{ "Event": { "analysis": "1", "date": "2020-07-01", "extends_uuid": "", "info": "[Threat Intel] Mobile APT Surveillance Campaigns Targeting Uyghurs", "protected": false, "publish_timestamp": "1780039657", "published": true, "threat_level_id": "2", "timestamp": "1780039657", "uuid": "4b09400c-8690-4b8d-99a6-e274b658e7b7", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#4df024", "local": false, "name": "misp-galaxy:target-information=\"Kazakhstan\"", "relationship_type": "" }, { "colour": "#841801", "local": false, "name": "misp-galaxy:target-information=\"Kuwait\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#3b9849", "local": false, "name": "misp-galaxy:target-information=\"Saudi Arabia\"", "relationship_type": "" }, { "colour": "#ce98fe", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#aad0dc", "local": false, "name": "misp-galaxy:target-information=\"Uzbekistan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"CarbonSteal\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleAgent\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"GoldenEagle\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SilkBean\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT15\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740307430", "to_ids": false, "type": "link", "uuid": "49633571-69b7-456f-be44-d7348a8564a7", "value": "https://blog.lookout.com/multiyear-surveillance-campaigns-discovered-targeting-uyghurs", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736670036", "to_ids": false, "type": "link", "uuid": "c864d074-120f-4e23-86ae-89faa586e45a", "value": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736670036", "to_ids": false, "type": "text", "uuid": "90fba238-d113-4164-9579-a82ba13011a9", "value": "A collection of long-running Android tooling connected to a Chinese mAPT (mobile APT) actor." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736670036", "to_ids": false, "type": "text", "uuid": "e2580555-5c32-4a69-8372-38c5ef5e596d", "value": "Name: Mobile APT Surveillance Campaigns Targeting Uyghurs\nAuthor: AlienVault\nAdversary: \nTags: [\"SilkBean\", \"DoubleAgent\", \"CarbonSteal\", \"GoldenEagle\", \"China\", \"Uyghurs\", \"Mobile\", \"Android\"]\nTgtd countries: [\"Afghanistan\", \"China\", \"Egypt\", \"France\", \"Indonesia\", \"Iran, Islamic Republic of\", \"Kazakhstan\", \"Kuwait\", \"Malaysia\", \"Pakistan\", \"Saudi Arabia\", \"Syrian Arab Republic\", \"Turkey\", \"Uzbekistan\"]\nMlwr families: []\nAttack_ids: []\nIndustries: []" }, { "category": "Targeting data", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740306854", "to_ids": false, "type": "target-org", "uuid": "c3af6e8e-b6da-4f23-8579-d1ba7ec12fac", "value": "Uyghurs" }, { "category": "Network activity", "comment": "SilkBean C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307015", "to_ids": true, "type": "hostname", "uuid": "57b54248-7586-4763-a2a1-6288120a7ab4", "value": "www.turkyedu-online.com" }, { "category": "Network activity", "comment": "SilkBean C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307015", "to_ids": true, "type": "hostname", "uuid": "99e22cdf-7e6d-4785-9eb7-76db1a2ca157", "value": "www.englishedu-online.com" }, { "category": "Network activity", "comment": "SilkBean C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307015", "to_ids": true, "type": "hostname", "uuid": "588a49b2-f238-4bfa-a985-d08fe8ab6bc4", "value": "www.turknews-online.com" }, { "category": "Payload delivery", "comment": "SilkBean No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840452", "to_ids": true, "type": "sha1", "uuid": "3cfb67f1-8f37-4698-9cb9-0e3a106f1c4f", "value": "f99a071e2a1da49872a50d8a6b1a8b5b9b927233", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "e5ff8fa3-913e-44d4-b2bb-596199412ce8", "value": "youtube.dynamicdns.org.uk" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "ad521c4c-a0f6-4f0b-895d-4ccb9f1bb35a", "value": "tree.ddns.us" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "efa07296-d7ee-4ba9-aabf-6c7fe0d39f7c", "value": "coco.wikaba.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "3e69b643-8272-44ff-9ca2-28f8e595bffa", "value": "umare.zyns.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "a054b97f-345e-4608-85c2-746529358194", "value": "phpyahoo.mrbasic.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "8abd80bc-55aa-43b0-b2b8-f2d4dcd6c02a", "value": "androidapps.spdns.eu" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "d68aac2f-9402-44ed-b94d-20c4b90c12c3", "value": "androidapps.fvk.cc" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "f3af880e-47e8-49f2-bafd-b60391d0dd26", "value": "androidapps.linkpc.net" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "b8d2c544-194f-4a40-8715-03026323f1e5", "value": "androidapps.duia.in" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "fb3956ef-6009-4236-bd18-b517ced2e5b9", "value": "heartsys.dnsapi.info" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "8688f06c-4e74-4fa2-92d0-1dd165d126ba", "value": "androidapps.nsupdate.info" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "85bd3237-2498-4cab-adf9-b94a190ae204", "value": "android.apps.us.to" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "c4d9fa26-58fd-45a0-8662-3f8c0b6d39e7", "value": "androidapps.spdns.org" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "26852aff-343f-4388-b537-4d4fdfb8d95b", "value": "androidapps.npff.co" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "0e50fb1a-39cd-48e4-bd8b-9d491b89e6a2", "value": "androidapps.home.hn.org" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "a6a7ce2d-1dbd-412d-be63-4d7f1f719420", "value": "androidapps.nerdpol.ovh" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "852b7c79-17e5-4240-a6e2-d0f41fb1813f", "value": "androidapps.myfirewall.org" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "d8b62a2f-74f8-4065-ac82-67ad3c88a3df", "value": "androidapps.jetos.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "domain", "uuid": "79ce4286-1f01-4e9b-b7e0-ab0791f37f9c", "value": "androidsapps.ml" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307080", "to_ids": true, "type": "hostname", "uuid": "2df03065-aae8-4e5d-af22-2f4b8351e607", "value": "androidapps.tempors.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307081", "to_ids": true, "type": "domain", "uuid": "267a0100-5a5b-4b79-9f36-b6f12d67feb4", "value": "wephone.top" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307081", "to_ids": true, "type": "hostname", "uuid": "dafb8772-3c04-4e89-b6e3-f1a4098e9c01", "value": "www.cookedu-online.com" }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039652", "to_ids": true, "type": "ip-dst", "uuid": "7fd9c3bc-9dda-4cad-953a-f4d5438d06b5", "value": "176.31.115.156", "Tag": [ { "colour": "#21ca95", "local": false, "name": "asn:asn=\"16276\"", "relationship_type": "" }, { "colour": "#983aa5", "local": false, "name": "asn:as-owner=\"OVH\"", "relationship_type": "" }, { "colour": "#93736f", "local": false, "name": "asn:as-country=\"FR\"", "relationship_type": "" }, { "colour": "#f6cea1", "local": false, "name": "misp-galaxy:country=\"france\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleAgent C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307081", "to_ids": true, "type": "domain", "uuid": "726cb3c1-efc9-4f1d-887d-45f4215c9f7c", "value": "babyedu-online.com" }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840474", "to_ids": true, "type": "sha1", "uuid": "585b6bc6-a0d5-4e75-8dc4-9de541fa08a6", "value": "ae08317008f7cf7ed4e26cb27fba3c55aa884bce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840495", "to_ids": true, "type": "sha1", "uuid": "670cf363-d4b0-4580-9122-d9103829f6ca", "value": "584dfae56ba04776d630f8a0179c9799617dfc85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840516", "to_ids": true, "type": "sha1", "uuid": "21dcdda6-0b06-4a2a-a820-603ffbd745b0", "value": "ae7b653af51f5216af8e11042370239dcc1f4873", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840537", "to_ids": true, "type": "sha1", "uuid": "53aba424-4f3a-4285-b3b3-27325e113055", "value": "4ec4bfc9cfe555e2990b447962181c43272afd3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740840559", "to_ids": true, "type": "sha1", "uuid": "877d72d1-e11d-4255-8e80-4023ca87a9bb", "value": "34de7568ade42cdce527b218f465098a200e4115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829476", "to_ids": true, "type": "sha1", "uuid": "598753c0-787a-404f-860c-bef7b4db8574", "value": "ae9339dae4030729de951fac46df93839b952515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "6fd1d50d-d3c5-49e2-9767-6d68be079f18", "value": "61.178.79.131|8888" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "05322cfa-6a48-4624-a577-94b06a71ffda", "value": "joke.upupdate.cn" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "20cc80d8-5312-4298-9aa3-c635d769bf81", "value": "sz.secpert.com" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "3aecb8e7-8dda-4c57-92c8-18372b1d5eb7", "value": "103.66.217.15|8443" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "c1f884f3-ac03-41b1-96a8-bec1c63d35e7", "value": "103.75.3.59|8443" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "3c9bb4da-3cca-4f80-97ae-c21cc7955c37", "value": "6006.upupdate.cn" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "63a3ea74-eef2-4e8f-826b-f22fe1c86904", "value": "ss903.w3.ezua.com" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "605868f4-60c4-45ff-a0a8-a78c90c01ea6", "value": "ss904.w3.ezua.com" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "6c97e549-b74c-4c7b-a0e2-cec32eecccbf", "value": "119.36.193.210|8888" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "f84d67b5-19b6-4804-8d6e-7686a5580a5e", "value": "58.49.109.166|8011" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "58105c0d-9417-494d-a997-3d329aacff7d", "value": "58.49.109.166|8012" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "8a0adb4a-3c36-494d-b0ac-429be4bcac26", "value": "59.188.236.193|8012" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "4438856a-1139-49cd-be38-3dd20e8f97c9", "value": "59.188.85.70|8089" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "641f5167-bc82-456e-b2b9-6024691c26b2", "value": "61.134.50.45|801" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "2593522d-461b-49ee-8613-26e277237e16", "value": "61.134.50.45|8011" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "86a19700-c483-4c16-b2b4-9f7f5e17c4ad", "value": "103.66.217.15|8008" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "c3ac313b-fcad-4d5b-876a-ade7bb488093", "value": "103.85.21.175|8088" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "d7485a0c-2a85-4592-a29a-299aab4df90e", "value": "6006.secpert.com" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "68314240-e821-4256-8c0b-82f59c031e79", "value": "s101.secpert.com" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "3106d09c-a203-44d8-92df-edebda7c9d5a", "value": "111.172.155.190|60066" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "7324ca61-8e5e-4f00-9508-854b32fed902", "value": "s2.upupdate.cn" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "3c0cd0bb-cf92-470a-8368-89324495cb7f", "value": "113.57.68.223|15005" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "hostname", "uuid": "b18531b2-d443-408f-8948-fd9e5c4fe62b", "value": "amote-366.vicp.cc" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "a094263e-5769-47ca-b7c4-c7989ce7feed", "value": "103.105.59.47|8081" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "00f2a8c2-d7a3-453c-acdd-f5291ec4c433", "value": "110.153.177.126|1882" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "2cfc2206-ef51-4e71-8679-1a77edf47ac2", "value": "103.74.193.122|8081" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "d3147cc4-400a-4c5b-aaad-8e56e4dfc2ed", "value": "183.94.24.18|15005" }, { "category": "Network activity", "comment": "CarbonSteal