colour": "#fce2d0", "local": false, "name": "asn:as-owner=\"DXTL-HK DXTL Tseung Kwan O Service\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039793", "to_ids": true, "type": "ip-dst", "uuid": "abf9ee6a-1486-42ee-b7ff-1a2658fdbb00", "value": "23.88.236.96", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#92678d", "local": false, "name": "asn:asn=\"14618\"", "relationship_type": "" }, { "colour": "#e68e4d", "local": false, "name": "asn:as-owner=\"AMAZON-AES\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039795", "to_ids": true, "type": "ip-dst", "uuid": "93c7c43f-31d6-4652-ae46-b8f12bcf89e7", "value": "122.10.26.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#44ec52", "local": false, "name": "asn:asn=\"134548\"", "relationship_type": "" }, { "colour": "#fce2d0", "local": false, "name": "asn:as-owner=\"DXTL-HK DXTL Tseung Kwan O Service\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741396938", "to_ids": true, "type": "hostname", "uuid": "f372f905-5e3d-4483-b2f6-6655827e131b", "value": "a.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741396961", "to_ids": true, "type": "hostname", "uuid": "e67944d2-2913-4819-a970-b4d07fa0d0cd", "value": "ack.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741396983", "to_ids": true, "type": "hostname", "uuid": "4dde0c12-ade6-4e46-a977-721fb58d7ea0", "value": "af.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397004", "to_ids": true, "type": "hostname", "uuid": "92c8db3f-a21c-4aac-9c7a-3228a2ace497", "value": "afc.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397025", "to_ids": true, "type": "hostname", "uuid": "2e38bb7c-6b1f-4120-9512-f3191a24c3a2", "value": "afnews.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397046", "to_ids": true, "type": "hostname", "uuid": "e4550404-1077-4519-a9b4-7bc86f03b175", "value": "articles.whynotad.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397068", "to_ids": true, "type": "hostname", "uuid": "11c4b3ac-90ba-4d04-927f-834d5be0813b", "value": "ccid.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397089", "to_ids": true, "type": "hostname", "uuid": "374ad431-8374-4d82-8deb-c885a89631cc", "value": "d6.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397110", "to_ids": true, "type": "hostname", "uuid": "c301f360-0003-41ae-b901-2499db289201", "value": "de.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397131", "to_ids": true, "type": "hostname", "uuid": "35e8d30c-75c9-40bd-be6e-0d3444f554d8", "value": "dec.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397152", "to_ids": true, "type": "hostname", "uuid": "1f587272-ba84-40dd-8627-459f2c1c9e66", "value": "df1.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397173", "to_ids": true, "type": "hostname", "uuid": "6fed6ef0-188a-4e4c-a9f0-cb3e8fa78625", "value": "df2.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397194", "to_ids": true, "type": "hostname", "uuid": "5672e365-0eee-401a-a398-a8e70bc8e471", "value": "df3.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397216", "to_ids": true, "type": "hostname", "uuid": "7bf96149-46a7-4ba8-b58b-903efb2ff5dd", "value": "df4.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397237", "to_ids": true, "type": "hostname", "uuid": "1bd85488-9d07-470f-96ce-7de9155be142", "value": "df5.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397258", "to_ids": true, "type": "hostname", "uuid": "d7597af0-0fc4-4150-966b-40075aef7a1d", "value": "email.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397279", "to_ids": true, "type": "hostname", "uuid": "92312e61-e091-4665-a74d-22fcd1fbb14a", "value": "email.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397300", "to_ids": true, "type": "hostname", "uuid": "b0e8f8a9-8bd0-4309-bf8c-9a9f46062c25", "value": "files.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397321", "to_ids": true, "type": "hostname", "uuid": "16341449-a750-4549-96e6-857c09c8f44d", "value": "files.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397342", "to_ids": true, "type": "hostname", "uuid": "b7c01503-ccfd-4855-a477-c714fe0d4ea5", "value": "freebsd.extrimtur.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397363", "to_ids": true, "type": "hostname", "uuid": "752ea92d-c298-4168-9d86-4bebd68b1ce0", "value": "gr.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397384", "to_ids": true, "type": "hostname", "uuid": "d6347a15-4283-4436-95c9-545ca4427280", "value": "guaranteed9.strangled.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397405", "to_ids": true, "type": "hostname", "uuid": "862af347-fe6f-4c73-9dc6-125719bfeade", "value": "hosts.mysaol.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397427", "to_ids": true, "type": "hostname", "uuid": "a5cbe54e-4903-42a6-9b25-423b151e8fee", "value": "ima03.now.im", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397448", "to_ids": true, "type": "hostname", "uuid": "4105be2c-8aa4-4a05-924d-d838f0d82dbd", "value": "img02.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397469", "to_ids": true, "type": "hostname", "uuid": "ea5abb0c-e4a8-409d-8199-36a134fbd31f", "value": "imgs09.homenet.