{ "Event": { "analysis": "1", "date": "2025-10-14", "extends_uuid": "", "info": "[Threat Intel] MA-1400.102025: MyCERT Alert - Email with Malicious Attachment Targeting Internet Banking Users", "protected": false, "publish_timestamp": "1780041316", "published": true, "threat_level_id": "3", "timestamp": "1772902065", "uuid": "36847759-be6f-4ac7-865d-08c43d89f73a", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"404 Keylogger\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764809779", "to_ids": false, "type": "link", "uuid": "9273a3dc-b68b-4b6f-a26f-97046bc8df16", "value": "https://www.mycert.org.my/portal/advisory?id=MA-1400.102025" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:04/12/2025", "deleted": false, "disable_correlation": false, "timestamp": "1764810153", "to_ids": true, "type": "sha256", "uuid": "b6df2b3f-bd86-4e04-a097-bd546444aa1b", "value": "85c44fa7dc272a30fe82205119c71604224677380b26271bb0d4d82565b4c6d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764810166", "to_ids": true, "type": "url", "uuid": "c10d1860-052e-4dc6-b9a1-3c1193fadac4", "value": "https://api.telegram.org/bot/sendMessage?chat_id=&text=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764810188", "to_ids": true, "type": "url", "uuid": "456d1e2d-d3ae-4abe-aa77-070ec08f6059", "value": "http://51.38.247.67:8081/_send_.php?L", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764810210", "to_ids": true, "type": "url", "uuid": "032a92be-0a61-440c-9c97-fbb5beb46f71", "value": "https://reallyfreegeoip.org/xml/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764810232", "to_ids": true, "type": "url", "uuid": "0aa58a8a-ecf4-4b0a-bd63-1662c10c3ad2", "value": "http://checkup.dyndns.org/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764810254", "to_ids": true, "type": "hostname", "uuid": "fc6419f5-90b7-43ef-96d6-78ddf3a9944a", "value": "mail.derelimatbaa.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1764809788", "to_ids": true, "type": "email-src", "uuid": "f5123dec-62b9-4029-938a-9dce67e31b0b", "value": "info@derelimatbaa.com" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1764810276", "uuid": "7fdd8a53-d122-494a-b86a-6de4589a730f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1764810276", "to_ids": true, "type": "md5", "uuid": "6c8bd1b0-c554-412c-9bb7-b7cacc68fe18", "value": "6b60be6e906dda90bbd7306f56bd185c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1764810148", "to_ids": true, "type": "sha1", "uuid": "f8930b4c-37e6-4f29-a93f-5fb28d886fc1", "value": "b44833e1fb07f5d2ff2e160d4972152f108d7528", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1764810148", "to_ids": true, "type": "sha256", "uuid": "695310b6-f288-417c-a50e-1b79807e7fab", "value": "bfcdcc097c1f5364c99b244e9d15bad7f93e76229319018a0af7bd6bc71df3c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1764809999", "to_ids": true, "type": "ssdeep", "uuid": "cf180cec-c700-4428-a39a-6f2993499b94", "value": "24576:KuJdoNCFQypM25hVhZWhjNlgqdvq8MlU8WEKOI7534VVVi:KuJdR+yq2QhJmq9q8iU8Wxz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1764809999", "to_ids": false, "type": "size-in-bytes", "uuid": "1df3ba3b-0da5-4367-8932-6b1f2d87a635", "value": "1154560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1764809999", "to_ids": true, "type": "vhash", "uuid": "59192f8e-6160-4340-be93-4e4cd1954684", "value": "216036755514b066382d7052a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1764809999", "to_ids": true, "type": "filename", "uuid": "c5f026d3-de90-4a13-93fb-be537174b049", "value": "tNVL.exe" }, { "category": "Other", "comment": "Checked: 04/12/2025\nLast-scan\t: 17/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1764809999", "to_ids": false, "type": "text", "uuid": "c3c5d043-78ee-4a87-83d4-9b4c76d17b3f", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:MSIL/DarkCloud.AEBB!MTB\nVT Total Detection:54/72\nFirst Submission:2025-07-31T05:09:53.000000+00:00\nLast Submission:2025-08-04T01:43:39.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1764810298", "uuid": "e6bfe494-1e28-4609-a3bd-02c789801483", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1764810298", "to_ids": true, "type": "md5", "uuid": "31814d53-78e6-4191-bfdd-a92ccc98a701", "value": "035071efab803c598ba26b8f7e3f9edf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1764810149", "to_ids": true, "type": "sha1", "uuid": "478abdf9-cc67-4d34-8e7b-2244bcc1bbb2", "value": "4a8320c9e1a0ae9e1ed726fd35d38bb2924681d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1764810150", "to_ids": true, "type": "sha256", "uuid": "579a4e00-b5c4-4418-b4c7-1064fe8382d5", "value": "1351d694b53ba5c36c9790ecd17732a229e946438e6235c21e811866c468af9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1764810021", "to_ids": true, "type": "ssdeep", "uuid": "483beec4-9ac2-466f-8eef-3a7616ee647d", "value": "12288:/er13ELirg8objAFw2hbJ6CNp56Yfu1HqdBUP2uJf8kG+yPkhJ3A0RWFEWS:WrlELirg8EjAW2yYr6gAHTP2uJfpG+ym" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1764810021", "to_ids": false, "type": "size-in-bytes", "uuid": "d4688715-c1fb-4ba9-a90e-29d7e8c400df", "value": "725930" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1764810021", "to_ids": true, "type": "vhash", "uuid": "6d18c4ff-d939-48f1-9f5e-9a93816c9e6d", "value": "1d2d6dd57d2f4a0e15fe549c14b6f9a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1764810021", "to_ids": true, "type": "filename", "uuid": "78e0f348-4ee5-41fa-bb0f-854205ecef2f", "value": "MY00485Q3245639MYKUL_pdf.r00" }, { "category": "Other", "comment": "Checked: 