C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307125", "to_ids": true, "type": "ip-dst|port", "uuid": "4bb62884-d8bd-408d-9325-27a4a1bb93b7", "value": "59.175.144.74|9091" }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829497", "to_ids": true, "type": "sha1", "uuid": "ef411015-0ab8-4b1c-96c9-5f928ad403d1", "value": "bdd778a75a8ea74c1dd0a06fc1ae4d41e5518d91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829518", "to_ids": true, "type": "sha1", "uuid": "50728c09-b771-4ed8-99de-b4cf95f9317c", "value": "a3f91dde5854bd781b15c307ce03bcada1baf6fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829539", "to_ids": true, "type": "sha1", "uuid": "67cc6a11-46cb-43dd-9abf-8a9df47171fb", "value": "f55a23e54e91c843f8fffb243ba0d1ebaf4d5d3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829560", "to_ids": true, "type": "sha1", "uuid": "b2195228-0796-4007-ab34-aa91eaec1539", "value": "65cac7c80f3ab562b0a239bc36218bcec70f6ae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829581", "to_ids": true, "type": "sha1", "uuid": "d8187f43-92f2-4b67-8b64-d3c0e2ab814d", "value": "60604d7a9c42c2becf2f2f5af6822d058eb6ae98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829602", "to_ids": true, "type": "sha1", "uuid": "e9f163dd-e41d-4cb8-8ce2-15efd42644e9", "value": "f2341bef7212cd6d15638c30076460b11321a2d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829622", "to_ids": true, "type": "sha1", "uuid": "c5f366bf-ccb7-4125-817a-5ab3564e6226", "value": "6ab2414fd44d84303e8698548ee6c2fd4dfd78c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829643", "to_ids": true, "type": "sha1", "uuid": "e70eed8a-d338-426c-a9d4-82f621b9a26b", "value": "d9ad43d4192c16190786ae89190113931b438909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829664", "to_ids": true, "type": "sha1", "uuid": "7f89ab42-79b5-4027-9897-51bd1349990b", "value": "aefaab4fd236b25cd7fe91210c0176d631b7bb6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829685", "to_ids": true, "type": "sha1", "uuid": "72e37fe1-76a1-40bb-94ca-6806c6ceb2a0", "value": "0fc290c6448dfaca535768c594a91e5d19855079", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829706", "to_ids": true, "type": "sha1", "uuid": "dcee94c9-fe1c-4941-9494-3d6d32604739", "value": "9becc7919a63ec5188629047e7ca02d7a592f314", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829727", "to_ids": true, "type": "sha1", "uuid": "c4be3374-082d-4d39-a851-e04124f94c85", "value": "9e6297136ca7bc8da094bf3421c8be4595ee0db4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829748", "to_ids": true, "type": "sha1", "uuid": "c6726ea8-254d-4f93-996b-c6e0bcc377ed", "value": "1df29ec83d0858c04557a56d10e5ee482ffc03c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829769", "to_ids": true, "type": "sha1", "uuid": "f1c96e3a-5fb2-4ebc-91d0-df02e0f35d95", "value": "eb1243d5f293087643db7263a40516026b69e697", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829789", "to_ids": true, "type": "sha1", "uuid": "6ed342eb-ce87-4baa-a4c1-ccd59a2c705d", "value": "dfc7dccc9a0738a591ef302baa45ecd8e45c0a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829810", "to_ids": true, "type": "sha1", "uuid": "c2a85371-85b0-49af-9d78-78621561dd77", "value": "ecbe302daafb23eba47960031c659c42e1f9b24b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829831", "to_ids": true, "type": "sha1", "uuid": "ef4eb306-600c-46fe-9d28-96654108cebf", "value": "82fe511a4fda38816eea0b3e4c13cf1b6c188e37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal No sample in VT\r\nLast check:01/03/2025 No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740829852", "to_ids": true, "type": "sha1", "uuid": "b80ab8ac-63a1-4bf5-ae59-609ad326b8e2", "value": "23596e0d4f5cc9e53bc8de92f3899dd16e44448d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "13dd3bbe-fad8-4fd7-81ad-97528edc91fa", "value": "64.185.228.252|8080" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "9f6085a7-ea08-4620-bbe5-cb0ffca6ac53", "value": "203.124.14.109|8080" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "3e013df5-2c45-48b6-a25c-723f4ca05e29", "value": "113.200.218.226|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "a70a2450-1f14-406f-bc07-1f83b2c72868", "value": "103.255.177.45|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039654", "to_ids": true, "type": "ip-dst", "uuid": "195c040f-15e4-4e88-bc18-4e888414e62f", "value": "150.107.3.188", "Tag": [ { "colour": "#f6f204", "local": false, "name": "asn:asn=\"62610\"", "relationship_type": "" }, { "colour": "#9b8cbe", "local": false, "name": "asn:as-owner=\"ZEN-DPS\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "ed0dbe9f-f8f1-4182-9e2d-aba0cbf26bec", "value": "118.193.232.169|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "70dc30b5-0024-41be-b928-c19471059dd8", "value": "185.170.210.98|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "2f264bfd-838b-4894-8a5a-e10fb12be35e", "value": "103.59.166.106|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "hostname", "uuid": "b721e56a-0490-4bd5-89db-5c853eff5a84", "value": "www.vipapkdownload.com" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "8ed4190d-f9ab-4c18-8919-603869f62aba", "value": "103.255.177.60|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "hostname", "uuid": "14ba6e1a-ef42-4b3b-a0b2-8754f00729aa", "value": "www.nortonservice.net" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "0e036e5f-d51c-41c2-a43c-4c2f40a1d70f", "value": "106.12.39.148|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "2cd63c1d-aaee-4557-b452-be4f0244071f", "value": "100.64.223.251|8888" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "576dc5e2-b3f1-4002-a28b-5e60aa87d5a6", "value": "10.194.103.47|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "domain", "uuid": "331c3ff8-b78f-41a4-861f-716232aae1bb", "value": "vipappdownload.com" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039655", "to_ids": true, "type": "ip-dst", "uuid": "0bfefcd6-a172-4e87-a9cc-79f876437034", "value": "103.56.17.108", "Tag": [ { "colour": "#a612ce", "local": false, "name": "asn:asn=\"132883\"", "relationship_type": "" }, { "colour": "#3a7b7a", "local": false, "name": "asn:as-owner=\"TOPWAY-AS-AP TOPWAY GLOBAL LIMITED\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039657", "to_ids": true, "type": "ip-dst", "uuid": "d70dafd5-dca1-45c0-9cc6-7df2f0dfdccc", "value": "101.78.230.99", "Tag": [ { "colour": "#477bda", "local": false, "name": "asn:asn=\"9381\"", "relationship_type": "" }, { "colour": "#1a7131", "local": false, "name": "asn:as-owner=\"HKBNES-AS-AP HKBN Enterprise Solutions HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "ip-dst|port", "uuid": "ba69f7ae-40a0-496e-8d3a-9a5af8f7ae5f", "value": "103.255.177.61|8086" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "domain", "uuid": "3e74a858-f121-4778-80a4-7d45ae8b9d99", "value": "googlleservice.com" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307210", "to_ids": true, "type": "domain", "uuid": "3369f727-1844-4693-a81f-bb250daf177a", "value": "symantecupdate.net" }, { "category": "Network activity", "comment": "GoldenEagle C2", "deleted": false, "disable_correlation": false, "timestamp": "1740307211", "to_ids": true, "type": "domain", "uuid": "a24fabf8-1508-48c7-9972-2469dd62f5f8", "value": "googleanalyseservice.net" }, { "category": "Payload delivery", "comment": "GoldenEagle No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740832137", "to_ids": true, "type": "sha1", "uuid": "c52fa505-1590-4bf6-883d-1ad2610ae75c", "value": "0b2ff1231fd8985d54c0508fb541ecd4ed56c10e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740832265", "to_ids": true, "type": "sha1", "uuid": "178c1a65-3f84-4efd-9132-5909e245ba07", "value": "75e7cf299648154142ad93d2c52a4327b3f61dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle No sample in VT\r\nLast check:01/03/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740841070", "to_ids": true, "type": "sha1", "uuid": "9a0e06b4-6210-4dea-9e0e-05f6c299016f", "value": "d51930a82ba46cf147b0a2a330aa47f988cd3bf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859211", "uuid": "e7cfaea6-8a64-41e0-8189-4a0e5441ce37", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859211", "to_ids": true, "type": "md5", "uuid": "0332edd7-bf6f-43cd-93a9-6849412644b1", "value": "53efa134469aef8c5f6b885fe9c22484", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859211", "to_ids": true, "type": "sha1", "uuid": "013a83a6-2ee8-484a-8e1d-95709d779e6f", "value": "6f233bd2dd5a14cdfe9fa3ff47e690b6d053dd57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859211", "to_ids": true, "type": "sha256", "uuid": "f91e4c69-01d7-47f7-b197-79f461b143fb", "value": "e4527872f21a8bdce02b432499e06234a2a659a500a77b4009e4876e846df3c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792961", "to_ids": true, "type": "ssdeep", "uuid": "e366bf3a-47ac-4760-b04d-8fce872ceee4", "value": "196608:Bq8sBpbpeK9iUATdGM1bmICJDLE1c/NLD92aIiE:g8wtHiUeGM1bmzvE1YVrE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792961", "to_ids": false, "type": "size-in-bytes", "uuid": "d691f2fe-bfdf-4fb4-814e-2f0d7c0fba54", "value": "6355727" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792961", "to_ids": true, "type": "vhash", "uuid": "bba87fe4-8c59-4790-ae7e-6f59adb6083b", "value": "ccdcab2faca17e4f55e29755181b5fc3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792961", "to_ids": false, "type": "text", "uuid": "c1fa44f1-847d-44be-8897-e75a21186858", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:22/65" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740804512", "to_ids": false, "type": "text", "uuid": "9b7d2291-3636-4188-9eba-e5e1a4c3acb7", "value": "Type Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:22/65" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740804512", "to_ids": true, "type": "ssdeep", "uuid": "71af70f3-eadd-4bce-a6c2-c62d13c14651", "value": "196608:Bq8sBpbpeK9iUATdGM1bmICJDLE1c/NLD92aIiE:g8wtHiUeGM1bmzvE1YVrE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740804512", "to_ids": false, "type": "size-in-bytes", "uuid": "e1d79b4c-85ec-4287-b6bf-33123a82381c", "value": "6355727" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740804512", "to_ids": true, "type": "vhash", "uuid": "c3748b7b-995f-4a45-8ab1-8bb7ebf04c2e", "value": "ccdcab2faca17e4f55e29755181b5fc3" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859212", "uuid": "2b3b9cc4-1bf2-4f52-afb3-835624d0d1e2", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859212", "to_ids": true, "type": "md5", "uuid": "c3fe0575-f839-4f38-b5db-f6235907906f", "value": "0110334fd560f339f5a25dcee7e4857a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859212", "to_ids": true, "type": "sha1", "uuid": "54291367-08d8-44fb-b05f-c47179b0344c", "value": "cd899fa2da860994ee8de197630ea8ce11133417", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859212", "to_ids": true, "type": "sha256", "uuid": "5f84f37f-3917-4291-bab7-a2c64e1f3fd6", "value": "77a09d5dccc78b2fa650b60477cc57f38cb95a61702cf71076a9c07269adb6b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740792982", "to_ids": true, "type": "ssdeep", "uuid": "178d1c0f-1643-48c4-9c65-7070138d7434", "value": "49152:rdounHVjxREh3xR8zkfxB4iw7iQQycunHVQf:rdouHVjxah3xCzkfxQEuHVQf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740792982", "to_ids": false, "type": "size-in-bytes", "uuid": "52983a61-95a2-4401-b0f7-1a3eff266ab5", "value": "1859426" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740792982", "to_ids": true, "type": "vhash", "uuid": "272506c0-3553-4e2b-a214-6779219e6ef1", "value": "73e4e084a1f84dcf89e80f7f63beb5f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740792982", "to_ids": true, "type": "filename", "uuid": "3cd4a60f-9d7f-4a65-8874-0666996cb104", "value": "output.135493547.txt" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740792982", "to_ids": false, "type": "text", "uuid": "5d3a2b0f-f988-4bb2-ba64-66810c617be0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Carbonsteal.B\nVT Total Detection:20/64" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740804535", "to_ids": false, "type": "text", "uuid": "539056ec-03a4-4827-ac49-060d6cf9cb16", "value": "Type Description: Android\n\nMicrosoft: Trojan:AndroidOS/Carbonsteal.B\nVT Total