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397490", "to_ids": true, "type": "hostname", "uuid": "64ad9650-a9e6-4268-9520-c05a3d1739ac", "value": "knl.russkoeumea.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397512", "to_ids": true, "type": "hostname", "uuid": "66c45bff-5868-4c1c-a333-1d3ded895601", "value": "login.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397532", "to_ids": true, "type": "hostname", "uuid": "6680af32-18ab-45fb-9c7f-da5e82b49e3c", "value": "mail.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397553", "to_ids": true, "type": "hostname", "uuid": "3310ab76-6407-4e9c-a8cd-6205d095b34d", "value": "my.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397575", "to_ids": true, "type": "hostname", "uuid": "79a058b1-0558-4c0e-b5b4-ae7296f7ca96", "value": "na.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397596", "to_ids": true, "type": "hostname", "uuid": "9f8a6a41-044c-4e13-a442-d690741896b8", "value": "na.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397617", "to_ids": true, "type": "hostname", "uuid": "7f20be9b-5aa1-435b-a45b-80c5c396340a", "value": "new.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397638", "to_ids": true, "type": "hostname", "uuid": "f1bca1fd-3630-4ef3-a1b2-bc1fd05daff6", "value": "news.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397659", "to_ids": true, "type": "hostname", "uuid": "e7ce94bb-527f-4a78-af29-0988128da6da", "value": "news.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397680", "to_ids": true, "type": "hostname", "uuid": "0837ac7f-0e1f-4f89-bd93-f0510d47462a", "value": "ng.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397702", "to_ids": true, "type": "hostname", "uuid": "65f412a8-236e-4a94-8657-e7ea94e45707", "value": "ns01.now.im", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397723", "to_ids": true, "type": "hostname", "uuid": "3a9e2949-79a9-4339-ad76-1cd30c2177cb", "value": "ny.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397744", "to_ids": true, "type": "hostname", "uuid": "3465bc08-0ae1-462d-be0e-a08e8417e4c9", "value": "ny.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397765", "to_ids": true, "type": "hostname", "uuid": "2763e4f5-556e-4e18-a40b-dbb328bdac6c", "value": "philippinenews.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397786", "to_ids": true, "type": "hostname", "uuid": "37552e49-00ad-4a55-87ba-e11e41f091a4", "value": "philnews.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397808", "to_ids": true, "type": "hostname", "uuid": "af46f697-3076-4f2d-80d6-cb179d8510ed", "value": "pic.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397829", "to_ids": true, "type": "hostname", "uuid": "eaaa4332-514b-4f5a-ae64-ed3e93c4b7a7", "value": "pm.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397850", "to_ids": true, "type": "hostname", "uuid": "470b44d3-fc96-4713-92e5-1d3db9d3ebf8", "value": "pop.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397871", "to_ids": true, "type": "hostname", "uuid": "71d6552e-1c9a-4456-8c31-233f9501e948", "value": "pop.philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397892", "to_ids": true, "type": "hostname", "uuid": "23fb6a67-77d5-418f-b0af-9cdbd713a7de", "value": "premium9.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397913", "to_ids": true, "type": "hostname", "uuid": "5729cc5e-1176-43dc-b411-5774441d7737", "value": "second.photo-frame.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397934", "to_ids": true, "type": "hostname", "uuid": "f5d72f0a-bae0-4940-8595-8f476f748b4c", "value": "shoping.jumpingcrab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397955", "to_ids": true, "type": "hostname", "uuid": "c35abc27-909b-43e2-9238-7314bc3afb16", "value": "so.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397976", "to_ids": true, "type": "hostname", "uuid": "4ea82a46-e121-42ae-aff5-7192f42999ba", "value": "web.huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741397997", "to_ids": true, "type": "hostname", "uuid": "ad9b5332-f8b2-460a-b042-59188e45f4a1", "value": "web01.crabdance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741398018", "to_ids": true, "type": "hostname", "uuid": "61374117-eaab-4a6b-bfaa-e4a140a8ad47", "value": "webmm.indiadigest.in", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741398039", "to_ids": true, "type": "hostname", "uuid": "51f7e107-efcf-4c70-97f6-a57192c55ab7", "value": "wg.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741398060", "to_ids": true, "type": "hostname", "uuid": "f9258c3b-7538-45e8-bc40-cf592fd77f0a", "value": "zq.philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1741398081", "to_ids": true, "type": "hostname", "uuid": "c9b2b78f-b15c-45c5-90dc-0f76366ab076", "value": "flags13.twilightparadox.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domain registration", "deleted": false, "disable_correlation": false, "timestamp": "1741398103", "to_ids": true, "type": "domain", "uuid": "f03d0481-8166-40e6-af73-5ac29d3e4ed2", "value": "huntingtomingalls.