04/12/2025\nLast-scan\t: 12/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1764810021", "to_ids": false, "type": "text", "uuid": "980bf573-13fb-44d2-a276-d2d00213e4e0", "value": "Type Description: RAR\nMicrosoft: None\nVT Total Detection:43/65\nFirst Submission:2025-08-12T08:11:59.000000+00:00\nLast Submission:2025-08-12T08:11:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1764810321", "uuid": "fa96b59b-80ae-41a5-8029-d165851443d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1764810321", "to_ids": true, "type": "md5", "uuid": "c0adfb87-164a-45e5-a476-8b6d4b5f01c1", "value": "1488b9f6c4b79666e2bc4d52438929bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1764810151", "to_ids": true, "type": "sha1", "uuid": "d3cc0127-23a8-4c1d-b4ee-dde4fbec35c8", "value": "0b0304614ced5844a9bd1ef2254e093d3f2aab68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1764810151", "to_ids": true, "type": "sha256", "uuid": "6e5c61be-ed48-489d-a584-821f7032877f", "value": "c8fbd267744bb1909959f92841f69d25e732f559e74ca7b596ee008a78f17614", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1764810067", "to_ids": true, "type": "ssdeep", "uuid": "8fae175c-2e01-4b60-a05d-6999ca22cc8b", "value": "6144:kmYMq54+UzSSwCYQSBGOm+qE6yi4EhT9VJXzP1V/yoMbkr2b:2Mq54+UzSSwCYQSBGOm+qE6yi4EhT9Vc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1764810067", "to_ids": false, "type": "size-in-bytes", "uuid": "322bee0f-2d85-4ae7-a23b-76e28c3951e0", "value": "275456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1764810067", "to_ids": true, "type": "vhash", "uuid": "b1c4d168-f992-480e-8101-e5716f494df2", "value": "225036555512307e54303360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1764810067", "to_ids": true, "type": "filename", "uuid": "458be296-4665-46b3-bd6e-4dc7de2e5f39", "value": "Remington.exe" }, { "category": "Other", "comment": "Checked: 04/12/2025\nLast-scan\t: 30/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1764810067", "to_ids": false, "type": "text", "uuid": "11265809-5d63-46be-b2d7-0bff39400247", "value": "Type Description: Win32 EXE\nMicrosoft: Backdoor:MSIL/Bladabindi.AMBE!MTB\nVT Total Detection:53/71\nFirst Submission:2025-07-30T05:13:24.000000+00:00\nLast Submission:2025-07-30T05:13:24.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1764810344", "uuid": "4788bf9a-00b9-4bd7-8ee8-d5638224ecd8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1764810344", "to_ids": true, "type": "md5", "uuid": "8aa59623-1f5f-441d-9cbd-e543ee3aef5c", "value": "3f17ed370489371093c2a3d768cb6b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1764810153", "to_ids": true, "type": "sha1", "uuid": "efe9cd6c-1cf1-486b-9fd9-cd084f98977d", "value": "fb4f0ddcaf872e4c7850e4cefad59a2c62f54424", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1764810153", "to_ids": true, "type": "sha256", "uuid": "0e36fb7b-8bcf-4fa8-b8cb-8714c9c0ad5a", "value": "6005f0e4563fef5e8abfdb88cacd5b3d8fd4cff04b1af93e8e01a9990f46d5c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1764810089", "to_ids": true, "type": "ssdeep", "uuid": "64f7eb46-d0dd-443c-b0c3-9b6055e7570d", "value": "768:iyhCnDGYhWa4PXldTkQiXlDipJS1ay5921ZJkjGnH7ZgOvoHkeMbh738:FhCnDtWa4PzXGlDipJSR5Y77EEeQhw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1764810089", "to_ids": false, "type": "size-in-bytes", "uuid": "be623ea3-6629-41a7-97df-e45090d4883d", "value": "45056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1764810089", "to_ids": true, "type": "vhash", "uuid": "2ad85e71-15db-47cf-8390-5e5b9748d1e2", "value": "34403655151f081b123010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1764810089", "to_ids": true, "type": "filename", "uuid": "66b5a830-7e18-4c04-98b8-dd6b1e392eb6", "value": "Shape.dll" }, { "category": "Other", "comment": "Checked: 04/12/2025\nLast-scan\t: 11/11/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1764810089", "to_ids": false, "type": "text", "uuid": "444e51de-10a1-4133-9084-88bfc47306ab", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:43/72\nFirst Submission:2025-08-01T07:01:52.000000+00:00\nLast Submission:2025-11-09T05:19:06.000000+00:00" } ] } ] } }