Detection:20/64" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740804535", "to_ids": true, "type": "ssdeep", "uuid": "1fe882b8-caa4-4965-a7f6-646abeb1bb3a", "value": "49152:rdounHVjxREh3xR8zkfxB4iw7iQQycunHVQf:rdouHVjxah3xCzkfxQEuHVQf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740804535", "to_ids": false, "type": "size-in-bytes", "uuid": "73132d98-32ec-4bc5-acc3-6149d98f08d3", "value": "1859426" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740804535", "to_ids": true, "type": "vhash", "uuid": "e803bad5-25a9-4e5b-a621-f4e6b9f9223d", "value": "73e4e084a1f84dcf89e80f7f63beb5f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740804535", "to_ids": true, "type": "filename", "uuid": "5f4c86e2-59b9-461d-bb6a-c704d1db9656", "value": "output.135493547.txt" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859214", "uuid": "457d65d2-b2aa-4c06-a73f-1e51d3f815fb", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859213", "to_ids": true, "type": "md5", "uuid": "4a627450-5938-47d8-b6ee-d20317a31228", "value": "7c70731c9aff0b864cf78adb63d8c5ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859213", "to_ids": true, "type": "sha1", "uuid": "db963398-ffa4-4f45-a240-a92cc8b18c87", "value": "3da34aaf95ffcb5c5d36c2a9fc542c1b08c36d2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859214", "to_ids": true, "type": "sha256", "uuid": "e88e6626-38e0-4366-9aaa-41ddcfc4da43", "value": "04bb047789f98c42039c22cde790665d11749856c138e7997ea83fbb2f6b5b8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793004", "to_ids": true, "type": "ssdeep", "uuid": "e85778bc-a102-4d50-9f55-b7087a7dd4e2", "value": "196608:nrqpw47SbU3rdutv+M1szgpDVM6oNMq+ijgp:rqpw4+WxuYM1BXM6hfp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793004", "to_ids": false, "type": "size-in-bytes", "uuid": "3234abf0-b0a9-4926-99c6-026bd6bf4ce6", "value": "8523497" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793004", "to_ids": true, "type": "vhash", "uuid": "deb26127-7ecb-4cfb-9bd4-106ee759667a", "value": "a822c06a0c480320a096c4132c928eba" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793004", "to_ids": false, "type": "text", "uuid": "52cbc223-8a55-4025-a8c3-54b8620854a1", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859215", "uuid": "073dfd5c-2202-4512-a937-342818778647", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859215", "to_ids": true, "type": "md5", "uuid": "7bab6d02-237c-49cf-800b-ecd24a8be4a3", "value": "699f868574d8f570f9e22457cfdb9049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859215", "to_ids": true, "type": "sha1", "uuid": "339447c6-5944-4cf1-b18d-78e390c2b924", "value": "c04f65fbe15d0162c42e4d2537a17fe961e926d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859215", "to_ids": true, "type": "sha256", "uuid": "0fba1496-eac3-4495-a950-c74130128e0c", "value": "8c8b7e11c23cccab48e237f548aeaaa92d1109a99634766b70ea0b99bea3f534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793025", "to_ids": true, "type": "ssdeep", "uuid": "2088203c-8a69-49ad-9a65-962ef5071fea", "value": "98304:8ZJnLwDkbS0BZ8cbzNLavOUxkqInS3kGAOxywgxX2rlfmSeQCXVhMYEQDUxF/kcJ:aNLldbpLaGU53kGASywgEr9mkC4k3Et" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793025", "to_ids": false, "type": "size-in-bytes", "uuid": "fc4b23ef-eb21-41c4-a394-3ef58f4528ed", "value": "5187018" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793025", "to_ids": true, "type": "vhash", "uuid": "c2cdfe0b-1629-4deb-9dc1-eae1ed868175", "value": "af7d142632377b436acada6bc6706ab2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793025", "to_ids": true, "type": "filename", "uuid": "a85718c5-d70e-47d6-9cae-c82c7af1d088", "value": "output.155377174.txt" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793025", "to_ids": false, "type": "text", "uuid": "0538cf51-48e5-4fa6-8035-c61b7d73a843", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859216", "uuid": "e0804afd-2f1c-49c0-8ef7-1e8d17f2b555", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859216", "to_ids": true, "type": "md5", "uuid": "c400a7ac-82fb-4415-a7cd-3f6d03fccd42", "value": "e5295e29f83b55c9db75e52fd94b1953", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859216", "to_ids": true, "type": "sha1", "uuid": "8b0f5210-afad-4e35-9963-29873b4ec310", "value": "ace3fdf12a5fd099043840e0925347485f5557a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859216", "to_ids": true, "type": "sha256", "uuid": "4f5cde59-526a-415d-8c36-08c04f4be8fb", "value": "33bd3ccad2e6605ef52aa4e7c00cf99c8b6c9a36d1121fdcab6f39a6acb47d76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793046", "to_ids": true, "type": "ssdeep", "uuid": "da76d2f3-7776-4556-8e8b-77eea206ce02", "value": "196608:URelRwL1lej4Dk1Iqh5/IqMCuKUoOQmaVc1QJloTMQhDFDU4:0elRwL1lej6YIqPj7UpQml1QJl/QhDi4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793046", "to_ids": false, "type": "size-in-bytes", "uuid": "f1b7485d-7fba-4dba-9450-08091c1b842b", "value": "10476922" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793046", "to_ids": true, "type": "vhash", "uuid": "5203fc8b-e8ef-46c8-af3b-a1a4dadb6600", "value": "f8d0ba4f4fc3da7dfa5363e9faf6492c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793046", "to_ids": true, "type": "filename", "uuid": "fbc696e6-69b8-4e3a-9573-e6642ee2940f", "value": "e5295e29f83b55c9db75e52fd94b1953.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793046", "to_ids": false, "type": "text", "uuid": "fcd78d28-137d-4ee9-9ab0-96027eddc1ef", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859218", "uuid": "bc8a6f96-3c92-4934-91db-d35be6db0406", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859217", "to_ids": true, "type": "md5", "uuid": "a01b1d99-723c-4369-a311-340a94c785b5", "value": "f61ea33537aa4c7acdb82e4dc2d46bd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859217", "to_ids": true, "type": "sha1", "uuid": "34abd05c-b97e-4fa4-9512-d48edc1a7a93", "value": "cd754dcc9c32e0c8f6bd2823a2f14a77a3908d75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859218", "to_ids": true, "type": "sha256", "uuid": "f3c309db-fdb3-40a1-a92c-bbf3a42088f7", "value": "4c47b40a31d8d0ffa2bab91d2fcb86db51444b0de1fad1280a6ec7bd503d8e78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793068", "to_ids": true, "type": "ssdeep", "uuid": "8662d146-c8ec-425f-ac74-d633d4a7eb30", "value": "12288:XpHq8T4+Akot9wulCyeQgjU72kv2ilYMfQhwsm+1+8LdcX2oQ4g:5HvpAkCGkCyeQgjTW2i6BKxy+862gg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793068", "to_ids": false, "type": "size-in-bytes", "uuid": "bbd06cb4-907f-4d96-9f21-f9b8e9560f65", "value": "603838" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793068", "to_ids": true, "type": "vhash", "uuid": "326fbaa5-ce11-4fe5-b5a6-1d8840b8c9d6", "value": "672e1e2bbfadbff1cd7285136eaa6dc2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793068", "to_ids": false, "type": "text", "uuid": "2d2894c9-7c20-4d6c-9e0e-91302edbefa8", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859219", "uuid": "f6c67140-2485-4db0-9348-14c8aeec2ec9", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859218", "to_ids": true, "type": "md5", "uuid": "583c5f3b-c65a-4540-9dc1-13c3ceaf152a", "value": "71b1a6a954aefa489c377ec18aa5c25e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859219", "to_ids": true, "type": "sha1", "uuid": "a74e7522-5887-433f-912c-687dbdefff0d", "value": "588a6f6e34fefb22c5d60660e469789d9ae68776", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859219", "to_ids": true, "type": "sha256", "uuid": "e5fd7334-35ba-47b1-a7da-5e3e79103bd0", "value": "6f26e75de11ab9bc40c68ebc215535f46474ff9a9352964faaef4edf3ec2c3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793089", "to_ids": true, "type": "ssdeep", "uuid": "796827e6-07a4-4f6a-8ae7-82740342fbd3", "value": "98304:LqJedTx+dhf/XObZ6gMXqs4UQ+jSN19PLlpYZWt+5LW4cI5CMLeX4JtxTQNQOqv+:LYMTkfTSBB+s9POW4LK1seWxEC+V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793089", "to_ids": false, "type": "size-in-bytes", "uuid": "dc1cc33e-f7e9-4dba-a831-bdd140696c60", "value": "7876739" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793089", "to_ids": true, "type": "vhash", "uuid": "443e9b96-d98f-427c-84bc-987fd84098fc", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793089", "to_ids": true, "type": "filename", "uuid": "2f865e9b-ae46-40c4-8fb2-09435644b2b0", "value": "71b1a6a954aefa489c377ec18aa5c25e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793089", "to_ids": false, "type": "text", "uuid": "7ea56190-4544-40e8-a5d5-7f1fb5b50fbb", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859220", "uuid": "1aa4f58c-45c2-45f6-9d5f-8b11a5225a67", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859220", "to_ids": true, "type": "md5", "uuid": "bd841ffe-c90b-47d2-8add-3cf5a59dcae1", "value": "a2c4a0962cce1a9f4dfe4ef827107b94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859220", "to_ids": true, "type": "sha1", "uuid": "771aff8b-ddc7-4d3f-9a28-1093e3b6ffcc", "value": "3161fa0a46dd453bb7afb61ed0baf827778011c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859220", "to_ids": true, "type": "sha256", "uuid": "7771957f-3044-4cd7-94f2-238fc959d9f1", "value": "2a8c1950df52f2e192bcf66e290f5d238e6ce0440692d018c425468d84412a29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793111", "to_ids": true, "type": "ssdeep", "uuid": "220c2be6-69f5-49e7-a7d0-e9b5265b238c", "value": "196608:J8g+aMy91dp1IG5GxHTJ5CJd3DBDlUAr1o7W3ICodTY2fgfXFgoV:qlaJf7wxHTJ5CJ1FCArKC3ILdpwgoV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793111", "to_ids": false, "type": "size-in-bytes", "uuid": "8814dfed-ed43-4fe5-9909-abb0062a269a", "value": "9574523" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793111", "to_ids": true, "type": "vhash", "uuid": "7f650a04-97f3-4640-bb09-c1c36bcb225a", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793111", "to_ids": true, "type": "filename", "uuid": "46a72a87-2afa-45c3-a2ff-f7cbe6b3d533", "value": "a2c4a0962cce1a9f4dfe4ef827107b94.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793111", "to_ids": false, "type": "text", "uuid": "cb27eb86-9d41-4f41-ba48-ac902859bfbe", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859222", "uuid": "ce9e3058-b9b0-46b7-8380-be009b6b8fcb", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859221", "to_ids": true, "type": "md5", "uuid": "f9a02779-c5f8-4472-9c2f-b0b65f8ae7b7", "value": "46e0c953794eb04e2f51669b7b79ab3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859221", "to_ids": true, "type": "sha1", "uuid": "1ee5b292-364d-4688-8cb6-1e55adfb217e", "value": "d43a4918d893122d7a3a18bb7b7d465a4b68f232", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859222", "to_ids": true, "type": "sha256", "uuid": "e3c9f052-6da1-48e3-9764-ccface4a8bfd", "value": "1b970ec7d55cd008f87e97b4df455c82b43be5119dcc11d5a5655d54438b5744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793133", "to_ids": true, "type": "ssdeep", "uuid": "6f3735aa-c8e5-4d81-bf46-0fc84808402d", "value": "196608:/Xft0dDLJSNE1H8vXXNUX1G286xw5fUF4D6pDD8/0eliw3ATAE8g3tt7Q:fcwNECX0U2DwL44/viw3ATV7Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793133", "to_ids": false, "type": "size-in-bytes", "uuid": "7f708265-adbc-482c-8251-a2b40236a2ab", "value": "10328644" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793133", "to_ids": true, "type": "vhash", "uuid": "3cbadcfe-c348-468b-9847-db7262827d56", "value": "f8d0ba4f4fc3da7dfa5363e9faf6492c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793133", "to_ids": true, "type": "filename", "uuid": "9788fcc8-7ccc-4c7a-9bbd-713b2692b4da", "value": "46e0c953794eb04e2f51669b7b79ab3d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793133", "to_ids": false, "type": "text", "uuid": "add55c3a-94c8-41b2-a8f5-404890b311a4", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859223", "uuid": "2c34a3b4-c137-4bf5-90a0-376bb2585652", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859223", "to_ids": true, "type": "md5", "uuid": "747d37c3-20d5-4c7d-8a8f-cbbd90cb60d1", "value": "62c6bb2b356e521c7b0d46c83cd8dd64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859223", "to_ids": true, "type": "sha1", "uuid": "18da600b-375b-468a-836d-aa1f04b358c9", "value": "1c2ffb37d5c4821adb87ff410084fe4190c67c93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859223", "to_ids": true, "type": "sha256", "uuid": "e3cc9afa-b1b9-4ce4-94a4-b60076b74cd5", "value": "d285830bf7d070403fe125a3659137f7e1101de91423ac11439f0ad9e7ec9fa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793154", "to_ids": true, "type": "ssdeep", "uuid": "451d4bf1-f07d-4aaf-885d-fad005d00477", "value": "24576:wokahcSImWni+BlcIoz0DUaokvuBQvKc4PXR5BEhz45g:hkapILPlc8VN452n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793154", "to_ids": false, "type": "size-in-bytes", "uuid": "2bba501b-6006-4dbd-8f12-3380bd0c1458", "value": "1190882" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793154", "to_ids": true, "type": "vhash", "uuid": "0dfd51b1-85ee-4061-a9e8-c6c556e3e027", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793154", "to_ids": true, "type": "filename", "uuid": "b86ce07b-900e-4d05-9f3e-8cd2feda8bab", "value": "62c6bb2b356e521c7b0d46c83cd8dd64.