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Domain registration", "deleted": false, "disable_correlation": false, "timestamp": "1740357407", "to_ids": true, "type": "email-src", "uuid": "88060bd0-d90d-47e5-831a-86f0575ca784", "value": "ssdfsddfs@qsdfsq.com" }, { "category": "Network activity", "comment": "Domain registration", "deleted": false, "disable_correlation": false, "timestamp": "1741398124", "to_ids": true, "type": "domain", "uuid": "96a9bf4e-3f15-4036-9265-07948f6e8d31", "value": "philippinenewss.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Domain registration", "deleted": false, "disable_correlation": false, "timestamp": "1740357407", "to_ids": true, "type": "email-src", "uuid": "b78f819b-f21f-43f5-a212-c33009c08886", "value": "sambieber1990@yahoo.com" }, { "category": "Network activity", "comment": "Domain registration", "deleted": false, "disable_correlation": false, "timestamp": "1741398145", "to_ids": true, "type": "domain", "uuid": "647d43fa-eb1a-4351-bb8a-446caec75f97", "value": "philstarnotice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1741389404", "to_ids": true, "type": "md5", "uuid": "4bddcd81-c914-486a-8fd8-b1d2b2553a88", "value": "bff9c356e20a49bbcb12547c8d483352", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357445", "uuid": "d2281d3e-c26f-403d-831e-04bdaf6de62b", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357445", "to_ids": false, "type": "comment", "uuid": "3dcded65-02ff-4e59-8edb-12d682de176c", "value": "detection for Hellsing implants" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357445", "to_ids": true, "type": "yara", "uuid": "4526f587-8b24-48e7-9ed6-64c8f2684197", "value": "rule apt_hellsing_implantstrings {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing implants\"\r\nstrings:\r\n $mz=\"MZ\"\r\n $a1=\"the file uploaded failed !\"\r\n $a2=\"ping 127.0.0.1\"\r\n $b1=\"the file downloaded failed !\"\r\n $b2=\"common.asp\"\r\n $c=\"xweber_server.exe\"\r\n $d=\"action=\"\r\n$debugpath1=\"d:\\\\Hellsing\\\\release\\\\msger\\\\\" nocase\r\n$debugpath2=\"d:\\\\hellsing\\\\sys\\\\xrat\\\\\" nocase\r\n$debugpath3=\"D:\\\\Hellsing\\\\release\\\\exe\\\\\" nocase\r\n$debugpath4=\"d:\\\\hellsing\\\\sys\\\\xkat\\\\\" nocase\r\n$debugpath5=\"e:\\\\Hellsing\\\\release\\\\clare\" nocase\r\n$debugpath6=\"e:\\\\Hellsing\\\\release\\\\irene\\\\\" nocase\r\n$debugpath7=\"d:\\\\hellsing\\\\sys\\\\irene\\\\\" nocase\r\n$e=\"msger_server.dll\"\r\n$f=\"ServiceMain\"\r\ncondition:\r\n($mz at 0) and (all of ($a*)) or (all of ($b*)) or ($c and $d) or (any of ($debugpath*)) or ($e and\r\n$f) and filesize < 500000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357445", "to_ids": false, "type": "text", "uuid": "7ec78744-559e-4216-a9d3-75ae216c9731", "value": "apt_hellsing_implantstrings" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357465", "uuid": "48beb41a-3ff9-4fa2-a2e3-4b306410483a", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357465", "to_ids": false, "type": "comment", "uuid": "8ea32abb-40ca-4438-a156-0edfe49a265d", "value": "detection for Hellsing xweber/msger installers" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357465", "to_ids": true, "type": "yara", "uuid": "06b2ef20-bca2-49f9-9812-8f7322b3f76f", "value": "rule apt_hellsing_installer {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing xweber/msger installers\"\r\nstrings:\r\n $mz=\"MZ\"\r\n$cmd=\"cmd.exe /c ping 127.0.0.1 -n 5&cmd.exe /c del /a /f \\\"%s\\\"\"\r\n$a1=\"xweber_install_uac.exe\"\r\n$a2=\"system32\\\\cmd.exe\" wide\r\n$a4=\"S11SWFOrVwR9UlpWRVZZWAR0U1aoBHFTUl2oU1Y=\"\r\n$a5=\"S11SWFOrVwR9dnFTUgRUVlNHWVdXBFpTVgRdUlpWRVZZWARdUqhZVlpFR1kEUVNSXa\r\nhTVgRaU1YEUVNSXahTVl1SWwRZValdVFFZUqgQBF1SWlZFVllYBFRTVqg=\"\r\n$a6=\"7dqm2ODf5N/Y2N/m6+br3dnZpunl44g=\"\r\n$a7=\"vd/m7OXd2ai/5u7a59rr7Ki45drcqMPl5t/c5dqIZw==\"\r\n$a8=\"vd/m7OXd2ai/usPl5qjY2uXp69nZqO7l2qjf5u7a59rr7Kjf5tzr2u7n6euo4+Xm39zl2qju5dqo\r\n4+Xm39zl2t/m7ajr19vf2OPr39rj5eaZmqbs5OSI Njl2tyI\"\r\n$a9=\"C:\\\\Windows\\\\System32\\\\sysprep\\\\sysprep.exe\" wide\r\n$a10=\"%SystemRoot%\\\\system32\\\\cmd.exe\" wide\r\n$a11=\"msger_install.dll\"\r\n$a12={00 65 78 2E 64 6C 6C 00}\r\ncondition:\r\n($mz at 0) and ($cmd and (2 of ($a*))) and filesize < 500000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357465", "to_ids": false, "type": "text", "uuid": "c1c72126-0a19-4faa-beba-2fb3972636eb", "value": "apt_hellsing_installer" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357491", "uuid": "47183d59-1ca5-454a-98ed-fd401afbcb28", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357491", "to_ids": false, "type": "comment", "uuid": "73b35036-1d60-4eb7-bf28-cf31f65bf3be", "value": "detection for Hellsing proxy testing tool" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357491", "to_ids": true, "type": "yara", "uuid": "c437a5fe-73b4-465f-b08e-f692cd1ca9fb", "value": "rule apt_hellsing_proxytool {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing proxy testing tool\"\r\nstrings:\r\n $mz=\"MZ\"\r\n$a1=\"PROXY_INFO: automatic proxy url => %s \"\r\n$a2=\"PROXY_INFO: connection type => %d \"\r\n$a3=\"PROXY_INFO: proxy server => %s \"\r\n$a4=\"PROXY_INFO: bypass list => %s \"\r\n$a5=\"InternetQueryOption failed with GetLastError() %d\"\r\n$a6=\"D:\\\\Hellsing\\\\release\\\\exe\\\\exe\\\\\" nocase\r\ncondition:\r\n($mz at 0) and (2 of ($a*)) and filesize < 