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793154", "to_ids": false, "type": "text", "uuid": "597fc930-cc1b-40f3-8e0b-6c302622cf80", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:32/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859224", "uuid": "8c7d753d-c102-42d7-941e-c2dc30301ae4", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859224", "to_ids": true, "type": "md5", "uuid": "76c32969-a118-46f9-8f4a-2791671d3e0f", "value": "cc5aea266c21347270a2903c1308d411", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859224", "to_ids": true, "type": "sha1", "uuid": "710494e0-f0a5-4e5b-baee-d0ecbf6ddca4", "value": "c892e2e6b4bac797ef826053381ddf4fa9d78a0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859224", "to_ids": true, "type": "sha256", "uuid": "4979ec73-c022-4267-a34e-82f9c1dc073c", "value": "1cafd1536a7eb73dff045e0fd92fa84c1477a68adc7e86df7af7eb35307a2f72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793175", "to_ids": true, "type": "ssdeep", "uuid": "810c7598-eb77-4f2a-bfce-0ca7fc700212", "value": "12288:TKGtBniy4oUB6WXDglqwtSAzCG+vUFXJ9xkoxAT62/n:WDws6WHySAzx57XkO8n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793175", "to_ids": false, "type": "size-in-bytes", "uuid": "0bf79200-1759-429f-a4f0-39666dac8732", "value": "618505" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793175", "to_ids": true, "type": "vhash", "uuid": "8e0af221-3477-43c8-9094-3946d3bfae28", "value": "672e1e2bbfadbff1cd7285136eaa6dc2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793175", "to_ids": false, "type": "text", "uuid": "3a107144-634c-4586-b406-168486b0578c", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859226", "uuid": "7a697675-3808-4c88-a7ce-64d1393e9d01", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859225", "to_ids": true, "type": "md5", "uuid": "d04e8a90-4699-4660-b9aa-32a035532e90", "value": "fd5b8f8d9857aee53bb04fb078c03104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859225", "to_ids": true, "type": "sha1", "uuid": "0d2882b4-38e5-41c4-9564-47256a755e99", "value": "90605deb3f359e4deb917b85a38ea40715f1355d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859226", "to_ids": true, "type": "sha256", "uuid": "50cd656f-6ce6-4b62-a7c7-9ebc54610685", "value": "65030715552b4f26d6962f91fd16b65285bae0206b5e43c2f0a7717eec9c7298", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793197", "to_ids": true, "type": "ssdeep", "uuid": "a3709d16-e333-4817-9e46-1bbb5321a7d9", "value": "98304:JsOqWrd9M5gPoGLCkGyL28J2QTV57Y+RjIeW8Q3DxT5tG6Mofcs:JsO7TugnLNGWTV55Rl2ZGHcZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793197", "to_ids": false, "type": "size-in-bytes", "uuid": "2f41473c-946a-43c3-ae8c-368947d0d1e4", "value": "5423618" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793197", "to_ids": true, "type": "vhash", "uuid": "df23e75f-21dd-4736-9723-624f7e984c76", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793197", "to_ids": true, "type": "filename", "uuid": "ffb01daa-e09e-46c9-9978-d7da22af1239", "value": "fd5b8f8d9857aee53bb04fb078c03104.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793197", "to_ids": false, "type": "text", "uuid": "ea826aee-7013-4bc4-90e1-76c1d38b4c59", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859227", "uuid": "08de4354-5da6-4705-8c2e-8b20b922c031", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859227", "to_ids": true, "type": "md5", "uuid": "2771ae53-7501-46a7-af56-ce04c06ca2d3", "value": "d8ae2ed0d6d062acba19974058be44bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859227", "to_ids": true, "type": "sha1", "uuid": "34c50abd-aa83-42ae-8bd7-e23dc874e699", "value": "4cc10ba6821b25c162f06d9efcbb4b19d664599d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859227", "to_ids": true, "type": "sha256", "uuid": "be81e1e0-3fc0-4bc7-93cd-4cda8ddf2dab", "value": "0cb3ebe9c27cf9a4bc0ff5f3b7ad8c92caec22f36246ce7838190312337c72d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793218", "to_ids": true, "type": "ssdeep", "uuid": "8ba54156-3cbf-436b-b631-51070d009f85", "value": "12288:OzTBRm+7i+zRdJ0o7h4GoeiEHbxEcZvQEEVS9G+YORxAFB3b6maZms+RTcbO:4Dm+3DKehh9V94ovAFB3Wvws+RTSO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793218", "to_ids": false, "type": "size-in-bytes", "uuid": "e7d46a49-acec-4ed9-8196-f677326133c3", "value": "676761" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793218", "to_ids": true, "type": "vhash", "uuid": "eb61a74a-56a2-47d2-97a5-421431a7051f", "value": "3362972861718122fb033a33f533f53c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793218", "to_ids": true, "type": "filename", "uuid": "5b1a249c-2835-42bf-8339-b44bb1e43e9e", "value": "d8ae2ed0d6d062acba19974058be44bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793218", "to_ids": false, "type": "text", "uuid": "506ae91c-b967-41c1-a947-fcfa33fb4dbd", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859228", "uuid": "625e67f3-d995-4468-bf58-eb4ed8c7a940", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859228", "to_ids": true, "type": "md5", "uuid": "0b397f3a-da60-4dbb-8605-442f41dba262", "value": "86b9b3f6d86dd22fd0ded8926d142504", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859228", "to_ids": true, "type": "sha1", "uuid": "3b50b84d-09dd-4e10-a088-d566f3b6c63b", "value": "2efef5273548b11b76fea477a47daf7892ecced3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859228", "to_ids": true, "type": "sha256", "uuid": "a210b8a9-d78d-4dea-ae93-2a50ecd1ded7", "value": "b8d42b5bced4f51e32e78058048b9be1afb614abb9919f2d52dfcb394e294435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793239", "to_ids": true, "type": "ssdeep", "uuid": "c208d016-9ed1-4d5a-830c-dfd59fb575b5", "value": "12288:fzl5wLFGo5hTN3RpZe/b3LG2aGh+SvE5vGo1pRqLex:rfAZOAGFvEjes" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793239", "to_ids": false, "type": "size-in-bytes", "uuid": "127a4782-53ed-44b3-87fe-a8a5b6b54036", "value": "618421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793239", "to_ids": true, "type": "vhash", "uuid": "3b0b878b-5d9a-4caa-94cd-6e7acb971419", "value": "672e1e2bbfadbff1cd7285136eaa6dc2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793239", "to_ids": false, "type": "text", "uuid": "d50a5012-55e9-4a32-b38e-c46c58899dd1", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859229", "uuid": "ab2afc1a-b795-4f5b-93fa-eb0f94bfb015", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859229", "to_ids": true, "type": "md5", "uuid": "cb5d7919-f001-4b7e-b2f1-b07eeaba5e7b", "value": "b49cfcd7771f2131e5b20e0230689142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859229", "to_ids": true, "type": "sha1", "uuid": "0fb0fc1b-e671-4dfd-b370-1a42684af3ab", "value": "ea9874a592a870849bd9eb5d6ac491a83726ec9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859229", "to_ids": true, "type": "sha256", "uuid": "41f00ebb-6fc4-4903-b900-d93dba4b3078", "value": "6ef813376a5fc15a1ccb83ee4ebee1bbefeb1b134fcc2aa6497153e2a717f3fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793261", "to_ids": true, "type": "ssdeep", "uuid": "2249018a-b110-4b4d-9d6d-f9882506dcaa", "value": "12288:hcptBniy4oUB6WXDglqwtSAzCG+vUFXJ9xkoxAT62/b:WUws6WHySAzx57XkO8b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793261", "to_ids": false, "type": "size-in-bytes", "uuid": "59483e9c-db25-4f64-b774-a92f693a9a0d", "value": "618506" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793261", "to_ids": true, "type": "vhash", "uuid": "48640d2b-ee8b-40e0-baeb-bf2191bfcbed", "value": "672e1e2bbfadbff1cd7285136eaa6dc2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793261", "to_ids": true, "type": "filename", "uuid": "95c9fb7c-d1e3-47c9-8948-8d9556dd5d87", "value": "b49cfcd7771f2131e5b20e0230689142.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793261", "to_ids": false, "type": "text", "uuid": "535cb8cd-afaa-428e-94ce-2fffe700fd40", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859230", "uuid": "1c3383ae-e252-4694-8a86-89f4fe139a8d", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859230", "to_ids": true, "type": "md5", "uuid": "8fb75a68-b9dc-4a76-8022-5932f93901f8", "value": "4c4fc453c593b5bc2ad3e7ec7960215e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859230", "to_ids": true, "type": "sha1", "uuid": "b9d7a283-05fc-4ed5-8ecc-566b91aedb22", "value": "e69fb314116badd439a3fc73a8b6e048c6308d4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859230", "to_ids": true, "type": "sha256", "uuid": "5974e25c-d2ec-4bcd-81f7-8244fddb4396", "value": "0d41f63263c7e857c2e981d30d3cfcffb07ce66797c5eb589e842528778542e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793282", "to_ids": true, "type": "ssdeep", "uuid": "5418c22c-d4df-4130-aa1b-a09560881c51", "value": "98304:9uM7giUcp/JV3il7Pq5PIxv5oWefZjTdbMfGORbw6sWkf+sY18x:9uiginV27+Ps5AtpCH2f2mx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793282", "to_ids": false, "type": "size-in-bytes", "uuid": "7e8f9afe-8b3d-4d9d-b524-fcd622c96a1d", "value": "4918471" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793282", "to_ids": true, "type": "vhash", "uuid": "afb8f180-6c8e-4743-bbec-2c307180b97b", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793282", "to_ids": true, "type": "filename", "uuid": "df14a440-0086-4949-82d2-c830e7dcbc93", "value": "4c4fc453c593b5bc2ad3e7ec7960215e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793282", "to_ids": false, "type": "text", "uuid": "d135de6d-78b5-47b6-a63b-186270fceea7", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859232", "uuid": "a734fdb7-0bbb-438a-8e4c-ed5025938480", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859231", "to_ids": true, "type": "md5", "uuid": "b1520346-aae0-479a-bf27-11f0bea5cb5e", "value": "8463d45ae8fabfecbace28430c3fd2bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859231", "to_ids": true, "type": "sha1", "uuid": "b749fd84-5bab-49dd-9716-2d5701bcf151", "value": "03b83059b08976afcadac42b79f867c5601b2b1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859232", "to_ids": true, "type": "sha256", "uuid": "46363b75-d5bf-45bf-920f-2ca922f0cac0", "value": "338af914a178361ff62c4c79f0a500682291815530be7141037e72030364bb2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793303", "to_ids": true, "type": "ssdeep", "uuid": "d6b46eea-58f3-42dd-a49b-44d935b6dca8", "value": "98304:1uM7giUcp/JV3il7Pq5PIxv5oWk1fjdV8bafGORbw6sWkf+sY180:1uiginV27+Ps5m1coH2f2m0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793303", "to_ids": false, "type": "size-in-bytes", "uuid": "b272caf1-b4d0-4a07-940a-061e4e33a0ca", "value": "4919570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793303", "to_ids": true, "type": "vhash", "uuid": "ed12871e-fbde-42ae-96dd-3c3c8118af14", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793303", "to_ids": true, "type": "filename", "uuid": "5f8c28a7-337e-4744-a857-694fc4e3a41b", "value": "8463d45ae8fabfecbace28430c3fd2bd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793303", "to_ids": false, "type": "text", "uuid": "31f3b1df-31de-4d01-a9fe-5951ca339c6f", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859233", "uuid": "ae0aa007-6dbd-42a6-aff1-5191321c4b90", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859232", "to_ids": true, "type": "md5", "uuid": "cd8a4fb4-f294-41f0-9c0f-9e1746a27382", "value": "5d6695908ac2c4ee973829e40c983a5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859233", "to_ids": true, "type": "sha1", "uuid": "a7dac10c-44d1-452e-8363-a73a33e01d33", "value": "f11d10431c9ac9a58891768739b65b428114ba16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859233", "to_ids": true, "type": "sha256", "uuid": "d8e0cebb-96e9-4e18-957d-9d12de5f7562", "value": "7338593d6d5c595e0296a47f7811dabab435c884b01005966d0069c9d6ccbfd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793324", "to_ids": true, "type": "ssdeep", "uuid": "83a0faec-bae1-419a-a7ef-455967a69030", "value": "98304:nuM7giUcp/JV3il7Pq5PIxv5oWoQHiUG+ifGORbw6sWkf+sY18k:nuiginV27+Ps5u10kH2f2mk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793324", "to_ids": false, "type": "size-in-bytes", "uuid": "1b280b2d-3e01-4eba-afed-4a720acf3a1e", "value": "4920050" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793324", "to_ids": true, "type": "vhash", "uuid": "83c8a8b3-12ee-423a-9189-03b6a9e340fc", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793324", "to_ids": true, "type": "filename", "uuid": "3973bdf2-62bb-483f-bbd8-9a0eafb73152", "value": "5d6695908ac2c4ee973829e40c983a5e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793324", "to_ids": false, "type": "text", "uuid": "b5d918f7-512b-454f-8d6f-c756fa32c88a", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859234", "uuid": "7e473ddd-4e11-4af6-8b13-4fa50f9cb0eb", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859234", "to_ids": true, "type": "md5", "uuid": "1700d728-f948-48f7-9cdd-ade62e5cefb4", "value": "dd9dee0308c7ef2e7b172b1f59506c3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859234", "to_ids": true, "type": "sha1", "uuid": "43b65106-9e2e-40d8-87ec-bbe90758fcbc", "value": "cfba235a82ce2a8293ad784acf85a73109637339", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859234", "to_ids": true, "type": "sha256", "uuid": "2d4a5f02-059e-4d92-b737-3321aa450624", "value": "a10c6d02b7ccd71206f9c007d06f4ba88e284a80a134bad5905a2f909d5aefd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793346", "to_ids": true, "type": "ssdeep", "uuid": "ed4ab711-733a-4344-b821-db08cc12b165", "value": "98304:4uM7giUcp/JV3il7Pq5PIxv5oWQPeHNENfGORbw6sWkf+sY18o:4uiginV27+Ps5W3hH2f2mo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793346", "to_ids": false, "type": "size-in-bytes", "uuid": "75409a8b-4fea-46ea-bb63-3ada21ebb509", "value": "4919493" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793346", "to_ids": true, "type": "vhash", "uuid": "a2fb620f-9e00-4062-8281-ef4f30f86d64", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793346", "to_ids": true, "type": "filename", "uuid": "096e7ce4-73d1-4a80-a421-cd817a5a46c3", "value": "dd9dee0308c7ef2e7b172b1f59506c3e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793346", "to_ids": false, "type": "text", "uuid": "c6b6abea-c712-43d8-966e-3430865f4e2b", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859235", "uuid": "d2839390-4e87-4970-b6f6-d3e195b83c3d", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859235", "to_ids": true, "type": "md5", "uuid": "ceb740b1-a4f2-43c5-8552-1a2e86b55512", "value": "e25bd99ae76442548ad1cdd038bb02cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859235", "to_ids": true, "type": "sha1", "uuid": "415b6d4c-46ee-4d5b-8042-4b68103e0b5a", "value": "f29be82a97189dd06f50d5354e8c22db9af4923e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859235", "to_ids": true, "type": "sha256", "uuid": "464e79b6-4ff9-4628-aee7-822acd27e270", "value": "7acb86c5c05705ca87ba88801522bca941ab2425db441ace22766dba673d41ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793368", "to_ids": true, "type": "ssdeep", "uuid": "a00b8372-597f-447f-adcc-00d31b961df8", "value": "98304:zuM7giUcp/JV3il7Pq5PIxv5oWQQWISfGORbw6sWkf+sY18X:zuiginV27+Ps5uQWIUH2f2mX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793368", "to_ids": false, "type": "size-in-bytes", "uuid": "0c8ca618-b1ab-4572-bc6d-990287c3ead1", "value": "4919541" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793368", "to_ids": true, "type": "vhash", "uuid": "b7cc1abf-5fce-4f07-9ded-38f0f5c8a512", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793368", "to_ids": true, "type": "filename", "uuid": "29edb8d3-066f-4dbb-83cb-c87d0da24222", "value": "e25bd99ae76442548ad1cdd038bb02cd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793368", "to_ids": false, "type": "text", "uuid": "669e2334-4cd0-422e-8674-7cbe767dd7a4", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859236", "uuid": "3b1cf6c6-bf01-4f12-ac69-79268a08daaf", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859236", "to_ids": true, "type": "md5", "uuid": "1af1fd8f-6518-4343-b382-4f2baa0fa347", "value": "e2f93e54cd36734a407d06ca038bbd43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859236", "to_ids": true, "type": "sha1", "uuid": "4c4b23df-6cb6-41f2-9d69-d77d0d965b05", "value": "3d201dd0d3c316cb73063c63651d8f3c97f2d2f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859236", "to_ids": true, "type": "sha256", "uuid": "bb798fd1-70d8-4fe0-8f48-916495ab2997", "value": "b7eee9aa57da10f789fceea9d5c993d25190a90436c45c19360b1d6d29ee233f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793389", "to_ids": true, "type": "ssdeep", "uuid": "977f1290-602c-4da7-be91-4fb1e1390e50", "value": "98304:DuM7giUcp/JV3il7Pq5PIxv5oWyx1ccimPfGORbw6sWkf+sY18g:DuiginV27+Ps50GciQH2f2mg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793389", "to_ids": false, "type": "size-in-bytes", "uuid": "1a2ba3ac-ddf2-41c2-8799-d67430308e7e", "value": "4919425" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793389", "to_ids": true, "type": "vhash", "uuid": "58afca18-f0a0-417b-90ca-7b84305e0313", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793389", "to_ids": true, "type": "filename", "uuid": "d186f3d0-768b-4264-9ccc-09d06b0ff126", "value": "e2f93e54cd36734a407d06ca038bbd43.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793389", "to_ids": false, "type": "text", "uuid": "e157eba5-4f2d-4099-8e0e-84af0e7346f0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859237", "uuid": "1395f7e6-c58e-47bb-aac0-58af3c58d3af", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859237", "to_ids": true, "type": "md5", "uuid": "4d5205b8-4d1f-4f7b-be9a-68c3765374ed", "value": "ca698ca99fd5a642b63b6ed8891c2e93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859237", "to_ids": true, "type": "sha1", "uuid": "b8cd276f-4872-4d1a-9640-c2610502bab3", "value": "c5c2b8bcf3944690a9a19da6e1b0cf047e98f5af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859237", "to_ids": true, "type": "sha256", "uuid": "e0b8f4e3-3c03-4153-b440-a14471972f30", "value": "b623522a576f65b7ee2020bc6b4a638cc3bffe67390b7bb2549db6b1f9005e7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793411", "to_ids": true, "type": "ssdeep", "uuid": "db248a59-88f3-4625-818d-4bb72e224562", "value": "98304:buM7giUcp/JV3il7Pq5PIxv5oWDhI9CfGORbw6sWkf+sY18y:buiginV27+Ps5bLH2f2my" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793411", "to_ids": false, "type": "size-in-bytes", "uuid": "2f091466-6a0a-40a4-ab78-3adf049d5254", "value": "4920233" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793411", "to_ids": true, "type": "vhash", "uuid": "b087cd16-439a-4916-a4f1-2d85d18c183d", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793411", "to_ids": true, "type": "filename", "uuid": "9e1420ce-bdb4-429b-a4b5-69a4c67883b9", "value": "ca698ca99fd5a642b63b6ed8891c2e93.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793411", "to_ids": false, "type": "text", "uuid": "123f0701-5be3-45b6-b32c-b6878880de77", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859239", "uuid": "e36e3682-31e2-4e63-8379-1f28d2e1ab9a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859238", "to_ids": true, "type": "md5", "uuid": "05239149-04fd-486b-9821-767e60dd09d3", "value": "462fa840251b73aa500fdea538a5c273", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859238", "to_ids": true, "type": "sha1", "uuid": "5f4fda2d-2463-41a7-aade-64ec7017800f", "value": "18d047a7a36ff489f12b8a69088ccf46fcf3f44f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859239", "to_ids": true, "type": "sha256", "uuid": "ac97632c-c3c9-4dfe-af68-21ee46a6ef29", "value": "91802f7acd6508a0b66017db2b6ec811d65e911f95ec5ee1e56453bbfd4547fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793432", "to_ids": true, "type": "ssdeep", "uuid": "5c99a160-6885-44be-ad50-c2eaaf83042b", "value": "98304:TuM7giUcp/JV3il7Pq5PIxv5oWGnVfGORbw6sWkf+sY18/:TuiginV27+Ps5UH2f2m/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793432", "to_ids": false, "type": "size-in-bytes", "uuid": "9457b4fa-fd33-41e8-85b6-45a76521b3c7", "value": "4918405" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793432", "to_ids": true, "type": "vhash", "uuid": "73652b9d-00ff-4e9d-93a0-dca7d8e75f24", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793432", "to_ids": true, "type": "filename", "uuid": "474d1c11-7f34-4bc8-a6a3-ddc42ac95db6", "value": "462fa840251b73aa500fdea538a5c273.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793432", "to_ids": false, "type": "text", "uuid": "6884b519-5af5-4aab-b628-4865f1a4d48a", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859240", "uuid": "ac6b703f-742f-44fa-9ae0-2c9c17a21f62", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859239", "to_ids": true, "type": "md5", "uuid": "72337d3a-9156-47be-87f4-8592472ce1d3", "value": "7b9fe4a8584c7450ca87af86429d2366", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859240", "to_ids": true, "type": "sha1", "uuid": "6e8bc093-9759-4394-8b36-7d43277c97a1", "value": "881b1650c66017a16d0d150378ff58282ba082d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859240", "to_ids": true, "type": "sha256", "uuid": "72160e6d-78b4-49fc-8b4f-0c12e9565da6", "value": "c7b8817e8841d464d797f9dd3c504c283a1fa812e706e81df0917b0eff6d81d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793454", "to_ids": true, "type": "ssdeep", "uuid": "916ec144-7dca-4415-ad0f-fd20f7b9d0f6", "value": "12288:85TBRm+7i+zRdJVY7h4GoeiEHbxEcZvQEEVS9G+YORxAFB3b6maZms+RTcb1:GDm+3DLuhh9V94ovAFB3Wvws+RTS1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793454", "to_ids": false, "type": "size-in-bytes", "uuid": "90b47183-d608-409d-81b3-5663b4f58435", "value": "676790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793454", "to_ids": true, "type": "vhash", "uuid": "22eb792a-674e-4321-804a-be5c11a86d18", "value": "3362972861718122fb033a33f533f53c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793454", "to_ids": false, "type": "text", "uuid": "ada20b05-30fc-4ba4-abbe-772ddbd50ae8", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:29/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859241", "uuid": "173ed8cb-d890-4534-af91-3ef5c38b273f", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859241", "to_ids": true, "type": "md5", "uuid": "4d860a27-6646-41df-82dc-db90c7b6699f", "value": "d70d2f3dddbd5261f1c07db0b8c97f4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859241", "to_ids": true, "type": "sha1", "uuid": "ba76b119-0ae9-4c66-8037-0781fd74bb81", "value": "c360eff533848fea55fc9f5b63873730ec3454c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859241", "to_ids": true, "type": "sha256", "uuid": "bd9fe67a-0a41-425b-91b6-3ccefd75bcda", "value": "e5dff259a92ac40435e2f6b3a6c829af9f0d07967fd15b70e123be320319e330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793475", "to_ids": true, "type": "ssdeep", "uuid": "8f6e2997-4ddf-4e9c-9669-2c49d262160e", "value": "98304:rKVv4U2gNp/JV3il7Pq5PIxv5oWX9ioevavGORbw6sWkf+sY38oD:rKVSCV27+Ps5BGvwH2f2Ma" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793475", "to_ids": false, "type": "size-in-bytes", "uuid": "0b834ca8-587c-41f0-9118-dca700aa0b94", "value": "4