300000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357491", "to_ids": false, "type": "text", "uuid": "b18af030-6ee4-41ad-87de-5c9d6ec51040", "value": "apt_hellsing_proxytool" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357517", "uuid": "b02bffd9-5649-42d3-a2a7-bb5f1fbcb698", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357517", "to_ids": false, "type": "comment", "uuid": "019fc8d1-65c7-45c7-bc39-3a09e796ecff", "value": "detection for Hellsing xKat tool" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357517", "to_ids": true, "type": "yara", "uuid": "bf8493c4-8a8d-404c-9798-a1d9f4f0ad36", "value": "rule apt_hellsing_xkat {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing xKat tool\"\r\nstrings:\r\n $mz=\"MZ\"\r\n$a1=\"\\\\Dbgv.sys\"\r\n$a2=\"XKAT_BIN\"\r\n$a3=\"release sys file error.\"\r\n$a4=\"driver_load error. \"\r\n$a5=\"driver_create error.\"\r\n$a6=\"delete file:%s error.\"\r\n$a7=\"delete file:%s ok.\"\r\n$a8=\"kill pid:%d error.\"\r\n$a9=\"kill pid:%d ok.\"\r\n$a10=\"-pid-delete\"\r\n$a11=\"kill and delete pid:%d error.\"\r\n$a12=\"kill and delete pid:%d ok.\"\r\ncondition:\r\n($mz at 0) and (6 of ($a*)) and filesize < 300000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357517", "to_ids": false, "type": "text", "uuid": "1d211262-d31d-4eba-bebf-35d6d58d2295", "value": "apt_hellsing_xkat" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357537", "uuid": "dbff4a69-6c55-4296-b2d0-e2a6ebb8b455", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357537", "to_ids": false, "type": "comment", "uuid": "f8f070e5-b9ad-4dc6-98fd-e776b48b18a9", "value": "detection for Hellsing msger type 2 implants" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357537", "to_ids": true, "type": "yara", "uuid": "c5aafef0-7139-4ae7-9f4c-fe04332d063d", "value": "rule apt_hellsing_msgertype2 {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing msger type 2 implants\"\r\nstrings:\r\n $mz=\"MZ\"\r\n$a1=\"%s\\\\system\\\\%d.txt\"\r\n$a2=\"_msger\"\r\n$a3=\"http://%s/lib/common.asp?action=user_login&uid=%s&lan=%s&host=%s&os=%s&proxy\r\n=%s\"\r\n$a4=\"http://%s/data/%s.1000001000\"\r\n$a5=\"/lib/common.asp?action=user_upload&file=\"\r\n$a6=\"%02X-%02X-%02X-%02X-%02X-%02X\"\r\ncondition:\r\n($mz at 0) and (4 of ($a*)) and filesize < 500000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357537", "to_ids": false, "type": "text", "uuid": "6ca08d01-b93c-414a-b099-680ed60ff636", "value": "apt_hellsing_msgertype2" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740357567", "uuid": "657537f8-4922-48c0-b14e-f1ace7d0ac4c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740357567", "to_ids": false, "type": "comment", "uuid": "92c0ba94-6322-4c5d-a6ea-68b39e7cc721", "value": "detection for Hellsing msger irene installer" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740357567", "to_ids": true, "type": "yara", "uuid": "9fa6ea4c-9d28-4b8d-8342-32e4ebd47192", "value": "rule apt_hellsing_irene {\r\nmeta:\r\nversion = \"1.0\"\r\nfiletype = \"PE\"\r\nauthor = \"Costin Raiu, Kaspersky Lab\"\r\ncopyright = \"Kaspersky Lab\"\r\ndate = \"2015-04-07\"\r\ndescription = \"detection for Hellsing msger irene installer\"\r\nstrings:\r\n $mz=\"MZ\"\r\n$a1=\"\\\\Drivers\\\\usbmgr.tmp\" wide\r\n$a2=\"\\\\Drivers\\\\usbmgr.sys\" wide\r\n$a3=\"common_loadDriver CreateFile error! \"\r\n$a4=\"common_loadDriver StartService error && GetLastError():%d! \"\r\n$a5=\"irene\" wide\r\n$a6=\"aPLib v0.43 - the smaller the better\"\r\ncondition:\r\n($mz at 0) and (4 of ($a*)) and filesize < 500000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740357567", "to_ids": false, "type": "text", "uuid": "ca9fec69-8dad-4d76-9dd0-7a145b2f3cca", "value": "apt_hellsing_irene" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398166", "uuid": "78a9ef95-8827-41a2-986e-95d8b246b8f5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398166", "to_ids": true, "type": "md5", "uuid": "0e0cb429-6312-4337-93b6-659988c68fb9", "value": "055bc765a78da9cc759d1ba7ac7ac05e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741388565", "to_ids": true, "type": "sha1", "uuid": "87ff7cec-4559-41ff-9e43-9334854300e5", "value": "bcde7b0dfd1725eb2c63ed4183ecd8acaa615cb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741388565", "to_ids": true, "type": "sha256", "uuid": "ba5909c7-407d-4247-99ab-d785c581eebd", "value": "24d07f23b496198dd1a2d41978753b71a2ed12c6c00fbc4ff4feac12664f12d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741388564", "to_ids": true, "type": "ssdeep", "uuid": "b261c817-ea70-4203-8ebb-599b8f378dcb", "value": "3072:mT8zGVvPLsmbMD2Sd7sF59G9ZlvvpXd3xM5CwnfIySF7CDGtq+dm3nmTzNlUkQ2k:RzOvzswO2S5Wmv5MH4e6943mTzLL7e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741388564", "to_ids": false, "type": "size-in-bytes", "uuid": "f9118d9e-e840-4f33-9d1e-64ec5cf79e84", "value": "288764" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741388564", "to_ids": true, "type": "vhash", "uuid": "1c3af712-7f00-42b3-a721-a705fa4ffdb5", "value": "025056655d75551048z58hz23z1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741388564", "to_ids": true, "type": "filename", "uuid": "77a485fa-d461-4ab1-8d02-cab001eacfe9", "value": "sqlconnt_backup.