924094" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793475", "to_ids": true, "type": "vhash", "uuid": "e72359e5-1547-4cd1-b7fe-46d225858dc6", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793475", "to_ids": false, "type": "text", "uuid": "ef83e801-88ee-4640-ae26-1f58e218dbc4", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:36/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859242", "uuid": "b7526b50-f40e-47e4-a4e0-1f86560d1fef", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859242", "to_ids": true, "type": "md5", "uuid": "beecaf4b-75f3-44c3-adb7-05a7ac16e8b3", "value": "71a99cef64ffbc6645211288ecbdd784", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859242", "to_ids": true, "type": "sha1", "uuid": "fe4fa302-b2f5-4243-9558-92dce6d3cea1", "value": "f439a70c07813a030d89b555919e067c51f60d0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859242", "to_ids": true, "type": "sha256", "uuid": "c6f9019a-3492-4831-b594-2980ec29b864", "value": "bd859b9d1a9bd799a8db8fe783a802400de782dc5e813b122d509b3e216e94f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793497", "to_ids": true, "type": "ssdeep", "uuid": "df1c8d1c-deb2-4051-90d9-51cb5d556c13", "value": "98304:SeL88Fp/JV3il7Pq5PIxv5oWYPevGORbw6sWkf+sY388:SixV27+Ps5WPMH2f2M8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793497", "to_ids": false, "type": "size-in-bytes", "uuid": "a998677e-f4b3-4854-bc6d-404580c5db34", "value": "4926101" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793497", "to_ids": true, "type": "vhash", "uuid": "3c80bc9e-9e90-4a78-839e-e941fd36ddcd", "value": "0256f174e92ee1b13d92a770020fcb13" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793497", "to_ids": false, "type": "text", "uuid": "fb34ea0d-8160-4d04-9daf-b6a32ac4d866", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859243", "uuid": "8f30bcd6-f7dc-46c9-99e5-87646fef065b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859243", "to_ids": true, "type": "md5", "uuid": "63b2276c-427a-4a3c-aa00-f01cf6dd605a", "value": "9c6540bbbe541e7e40153585f4653232", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859243", "to_ids": true, "type": "sha1", "uuid": "19f6c4dc-d29a-4647-83f6-0b54816d3226", "value": "749641dcbe24f38691fd5766817fbef4ca8984cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859243", "to_ids": true, "type": "sha256", "uuid": "a06b166d-2dca-48f3-a577-4eb76d1e9845", "value": "dca2b6364417243e47fb1fd927a914d4a640febfe9cb9bbee58881f3527f5450", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793518", "to_ids": true, "type": "ssdeep", "uuid": "85c13762-8bde-4914-8a2a-265fa55369a2", "value": "98304:okHqnywp/JV3il7Pq5PIxv5oWYfGORbw6sWkf+sY18n:WFV27+Ps5EH2f2mn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793518", "to_ids": false, "type": "size-in-bytes", "uuid": "d5fc17ab-5584-453c-9926-b3db18a676cb", "value": "4495085" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793518", "to_ids": true, "type": "vhash", "uuid": "bee1bd82-cbf2-43c0-a265-4ef265448508", "value": "0256f174e92ee1b13d92a770020fcb13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793518", "to_ids": true, "type": "filename", "uuid": "799bcfba-b1e5-43d3-8244-ead44f84fd74", "value": "9c6540bbbe541e7e40153585f4653232.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793518", "to_ids": false, "type": "text", "uuid": "b26525f2-3f93-4ac9-af7b-6878d5efb7ad", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859244", "uuid": "a441631e-1c11-4d30-b62e-c804157ea4c4", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859244", "to_ids": true, "type": "md5", "uuid": "c156064e-924d-4cb7-8c39-b9e477090692", "value": "1a9da4661625592b3ddee97536aac39d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859244", "to_ids": true, "type": "sha1", "uuid": "f864a794-79b4-48f4-b514-c145aa1b225d", "value": "c265a6bc184e29089be6947e67760af1a7fc52f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859244", "to_ids": true, "type": "sha256", "uuid": "cb70b8cb-9a13-4d6c-a071-92596c751fd0", "value": "5f216ce3d13e9d31e1dba70648b550535d458c53dbfc0768ca8e86d87e401e9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793540", "to_ids": true, "type": "ssdeep", "uuid": "f6180020-8668-4038-b0fe-fb4fd922f802", "value": "98304:sp/JV3il7Pq5PIxv5oWGvGORbw6sWkf+sYxt9YnI1NYq686:mV27+Ps5UH2f2hYnPqb6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793540", "to_ids": false, "type": "size-in-bytes", "uuid": "76d1fb02-274e-495a-a246-5f85e465493a", "value": "4923083" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793540", "to_ids": true, "type": "vhash", "uuid": "2c3bf132-2e76-4144-a245-e4819bd67567", "value": "0256f174e92ee1b13d92a770020fcb13" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793540", "to_ids": true, "type": "filename", "uuid": "8a00f2d9-9fb1-44ff-92f7-c26810f763c4", "value": "1a9da4661625592b3ddee97536aac39d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793540", "to_ids": false, "type": "text", "uuid": "daacf9e6-0979-4888-90fa-34db389191df", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859246", "uuid": "bae34e2a-269a-420e-8a44-d78de94534c0", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859245", "to_ids": true, "type": "md5", "uuid": "f9e8925b-bb31-440d-8662-af8a6ade47ba", "value": "d55281f428208ac6e815029a1b8022c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859245", "to_ids": true, "type": "sha1", "uuid": "d5a4ca89-2c23-4010-b2c5-ea4947a19f55", "value": "d5a8dc01ed4fc7c0548954076636c0fe49b800f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859246", "to_ids": true, "type": "sha256", "uuid": "2e6b415b-a6e8-43ab-8ece-b712e41fa9e6", "value": "48e32c652999b56485c47a8d1d561914d4332385c59d42df0a7c955508de038a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793561", "to_ids": true, "type": "ssdeep", "uuid": "7911f663-04e9-46d9-9cb3-f2562155dc32", "value": "98304:XKVv4U2gNp/JV3il7Pq5PIxv5oWVXvEKbaKvGORbw6sWkf+sY38J:XKVSCV27+Ps5/8KmgH2f2MJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793561", "to_ids": false, "type": "size-in-bytes", "uuid": "467389fc-d7e7-4aec-85d7-ad433e82be51", "value": "4924106" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793561", "to_ids": true, "type": "vhash", "uuid": "5e2e06ea-4f4b-4543-8351-80570d1bd337", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793561", "to_ids": true, "type": "filename", "uuid": "2e86ec72-740c-497e-8cec-0e7493b728e7", "value": "d55281f428208ac6e815029a1b8022c7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793561", "to_ids": false, "type": "text", "uuid": "ec3c98a0-58c7-4582-83c7-36ecf5ad5c02", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:37/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859247", "uuid": "f4e5ce20-1b20-493e-8d21-093a7b47f219", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859246", "to_ids": true, "type": "md5", "uuid": "612df5f6-95bb-48ee-bc59-639816ab9143", "value": "8fc42e4b7d6cba606c0e0bf472a912ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859247", "to_ids": true, "type": "sha1", "uuid": "aeeeac0d-3be0-49d6-b9f9-5dd2bb7d6f40", "value": "ef75e14b049d38a32b134ca1a3588a04476ecf10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859247", "to_ids": true, "type": "sha256", "uuid": "9f6079b8-b4e7-4d9d-ae84-14dbf8bea5ea", "value": "bec4aa4f393c42d254f3956197cc2126a27cf6363c9d8d20f2e7b98085f63c4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793582", "to_ids": true, "type": "ssdeep", "uuid": "e4710b34-f8b8-492a-a538-03f19234b258", "value": "12288:Z+ueZ/q7H7azJ2UHb6Ms7IHP4j7k5KcaytCQWDJSpv:l0/AHuzjK0wjcwrD4v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793582", "to_ids": false, "type": "size-in-bytes", "uuid": "8fb6315a-6b0b-4d5d-9de2-147e61562b45", "value": "675032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793582", "to_ids": true, "type": "vhash", "uuid": "acc6ebea-563a-465a-a79a-7cc718b757a0", "value": "3362972861718122fb033a33f533f53c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793582", "to_ids": true, "type": "filename", "uuid": "e0710a3b-2247-4752-9e09-9f6a27ded6ad", "value": "8fc42e4b7d6cba606c0e0bf472a912ef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793582", "to_ids": false, "type": "text", "uuid": "1a4ac894-1433-4e07-b98e-635dbb289e12", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859248", "uuid": "e91c043c-be79-4772-9011-d5210b573a94", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859248", "to_ids": true, "type": "md5", "uuid": "d0132516-761a-473b-80ac-42d3b8454271", "value": "f9f88418f8fb166ff03afbe08a145734", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859248", "to_ids": true, "type": "sha1", "uuid": "0ad26f77-1691-41d1-9b64-549d4e90664f", "value": "7b2c30d93f014bbfa3fd91e0a437f60713356e50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859248", "to_ids": true, "type": "sha256", "uuid": "0120e153-5680-45d2-9098-81df7ea26c2b", "value": "dc1e103c7c0d470be1efcc967305aa0dfdbd05ff6813a4c2004d4fa868467d17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793604", "to_ids": true, "type": "ssdeep", "uuid": "17ac9101-d5be-46ea-937d-a6a930b0e007", "value": "98304:UKVv4U2gNp/JV3il7Pq5PIxv5oWfwHSkin/FvGORbw6sWkf+sY38F:UKVSCV27+Ps5GSkGJH2f2MF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793604", "to_ids": false, "type": "size-in-bytes", "uuid": "9c6e58e9-48c0-4aeb-9c7a-e8585065335f", "value": "4927522" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793604", "to_ids": true, "type": "vhash", "uuid": "3be6087e-7c03-482f-8e2b-50ba9583ad0c", "value": "357dafc9513e156961b53ea530d45d50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793604", "to_ids": true, "type": "filename", "uuid": "8a4645e6-763f-448c-acd7-17ff038d2e36", "value": "f9f88418f8fb166ff03afbe08a145734.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793604", "to_ids": false, "type": "text", "uuid": "d5d688d5-95d3-46f9-9e12-ac4f1b986218", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859249", "uuid": "c5d97e68-ab67-48a6-8db0-7f9f49d7534a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859249", "to_ids": true, "type": "md5", "uuid": "da82a40a-bf55-472f-9808-3476eca4278a", "value": "c55344b8f875e4d1c0c6275c03a44065", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859249", "to_ids": true, "type": "sha1", "uuid": "57ff5ac5-cd19-4f95-8e19-412cbec082f4", "value": "87988ad69bf8710c520ea825c35b571d6eb60db3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859249", "to_ids": true, "type": "sha256", "uuid": "6c24181f-2338-495a-a0b9-7111f5f0abc8", "value": "b2472b6baa6e2342a93b74b94151bd6ea3457f63bf889557aa8a061ee3468262", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793625", "to_ids": true, "type": "ssdeep", "uuid": "304a9cb5-8889-4cd5-9f41-7133734927e3", "value": "98304:GeCjBUM2Wwo2ujNA28CyFWDRjIzvJHZXzlvS+k5XL4jqlc9oeSZsoIG:2jBUQwo2728esv3BvSV7CKhefG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793625", "to_ids": false, "type": "size-in-bytes", "uuid": "e25cb753-b4a3-411b-96f3-cae601f5f157", "value": "4864799" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793625", "to_ids": true, "type": "vhash", "uuid": "52584273-8980-493d-bafa-3df465ec172e", "value": "51fd5a5313a59810fb855efde78e3e25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793625", "to_ids": true, "type": "filename", "uuid": "d42f9411-96b2-4994-8107-969ede92e094", "value": "c55344b8f875e4d1c0c6275c03a44065.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793625", "to_ids": false, "type": "text", "uuid": "82f0ec66-af9d-4860-96f2-2825bb3f826c", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859250", "uuid": "3926c67e-3ec1-4b8c-b4dc-cc1fdb4534d1", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859250", "to_ids": true, "type": "md5", "uuid": "48694317-fb33-4e7f-bb08-b379b481744f", "value": "df62abc53eed2aa417753c8c0ff58250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859250", "to_ids": true, "type": "sha1", "uuid": "14e4df79-04f7-46c7-abef-5eed90cfef6e", "value": "d924a562e1d3e5bb86dd76094b177d9864b5ac62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859250", "to_ids": true, "type": "sha256", "uuid": "06967465-f74e-4e6d-a1e9-3f8a25b34c55", "value": "7088f07907775bb811825cbb78a23c1139c245dbb573a34a1d4e8f033af15fd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793647", "to_ids": true, "type": "ssdeep", "uuid": "3adbc9f8-62c9-4ea5-abdc-3c8c4473d2b5", "value": "49152:vNMgymp0WXG6gcBTsa7e9iEe8OU8Z9Mlpdd0WUDmmNjIzv5x7J5B1HNpr9+tAl2c:mgjNA28CyFWDRjIzvJHZXr9+tAl2cL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793647", "to_ids": false, "type": "size-in-bytes", "uuid": "e7733699-899a-4701-8e76-58e567672f1a", "value": "2910236" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793647", "to_ids": true, "type": "vhash", "uuid": "e2e9d4bf-f915-47d9-91fc-e961bf1ce7a4", "value": "19c082b536934a7fba1c34444eca0077" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793647", "to_ids": true, "type": "filename", "uuid": "e4453bf4-c2a0-44c0-abb6-0580942ac9d0", "value": "d924a562e1d3e5bb86dd76094b177d9864b5ac62.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793647", "to_ids": false, "type": "text", "uuid": "46815222-71a1-4b91-85fb-5783fb781c59", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859251", "uuid": "9c39581e-442f-45a0-81b6-065647d74929", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859251", "to_ids": true, "type": "md5", "uuid": "38919776-2729-4884-9fed-8474413fa6d5", "value": "d14c498d9993672502d30a1b05e7f8dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859251", "to_ids": true, "type": "sha1", "uuid": "d0b63d62-abaf-4bd2-a4ba-932cc24398b4", "value": "e51bd4f55650bfd940425cf6d3f9fc77380fa19a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859251", "to_ids": true, "type": "sha256", "uuid": "012a11da-8835-4592-9d4f-eb6a5fe3db50", "value": "da5f41f57f5d583d25e3c8e4b414ad1de99f33d63f28f4816b00c1d361be05ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793668", "to_ids": true, "type": "ssdeep", "uuid": "2ccf35da-d345-4adc-94f1-841db6d3d999", "value": "12288:KKjrdDUJ3rOuW+38WjibkWNyJnycfqAcUq2UG8eVMjrte5OfQR0Z2/+B:KKjr1MOucWY0nycfHq1vk5Oq0hB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793668", "to_ids": false, "type": "size-in-bytes", "uuid": "a746ca9f-8b33-4c7d-b4e1-6c402f439130", "value": "634072" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793668", "to_ids": true, "type": "vhash", "uuid": "609765f8-92b3-4379-802e-da4d76630f9b", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793668", "to_ids": true, "type": "filename", "uuid": "aed3f2b2-07c7-4d38-8aeb-c35da99a2a11", "value": "d14c498d9993672502d30a1b05e7f8dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793668", "to_ids": false, "type": "text", "uuid": "48cf1b62-80be-43a3-8278-ff218d845a8e", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859253", "uuid": "7f76de70-4ef2-44ed-bb09-3151a6d57516", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859252", "to_ids": true, "type": "md5", "uuid": "eff9463a-e719-45df-aa1d-1a3db192c807", "value": "bd5394d7714658148288776994379f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859253", "to_ids": true, "type": "sha1", "uuid": "069127a4-2027-46a6-aec0-d12980669776", "value": "5fa892e32fb62cb6cef04b1fae8c45efcee99c48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859253", "to_ids": true, "type": "sha256", "uuid": "12029bba-3a2b-4808-9f25-58c2d046216c", "value": "505e827346bba32b993f7650264d9c505c9f0ded3fbb35b67c27bb895786eddf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793710", "to_ids": true, "type": "ssdeep", "uuid": "a91e5bfe-0d9d-46ad-a0ae-b403eacb5628", "value": "98304:h4RPp/JV3il7Pq5PIxv5oWa6u96TNWGORbw6sWkf+sYr8H:2RHV27+Ps5w6uY8H2f2IH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793710", "to_ids": false, "type": "size-in-bytes", "uuid": "ccb50956-dd47-41ac-9e97-1f2557cef350", "value": "4916779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793710", "to_ids": true, "type": "vhash", "uuid": "44152061-ccf0-41d2-b72e-61ecabaaf11b", "value": "caba5451dfb45c3f0a7e1e127b69a631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793710", "to_ids": true, "type": "filename", "uuid": "3cb2d263-7866-4733-95fe-6f8d2385c3d0", "value": "bd5394d7714658148288776994379f11.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793710", "to_ids": false, "type": "text", "uuid": "0971a22b-4700-48f7-b9bd-06eb8eadc3e0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859254", "uuid": "8675b25c-565e-4401-94a1-45ae794f3317", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859254", "to_ids": true, "type": "md5", "uuid": "848ce8fb-33fe-487d-b0c4-0daa47e0ea09", "value": "384664e875d3387a69b54e1f7241fc5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859254", "to_ids": true, "type": "sha1", "uuid": "7dd8b595-3129-4f52-9158-27ed4e82a2e4", "value": "1e51597ec11b7066ecae2b1d96d997498b727612", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859254", "to_ids": true, "type": "sha256", "uuid": "a769aeb1-ca89-4bde-9e94-d60caca76a8b", "value": "2e96bfb2d5df8cf21181882a37b4488255aa3f7a8910b394d30d05c081442106", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793731", "to_ids": true, "type": "ssdeep", "uuid": "5a450870-cd8c-4b91-9f6d-db4bc35c9e3c", "value": "98304:54RPp/JV3il7Pq5PIxv5oWeT3zzsvd2HGORbw6sWkf+sYr8h:ORHV27+Ps56nCdQH2f2Ih" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793731", "to_ids": false, "type": "size-in-bytes", "uuid": "345c3fdb-093d-48d7-b537-8b63325a426b", "value": "4916783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793731", "to_ids": true, "type": "vhash", "uuid": "cf57c55e-2d98-4096-bc97-632b0bd7afb9", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793731", "to_ids": true, "type": "filename", "uuid": "875130d4-1a07-4808-9dfa-911f7a5d5156", "value": "384664e875d3387a69b54e1f7241fc5b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793731", "to_ids": false, "type": "text", "uuid": "51c42bb8-7298-41ae-9b9a-a380b31bf41f", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859255", "uuid": "a2f53da1-1900-413e-bb01-d3453fa49ceb", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859255", "to_ids": true, "type": "md5", "uuid": "e35ccd52-e251-402f-9eae-7b0c3f0d8eff", "value": "f15629ebac296ded8c945f155b9ce735", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859255", "to_ids": true, "type": "sha1", "uuid": "d91aab00-acfb-4982-bacc-60aac1c1cea9", "value": "5aa316acf821cd913157352633f5c7ee683c045d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859255", "to_ids": true, "type": "sha256", "uuid": "43c60d52-291c-48b3-ae7a-4308ae6eada1", "value": "2f9303aec47a6a487c7a6f6f6b9e76641281e837dc515bdd5593c999c8a556dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793753", "to_ids": true, "type": "ssdeep", "uuid": "51657c1c-65b5-4979-b7ea-011f4decb45a", "value": "98304:T4RPp/JV3il7Pq5PIxv5oWnMyPHwHGORbw6sWkf+sYr8V:kRHV27+Ps5ZMyWH2f2IV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793753", "to_ids": false, "type": "size-in-bytes", "uuid": "32bd33bf-75dd-45a6-96b5-bc61eaf1ddf6", "value": "4916760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793753", "to_ids": true, "type": "vhash", "uuid": "b4d47611-3162-4a49-b065-1f1ed97e6aab", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793753", "to_ids": true, "type": "filename", "uuid": "ae424e78-39dd-49b3-b1f2-1e0d49b7e7a0", "value": "f15629ebac296ded8c945f155b9ce735.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793753", "to_ids": false, "type": "text", "uuid": "f92853b2-63ee-4f9f-a878-8c19caba53fe", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859257", "uuid": "23f9a6f0-f51f-4fdb-b7cb-59e3ce264680", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859256", "to_ids": true, "type": "md5", "uuid": "5579843c-6c72-48e6-a859-88b990c643c2", "value": "c88557c1bdd97929b163afe2003ba1e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859256", "to_ids": true, "type": "sha1", "uuid": "13ba4b14-1daf-49a9-8c9a-a03d2a9032e1", "value": "5d2273c0211c90816b70900657a7b5d858410cf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859257", "to_ids": true, "type": "sha256", "uuid": "b3dbd690-f058-4add-b1b0-13fc2cfd5962", "value": "556ddd3026adc9761481be9c276e2d2d17f4f430f6132edee63979700c5c15a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793774", "to_ids": true, "type": "ssdeep", "uuid": "71ca2257-8314-4322-a010-f1a88955edd2", "value": "98304:v4RPp/JV3il7Pq5PIxv5oWK7HktdThuGORbw6sWkf+sYr8m:ARHV27+Ps5IQtjyH2f2Im" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793774", "to_ids": false, "type": "size-in-bytes", "uuid": "25267c51-2953-47ba-b239-77424506f356", "value": "4980151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793774", "to_ids": true, "type": "vhash", "uuid": "f3b87ef8-342c-4146-a0c2-483c21619a97", "value": "caba5451dfb45c3f0a7e1e127b69a631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793774", "to_ids": true, "type": "filename", "uuid": "ee61910e-c8e4-4858-9cd9-8064b754473c", "value": "c88557c1bdd97929b163afe2003ba1e3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793774", "to_ids": false, "type": "text", "uuid": "5b43ce8f-e5be-4046-b711-2dc402888212", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859258", "uuid": "4cc4e5ac-09ea-41d6-a5ce-ac74b2fa3876", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859257", "to_ids": true, "type": "md5", "uuid": "a2f7335c-37bf-4503-8779-70a85fe773d4", "value": "69a0a98b75bec6d7c9aadd859b5a8c00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859258", "to_ids": true, "type": "sha1", "uuid": "d534a522-2534-40f4-8c6d-8f7fb0ceb471", "value": "2090646d0aed8f25fdf86f29cebb8a3712d3bf0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859258", "to_ids": true, "type": "sha256", "uuid": "925fe398-f88a-4b88-b472-b1ddef995ee4", "value": "98ce144a97b959c3943d47c11cf84c0e46a8a5cbe44e8526569c0e6c6ec4739d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793795", "to_ids": true, "type": "ssdeep", "uuid": "1a0f614a-08d9-484f-98a2-bc86ba34c902", "value": "98304:v4RPp/JV3il7Pq5PIxv5oWjd0WfVNlHGORbw6sWkf+sYr8k:ARHV27+Ps51am/9H2f2Ik" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793795", "to_ids": false, "type": "size-in-bytes", "uuid": "8d8a0e80-2458-43b4-9a43-035c5cfaeffd", "value": "4916764" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793795", "to_ids": true, "type": "vhash", "uuid": "94b61ef9-d1ab-45a7-9cb9-624195a5b0fd", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793795", "to_ids": true, "type": "filename", "uuid": "e22a7b99-c417-4d62-abff-10a303b45650", "value": "69a0a98b75bec6d7c9aadd859b5a8c00.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793795", "to_ids": false, "type": "text", "uuid": "013c526a-65a6-4cf2-a95e-c53dbb6cea53", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859259", "uuid": "21b3c5d2-6ac4-4741-b610-d5de04b02708", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859259", "to_ids": true, "type": "md5", "uuid": "67ee34f4-04c4-4a3c-81da-954229455d71", "value": "7e59dca45eb1a23d373b38a7e6e96140", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859259", "to_ids": true, "type": "sha1", "uuid": "c8d843d5-8768-4882-8328-ea3f1241ea73", "value": "d74ee17da62392bce9f78d8528476738e8fc3aa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859259", "to_ids": true, "type": "sha256", "uuid": "e4d3a3a3-e451-48be-b406-b07cf834052e", "value": "db7b0a9cac7c59530fa52f5326268de57cda2d5c92101b36edf064e28613c11e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793817", "to_ids": true, "type": "ssdeep", "uuid": "6f2f048e-031e-4120-8864-437c4e61c494", "value": "98304:V4RPp/JV3il7Pq5PIxv5oWPXUjHGORbw6sWkf+sYr8I:aRHV27+Ps5BIH2f2II" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793817", "to_ids": false, "type": "size-in-bytes", "uuid": "574ffb59-7752-479c-83bc-5b6b96a59be1", "value": "4916739" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793817", "to_ids": true, "type": "vhash", "uuid": "ca129da7-8b49-4166-b158-b7834a69189c", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793817", "to_ids": true, "type": "filename", "uuid": "c158d88f-6ac1-4f88-acb9-1b545cb02dd7", "value": "7e59dca45eb1a23d373b38a7e6e96140.