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 06/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741388564", "to_ids": false, "type": "text", "uuid": "dadc42e0-8f32-4fe9-ae8b-1ea50129f708", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Skeeyah.A!bit\nVT Total Detection:57/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398187", "uuid": "2110e970-e076-4b27-b75d-d44f6d8eaf84", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398187", "to_ids": true, "type": "md5", "uuid": "f5040e49-571a-4795-8f70-c70c54657fc4", "value": "31b3cc60dbecb653ae972db9e57e14ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741388858", "to_ids": true, "type": "sha1", "uuid": "b90f0801-c3bc-47dd-83d6-707a3b0d8a77", "value": "99e0290821c624edefe720a0e7a30a1710b6b668", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741388858", "to_ids": true, "type": "sha256", "uuid": "32da4d23-e5e4-4ea2-a15c-b8702ca47456", "value": "d19529f155190abd0b53a549a41cbdc4e6bbd949652a41ba8602d2a03f4c08ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741388858", "to_ids": true, "type": "ssdeep", "uuid": "a8db0b30-7ff6-43e8-a14f-7081104771c6", "value": "1536:KQBM8W/EMn7Q257XPCATpIQ7PqP3Fm8IrvTU086tnEk:KQBMpF82RoPAi086tn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741388858", "to_ids": false, "type": "size-in-bytes", "uuid": "69ba9b24-dbc1-4b4a-bb9c-95720c4630b7", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741388858", "to_ids": true, "type": "vhash", "uuid": "c7f55946-c400-4376-b902-aa009a286da5", "value": "194046655d151078z58nz21ze1z46z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741388858", "to_ids": true, "type": "filename", "uuid": "15009e13-45ee-4849-bde3-71824a0a04db", "value": "edg7639.tmp" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741388858", "to_ids": false, "type": "text", "uuid": "f66dc0fe-141b-4034-adfb-da68cc2d127b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:51/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398208", "uuid": "d467e8f5-6667-4b66-9693-c74776f6be8e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398208", "to_ids": true, "type": "md5", "uuid": "3d5fff13-c069-4754-ac1e-b61618a84ae2", "value": "3a40e0deb14f821516eadaed24301335", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741388879", "to_ids": true, "type": "sha1", "uuid": "0564ee47-2b23-41ed-b15e-1319e4049913", "value": "af3487c755b1a6df607ae5f868e2bb70baeb3f4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741388879", "to_ids": true, "type": "sha256", "uuid": "3d70b2df-a885-4339-b1bf-4dc82432e392", "value": "19447e39bc05b67576a963e35e5a50a4461f4b44363c5a5589047257f5e9b9b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741388879", "to_ids": true, "type": "ssdeep", "uuid": "406399a7-dc94-4703-a7cb-8251d0993484", "value": "768:pbpbuQ+tD9qbuQOjz6PgLdmSDcz/QXffZghe1TT9H6A:pbpGoQyMdmkczo3Zgc1TT9H6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741388879", "to_ids": false, "type": "size-in-bytes", "uuid": "7f7f92ad-6070-4997-8c9b-657705cf57a3", "value": "35840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741388879", "to_ids": true, "type": "vhash", "uuid": "47ccd52b-1ed5-47e8-b090-af8a533702cf", "value": "03403e0f7d1019z6hz1011z11z11z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741388879", "to_ids": true, "type": "filename", "uuid": "57e0a130-04e7-4f3d-a58d-9c9e700a7c5d", "value": "mmc.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 27/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741388879", "to_ids": false, "type": "text", "uuid": "00a69df4-bb8b-4ef2-b440-ce693d4ce0f5", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:59/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398229", "uuid": "64232460-2901-48eb-96fd-e8ccb987127d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398229", "to_ids": true, "type": "md5", "uuid": "7de8b6dc-d776-451a-8d49-0454247f3493", "value": "3de2a22babb69e480db11c3c15197586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741388901", "to_ids": true, "type": "sha1", "uuid": "c204dc5f-ce6a-442e-8864-4492fe1de305", "value": "ccf4d1db384cd7470c01ad6482a2873a50291d8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741388901", "to_ids": true, "type": "sha256", "uuid": "459dafbb-e31c-4e74-ac4c-1befb1b9c086", "value": "5ef6f914587219617e1ef0d6d856a179d1a146d02004d826e6bc375bea385d2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741388900", "to_ids": true, "type": "ssdeep", "uuid": "4f2a0a2b-ea1b-422f-bdbc-144fd8de1d85", "value": "192:aRl1pHXVIzUVXwE8lVzxXgd7MT0UJI52C9WTh8Wj:aRl1dHxwZWd7MTKgC9WTh8Wj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741388900", "to_ids": false, "type": "size-in-bytes", "uuid": "cf3f0e8f-5987-4cb6-86cb-7d77b731b0af", "value": "10752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741388900", "to_ids": true, "type": "vhash", "uuid": "2d3558e7-0254-46f1-966e-effce8b06189", "value": "014066551d1e15151iz18xz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741388900", "to_ids": true, "type": "filename", "uuid": "85b4d2a6-6aef-4dde-9681-d6406d9a66dd", "value": "usbmgr.sys" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 03/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741388900", "to_ids": false, "type": "text", "uuid": "79b8044f-daaf-4198-9ad1-17e1626a4a12", "value": "Type Description: Win32 EXE\n\nMicrosoft: Program:Win32/Wacapew.C!ml\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398250", "uuid": "ad3c44f5-f042-46f7-bbdc-b19073ee9d91", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398250", "to_ids": true, "type": "md5", "uuid": "74365118-f53e-4896-b75e-ba4197076bc6", "value": "824c92e4b27026c113d766c0816428a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389131", "to_ids": true, "type": "sha1", "uuid": "96068d4f-7d68-46b4-8acb-2ff1978a9f62", "value": "4877c51915d8458ceaf35066a0fa6db978ef60a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389131", "to_ids": true, "type": "sha256", "uuid": "62f3bffe-6b7e-449c-af3d-54eee122cec0", "value": "e58c88cb46db868971e329891b681cdd8e5bf5da1e464cac759b4fb7be663402", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389131", "to_ids": true, "type": "ssdeep", "uuid": "fcc68a33-2102-4d0c-9b5f-f073b24fb377", "value": "3072:vi4TL/BxBVapeh5zx68zt+/q8t9IG59LZB3T0:DPJxBV3DNzMS2q2A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389131", "to_ids": false, "type": "size-in-bytes", "uuid": "2460d6b7-eb59-48cb-9a7a-498213804b98", "value": "184316" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389131", "to_ids": true, "type": "vhash", "uuid": "fd874638-20af-4b1c-958c-6bf0981326d5", "value": "115056655d55551098z711z1fz11z21z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389131", "to_ids": true, "type": "filename", "uuid": "52e518ef-6b10-4092-8c02-c3214014d157", "value": "irmon32.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 04/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389131", "to_ids": false, "type": "text", "uuid": "0e439f3a-6a31-42e2-833c-7552ed823563", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:58/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398272", "uuid": "0c274371-bb6c-4946-85b0-cafbe5d8620e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398272", "to_ids": true, "type": "md5", "uuid": "2aca4689-9d7b-42cf-97bb-afbc8cc345e3", "value": "a23d7b6a81dc0b460294e8be829f564d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389215", "to_ids": true, "type": "sha1", "uuid": "2e7c3a16-c448-43f1-b0b0-d2082692a523", "value": "bd52c3ee1aa71b12cdb0e0ad3a7288f21a0ee1d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389215", "to_ids": true, "type": "sha256", "uuid": "2f585043-6ec2-430b-b0a6-f55156df9972", "value": "f3b7254fc8d55143fc68ebeeabd9aa5e2ede5cc5633872e45d8e6e6264fa1f62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389215", "to_ids": true, "type": "ssdeep", "uuid": "6c6274fe-5bb8-4e2f-aaa4-35d22ab6a9c3", "value": "1536:bgru/UWnYUtYEUddY2DR5vU3sGQFzrUvMXtogseIlMZg5cfZH:0uRnEnddYevHzRTsDlMZg5cfZH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389215", "to_ids": false, "type": "size-in-bytes", "uuid": "9722d151-d1aa-4785-aeb5-88a70d663525", "value": "133116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389215", "to_ids": true, "type": "vhash", "uuid": "49105697-1981-4525-8ed7-1fe688eff23f", "value": "115056655d15555098z711z1fz11z21z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389215", "to_ids": true, "type": "filename", "uuid": "3ccc72d4-53ac-4929-ac99-7e94c7a0b785", "value": "irmon32.dl" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 23/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389215", "to_ids": false, "type": "text", "uuid": "9c7600b5-bbbf-45c9-bfae-4be1b1d8db8b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:54/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398293", "uuid": "03d6b540-b335-4313-b48f-936215b31297", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398293", "to_ids": true, "type": "md5", "uuid": "4c665564-2323-42b6-bc12-ff4e3ba00b46", "value": "aa906567b9feb1af431404d1c55e0241", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389278", "to_ids": true, "type": "sha1", "uuid": "8877c337-8311-49d7-b213-aaeccc02672c", "value": "c80e044fa75a7ad0afa1267e7c624516e8ccdd27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389278", "to_ids": true, "type": "sha256", "uuid": "39bc9d4a-760f-4449-bab8-a42131c7b148", "value": "5b6dbeece90e73ba4615275d480966b79cce2deca2cf422f4932f049f7ea8851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389278", "to_ids": true, "type": "ssdeep", "uuid": "2dfcc7c2-ee9d-491e-89ee-799422ec2942", "value": "3072:WSpfO50aahywM8Wc5fR1J+dDUNoG8bSAv6bSv5K8z9TE7mHNvDugpHzoa5cgRbZV:WSpfODahhJWoPWUpwJzVE7mHxu+MXAb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389278", "to_ids": false, "type": "size-in-bytes", "uuid": "f74ca86a-87cd-4459-97fb-d5e9fe4a582c", "value": "204284" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389278", "to_ids": true, "type": "vhash", "uuid": "745ffbc1-c307-4cea-8b6f-d4d375755f6d", "value": "125056655d5555119z751z1fz11z21z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389278", "to_ids": true, "type": "filename", "uuid": "5ac8c6fb-d884-4253-a6fe-14299a8e3516", "value": "vt-upload-czENv" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 31/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389278", "to_ids": false, "type": "text", "uuid": "4d0f8599-4f8f-4d13-8778-8a578f4201d4", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:56/74" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398314", "uuid": "1514b49f-f7a2-427d-8431-8108f1753d02", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398314", "to_ids": true, "type": "md5", "uuid": "8957aa32-3272-4d4c-aad7-60c647ee452b", "value": "ac073ad83555f3748d481bcf796e1993", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389299", "to_ids": true, "type": "sha1", "uuid": "d2dfc8e2-a963-4f58-8ad2-9f23e881ff4b", "value": "8aa2aed99c40a5a7e7b4d9a31c71bf28375981e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389300", "to_ids": true, "type": "sha256", "uuid": "7bd2845c-2a3e-4344-87c9-0a4c95c4e85d", "value": "00fc803bccc63489809767504cf704343663127d9dd7aef49827f58115d77772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389299", "to_ids": true, "type": "ssdeep", "uuid": "4a1804d9-7d2e-4a2e-b1b7-fda67b9f5d42", "value": "1536:gYunU6/Y0tYEUddlHxbXjUQT4SMU2M9agNeI5MJ85dEZH:9ut/knddJJ/t7ND5MJ85dEZH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389299", "to_ids": false, "type": "size-in-bytes", "uuid": "a8ca1871-a16d-4cc7-85cc-499a0065460b", "value": "133116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389299", "to_ids": true, "type": "vhash", "uuid": "5fecbcac-79aa-415b-a4ea-2b58595d8046", "value": "115056655d15555098z711z1fz11z21z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389299", "to_ids": true, "type": "filename", "uuid": "185de618-44dc-4523-be37-b3ba49e0ad32", "value": "iasex.dll" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 02/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389299", "to_ids": false, "type": "text", "uuid": "468767f2-5e6a-4ec5-87c3-54f4f07dd237", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:56/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398336", "uuid": "4b684cff-0d7b-4488-a2e3-1a957d2d2491", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398336", "to_ids": true, "type": "md5", "uuid": "7c2a30d5-3f06-4a23-be91-05a41807eff1", "value": "fe07da37643ed789c48f85d636abcf66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389342", "to_ids": true, "type": "sha1", "uuid": "ef62fd95-1145-4e37-a1f4-64dbf001d0c0", "value": "36bf38c435d8b2854642be84a1006686ef18f476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389342", "to_ids": true, "type": "sha256", "uuid": "c5ed7c05-772b-41ce-a415-6a27f293c0a5", "value": "854229e0b69df3fcc2212fe330759edaf9df00a4f9877aa42c0f568029684f3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389341", "to_ids": true, "type": "ssdeep", "uuid": "aac135cc-b7e1-495f-af64-1b0eba75c8e0", "value": "1536:gYunU6/Y0tYEUddlHxbXjUQT4SMU2M9agNeI5MJ85dEZH:9ut/knddJJ/t7ND5MJ85dEZH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389341", "to_ids": false, "type": "size-in-bytes", "uuid": "715fd220-8f04-47ef-b414-66c149931cc1", "value": "133116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389341", "to_ids": true, "type": "vhash", "uuid": "12e6ca55-3a8e-484b-99da-d6c0ec583beb", "value": "115056655d15555098z711z1fz11z21z81z56z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389341", "to_ids": true, "type": "filename", "uuid": "d3c1f127-dfd1-459c-b02f-33821e6616c2", "value": "2013-02-01.fe07da37643ed789c48f85d636abcf66.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 21/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389341", "to_ids": false, "type": "text", "uuid": "a851b975-8842-4299-be20-b6fc2ff0ac44", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:58/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398357", "uuid": "accb515e-6b8c-46cf-9bc7-da9ff273decb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398357", "to_ids": true, "type": "md5", "uuid": "a19ceca6-2ca4-4a1a-a150-f91ff368e7aa", "value": "7c0be4e6aee5bc5960baa57c6a93f420", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389363", "to_ids": true, "type": "sha1", "uuid": "2c080f85-b20b-496c-9da3-6c8fb6786e3d", "value": "e2142b6f8aa812cab173b35f3a3add6e2e6b588e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389363", "to_ids": true, "type": "sha256", "uuid": "c939c03a-cc1c-43f9-aa29-c423288f1660", "value": "143fbfb65d010ca9cacf1316d026448fc984c9d57c03f1ef1d79b62af5a45ced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389363", "to_ids": true, "type": "ssdeep", "uuid": "925d355b-2559-4e05-9cb1-5be0ad769e2d", "value": "1536:bpRjUylXPvRGQX4uGQKTuFGzpXztum7IXacjIG86tG7:bpR1vXIZ0br86tg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389363", "to_ids": false, "type": "size-in-bytes", "uuid": "ca9b96d3-15a6-4ba0-b227-93fabc83cdac", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389363", "to_ids": true, "type": "vhash", "uuid": "37eb5a63-0dd3-4832-b9bc-264a513d3562", "value": "194046656d151078z58nz21ze1z46z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389363", "to_ids": true, "type": "filename", "uuid": "02effc63-45ca-4c11-86c0-c7f3dc88828d", "value": "virussign.com_7c0be4e6aee5bc5960baa57c6a93f420.vir" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389363", "to_ids": false, "type": "text", "uuid": "e238c8aa-5605-416f-b379-c5eb2721878c", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:54/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398379", "uuid": "c9188acb-2027-4a87-8f9d-b90b7231c208", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398379", "to_ids": true, "type": "md5", "uuid": "a523446a-b39f-4c24-ba23-32e2d8e61477", "value": "c0e85b34697c8561452a149a0b123435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389405", "to_ids": true, "type": "sha1", "uuid": "4f913407-5417-43c6-8917-c9a188faaa47", "value": "ec96d19383280362698e4e5a397a50a7538c0e82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389405", "to_ids": true, "type": "sha256", "uuid": "9563b191-f602-4276-b09b-89a6efe26539", "value": "b73a4186e9bd523e50c2eedd07809b5f7db67566c0d0c7e5e6de1b72bdb29ed1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389405", "to_ids": true, "type": "ssdeep", "uuid": "69438eea-0d5b-45c6-9cfb-ae601611a947", "value": "768:UnF+yraZbpfc5tVqcuHg48OSpNGfXSZB0fh+VFINEmZQ:GF+CypfkacuxjSeEByeCSmZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389405", "to_ids": false, "type": "size-in-bytes", "uuid": "4b3c57c0-7add-4821-9290-10ba05d04739", "value": "35840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389405", "to_ids": true, "type": "vhash", "uuid": "a10d93ff-b43c-4ba9-99a5-0f8f91016fb4", "value": "03403e0f7d1019z6hz1011z11z11z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389405", "to_ids": true, "type": "filename", "uuid": "e8babf11-4d32-4460-ba56-6f37f0021f8c", "value": "server.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 23/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389405", "to_ids": false, "type": "text", "uuid": "6b41148d-7f7d-4c28-ba7c-bfc8f829868c", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:57/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398401", "uuid": "56aade8e-aced-431c-baf2-036ce7d24cbb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398401", "to_ids": true, "type": "md5", "uuid": "fb5ca086-23e9-4b2d-a4e4-86e9f60b2b98", "value": "f13deac7d2c1a971f98c9365b071db92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389426", "to_ids": true, "type": "sha1", "uuid": "6975c6f6-8960-4807-a58b-d86c3681d77d", "value": "babffe96208758e3f719b42c9afc25560287179a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389427", "to_ids": true, "type": "sha256", "uuid": "6911a72a-4bc7-4e86-b6f0-59ee4d7230e4", "value": "19852bf9b992a82491800bcbdffc9c87a580e3c90c58ebb0aa644aa740a8357b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389426", "to_ids": true, "type": "ssdeep", "uuid": "12ed82d2-4cbc-4cb5-bb83-d9b53151ae9e", "value": "1536:bpRjUylXPvRGQX4uGQKTuFGzpXztum7IXacjIG86t+7:bpR1vXIZ0br86to" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389426", "to_ids": false, "type": "size-in-bytes", "uuid": "bd4fef7d-d521-4723-97c8-69f1898b77ec", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389426", "to_ids": true, "type": "vhash", "uuid": "fb8c5ab1-6b1e-42c4-999a-e01de6370c60", "value": "194046656d151078z58nz21ze1z46z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389426", "to_ids": true, "type": "filename", "uuid": "29983033-4360-4d7d-8ce8-2a3b74c97f98", "value": "edg47.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 08/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389426", "to_ids": false, "type": "text", "uuid": "a70e1109-4726-423e-97a7-7d5a85f6ee52", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:54/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741398422", "uuid": "298dcd3e-67e3-42a8-ab76-6efbf57cd7b7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741398422", "to_ids": true, "type": "md5", "uuid": "5208b0b6-fd53-49eb-90d0-92f38854dd3f", "value": "f74ccb013edd82b25fd1726b17b670e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1741389448", "to_ids": true, "type": "sha1", "uuid": "7dad353c-aaff-43f4-b430-de3b6bff1661", "value": "ad969ce312ec82d0e4094337fc142d9ea76b562d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1741389448", "to_ids": true, "type": "sha256", "uuid": "f2918fae-3820-433e-9a1f-2ad3e18779d0", "value": "6f5f7b2cf984d4345efe6c3d68fc8cd1c4cc2c94bb51506b72388c6e9b8ce51a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741389447", "to_ids": true, "type": "ssdeep", "uuid": "aef094ea-3103-41c3-b696-164a58fe9b1b", "value": "768:Ao/b4rOr78Huf9L2vULWNDQxR1Bg4y9vCU/qM2vxG6mKHf2t/C:AQb0Hu1L2wHxRyKU/0RHfo/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741389447", "to_ids": false, "type": "size-in-bytes", "uuid": "7165f255-9a41-4793-9504-897726d16ce8", "value": "44544" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741389447", "to_ids": true, "type": "vhash", "uuid": "155558ff-98dd-4487-9d9a-2357b4fbf81e", "value": "04403e0f7d1019z6hz1011z11z11z17z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741389447", "to_ids": true, "type": "filename", "uuid": "2b3eea38-cb3f-471f-adea-70ac186eabb9", "value": "mmc.exe" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 27/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741389447", "to_ids": false, "type": "text", "uuid": "2741db90-eb96-434d-b601-325974bc85ff", "value": "Type Description: Win32 EXE\n\nMicrosoft: Backdoor:Win32/Heling.A.gen!dha\nVT Total Detection:54/71" } ] } ] } }