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793817", "to_ids": false, "type": "text", "uuid": "d8b25bd5-f019-4fb5-80d3-c99e232975f8", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859260", "uuid": "2de97773-7b23-4ef2-98ad-c0f586227a8b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859260", "to_ids": true, "type": "md5", "uuid": "8b8079f8-edcf-4217-81c0-a81d4552527d", "value": "632d13ffa3b828e3d07a7ce232d2d21a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859260", "to_ids": true, "type": "sha1", "uuid": "d2061ced-b3e4-462e-99ee-268da107717d", "value": "c06f8494d8ed28bc82de12b779c646b10ab22b50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859260", "to_ids": true, "type": "sha256", "uuid": "91c051c1-3712-4ea2-a718-df859bc233ea", "value": "b6b7a29cb3515060addb2dc5f927c518eaf95bd9f0a8643aa4e4ae34248050f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793838", "to_ids": true, "type": "ssdeep", "uuid": "7b11d8df-30e9-4e1f-be10-f5b874175b64", "value": "98304:Z4RPp/JV3il7Pq5PIxv5oWURZy0yHGORbw6sWkf+sYr8j:uRHV27+Ps5+QH2f2Ij" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793838", "to_ids": false, "type": "size-in-bytes", "uuid": "a4b466b9-77bd-4086-9154-5bb564429b82", "value": "4916789" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793838", "to_ids": true, "type": "vhash", "uuid": "fb4a91ca-a12c-447e-82aa-7961628f084e", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793838", "to_ids": true, "type": "filename", "uuid": "2a51632b-2bf0-46cc-a6f9-b6e23953b38e", "value": "632d13ffa3b828e3d07a7ce232d2d21a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793838", "to_ids": false, "type": "text", "uuid": "3d0d81a2-6e18-4212-9225-0ba28f09b062", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859261", "uuid": "7eefa016-f980-4272-b3d3-02d214e0202f", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859261", "to_ids": true, "type": "md5", "uuid": "f9e9f658-5a59-4ee8-82a2-a7bf588263c4", "value": "a57622ef282231fc441b683a4d60de83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859261", "to_ids": true, "type": "sha1", "uuid": "106e57ee-0cbf-4b97-a874-d5ce3aa77ff0", "value": "5dace7ff4225b27beaf073fcc156753cc702dd7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859261", "to_ids": true, "type": "sha256", "uuid": "c8c0b182-3a24-4350-83a3-42a06687f6fa", "value": "a66368a0da448de46e17342464e8461a4a10e2527c641dc0637d3dcdad464508", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793860", "to_ids": true, "type": "ssdeep", "uuid": "0852ab18-c402-4618-972d-c76162477137", "value": "98304:V4RPp/JV3il7Pq5PIxv5oWIyRPz9HGORbw6sWkf+sYr8R:aRHV27+Ps5XPZH2f2IR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793860", "to_ids": false, "type": "size-in-bytes", "uuid": "dd5b2d27-b3ca-4795-98df-37c2373710d7", "value": "4916803" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793860", "to_ids": true, "type": "vhash", "uuid": "4787c225-f400-48a1-ae79-ce3355403db5", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793860", "to_ids": true, "type": "filename", "uuid": "209b9925-708f-43a1-9cac-e568fa3ad465", "value": "a57622ef282231fc441b683a4d60de83.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793860", "to_ids": false, "type": "text", "uuid": "8e3416f5-f8dd-462a-9dea-ce79910947ef", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859262", "uuid": "732435a1-827d-4d11-bc36-eb54d005545e", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859262", "to_ids": true, "type": "md5", "uuid": "9d8a9756-d7c3-4121-bae7-e5229f06ff02", "value": "aa1d0367394fc1e90463b70bfdfa1dce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859262", "to_ids": true, "type": "sha1", "uuid": "6d86034f-64ed-4d30-8290-f8cc5239f988", "value": "4b816090bc6258dcde0f294ff0ffcdffd67d37d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859262", "to_ids": true, "type": "sha256", "uuid": "41d714ca-9f83-4974-9898-fe1d5ff0a560", "value": "a8cacb4c63a690d2fdfdada64ba5d1a9fe4199f653efb2d31e80c1e8c3c11ef7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793881", "to_ids": true, "type": "ssdeep", "uuid": "508acd32-c861-49d4-83fb-332280c7fd68", "value": "98304:z4RPp/JV3il7Pq5PIxv5oWDIu2Hd0HGORbw6sWkf+sYr8U:ERHV27+Ps5nXH2f2IU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793881", "to_ids": false, "type": "size-in-bytes", "uuid": "6468dcf1-b3b4-4744-8a82-c3fed6259ad7", "value": "4916734" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793881", "to_ids": true, "type": "vhash", "uuid": "0582ce0d-de41-413e-adab-685b31b2fef3", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793881", "to_ids": true, "type": "filename", "uuid": "2d32d9d9-0c91-4020-a190-872df51294e1", "value": "aa1d0367394fc1e90463b70bfdfa1dce.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793881", "to_ids": false, "type": "text", "uuid": "1f0520b9-9d12-4612-b354-f0677ea196f9", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859264", "uuid": "404bd26e-4c70-48e4-993d-2c279b85ebb4", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859263", "to_ids": true, "type": "md5", "uuid": "bf908332-66b2-43fc-87e7-eb5bc98e1b2b", "value": "1fdc211e1caedf60f572d05a3de5832d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859263", "to_ids": true, "type": "sha1", "uuid": "4f6750c7-86e3-4cec-8ff8-06637abe7550", "value": "ec60708f36c1e83ae2609b82330cc65871b377d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859264", "to_ids": true, "type": "sha256", "uuid": "f3744db7-b61e-47e3-9784-742fe49b08e8", "value": "37dbf03a3fdc0bc5217c452950e2bd73ac35de722308b37d2e5b963cadb1f957", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793902", "to_ids": true, "type": "ssdeep", "uuid": "f43500a4-50c3-4619-ba50-4fb4b9e82f54", "value": "98304:h4RPp/JV3il7Pq5PIxv5oWYIu2GlhdHGORbw6sWkf+sYr8a:2RHV27+Ps52RhFH2f2Ia" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793903", "to_ids": false, "type": "size-in-bytes", "uuid": "c75f530f-4b96-48fb-bc02-b20a6d7de82d", "value": "4916736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793903", "to_ids": true, "type": "vhash", "uuid": "2309c67c-b83f-44f7-a908-6944f8eee1d5", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793903", "to_ids": true, "type": "filename", "uuid": "ce119094-8372-4ca6-909d-25707f81134c", "value": "1fdc211e1caedf60f572d05a3de5832d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793903", "to_ids": false, "type": "text", "uuid": "f4f80416-1e1d-4453-8e20-a082be019184", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859265", "uuid": "640399aa-681e-4cad-9c25-0984730f2f92", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859264", "to_ids": true, "type": "md5", "uuid": "ad02a37d-bda3-4767-9161-a6e73f44a00a", "value": "d8483c47bb7803706eac1861f15ed631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859264", "to_ids": true, "type": "sha1", "uuid": "a0331c54-9034-44c0-91c3-3b11a9ff089e", "value": "675dccb83682838a69786996ae8b64a194e4b77c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859265", "to_ids": true, "type": "sha256", "uuid": "5b4bd33d-77e6-41af-9f38-c90a3a23ac9c", "value": "16be540c2e13eb605a437c7bb3c63d32e7f98617e57517ca7068639dab555afe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793924", "to_ids": true, "type": "ssdeep", "uuid": "5caa8d98-6f58-4a57-8b05-84475494f654", "value": "98304:dGORbw6sWkf+sYIk8Ep/JV3il7Pq5PIxv5oW8wqh:pH2f2WOV27+Ps5/q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793924", "to_ids": false, "type": "size-in-bytes", "uuid": "024fa039-cd34-4f5e-8f75-b50627e7f825", "value": "4498069" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793924", "to_ids": true, "type": "vhash", "uuid": "8c06cf05-de5f-4fe5-8019-a6fc20a3302b", "value": "109be1ce439e18f337638fb1fe82fe58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793924", "to_ids": true, "type": "filename", "uuid": "646b05a8-eb28-4958-a613-620d3afb7406", "value": "d8483c47bb7803706eac1861f15ed631.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793924", "to_ids": false, "type": "text", "uuid": "236e5117-aa56-475d-9eea-51c8c1f7fb6d", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:32/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859266", "uuid": "77d9e825-5031-4ab3-9ffd-67c68c76da8a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859265", "to_ids": true, "type": "md5", "uuid": "025a85a7-748c-4390-a9c2-b274fbb4318e", "value": "ed86425e9ae463406b11dc58774699b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859266", "to_ids": true, "type": "sha1", "uuid": "9e766cd2-dfa0-4bb6-b39e-3d6891cdc9d2", "value": "185824386afcb27ca08d333fecc742dd6c68d71c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859266", "to_ids": true, "type": "sha256", "uuid": "24a686a9-2352-4e58-a2d5-b4994ede08d5", "value": "4c5962e531864d72e1f4c8c441a47a79294f4ae3a09c8afc52215f4fe6bc8113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793945", "to_ids": true, "type": "ssdeep", "uuid": "e81eb3c3-1415-4b71-a472-e34bf5fb31a3", "value": "98304:v4RPp/JV3il7Pq5PIxv5oW+Ad0EPoxHGORbw6sWkf+sYr8m:ARHV27+Ps5AM0zBH2f2Im" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793945", "to_ids": false, "type": "size-in-bytes", "uuid": "79ade4d8-09a2-46e9-b3b6-37e14c992f7c", "value": "4917007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793945", "to_ids": true, "type": "vhash", "uuid": "26958ba9-171b-48b5-92b2-86064517093f", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793945", "to_ids": true, "type": "filename", "uuid": "53dacd9f-a289-4e05-b3af-7ff9468cc0c0", "value": "ed86425e9ae463406b11dc58774699b0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793945", "to_ids": false, "type": "text", "uuid": "5c32f48f-bd4d-4d63-894b-acda226224b9", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859267", "uuid": "ccf0111a-2565-45d8-ac49-d566e780c595", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859267", "to_ids": true, "type": "md5", "uuid": "18d9d899-0221-4044-b6c9-1af27bc0e38d", "value": "8365bbe98d2b075e83cacc588814420b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859267", "to_ids": true, "type": "sha1", "uuid": "c297e545-f1b5-4cf6-ad0d-c4e56f3c9ac9", "value": "e26939bd17f0be5c8b83638553c2800d9348b5cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859267", "to_ids": true, "type": "sha256", "uuid": "76ab0120-c324-440c-8243-9366480de390", "value": "98df3b4b9895b0a8b6d8a37bd3c686e80f15cbdcf09a84759a3818431816c5ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793967", "to_ids": true, "type": "ssdeep", "uuid": "19c85b3e-97b2-443e-8cca-6351e4e1eebf", "value": "98304:54RPp/JV3il7Pq5PIxv5oWgeQBgblHGORbw6sWkf+sYr86:ORHV27+Ps5ieGgb9H2f2I6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793967", "to_ids": false, "type": "size-in-bytes", "uuid": "3258fdaa-f14c-459a-b7da-f37b30e17b86", "value": "4916345" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793967", "to_ids": true, "type": "vhash", "uuid": "2f667ec4-f0f1-43ca-bc3d-7038c75d899a", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793967", "to_ids": true, "type": "filename", "uuid": "c8cafac8-d859-4e25-914a-b8469104d06e", "value": "8365bbe98d2b075e83cacc588814420b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793967", "to_ids": false, "type": "text", "uuid": "c243ca8c-3456-4654-a49c-c4fa1ec6beb3", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859268", "uuid": "c00b93f7-a01c-4d02-982b-257fd12df140", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859268", "to_ids": true, "type": "md5", "uuid": "fd80f0cb-4a2b-4e47-8e26-56ff8e41554d", "value": "d72878c806fc82fcb98d255dda467bda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859268", "to_ids": true, "type": "sha1", "uuid": "2b49217b-ef1b-46eb-b3ae-165fdec338b9", "value": "1e8f424e6b0dd3c31c217f1fa57af23792a71c2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859268", "to_ids": true, "type": "sha256", "uuid": "6936b9cd-2aca-42a9-8bd7-9cbaae4b81e7", "value": "a1cd3cfff1c4c0e8594fbd643bf5fc3de0ef15de62a2c3c5138514a6b89eec1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740793988", "to_ids": true, "type": "ssdeep", "uuid": "6c64f558-de75-44cf-bd68-ba953f8430c5", "value": "98304:n4RPp/JV3il7Pq5PIxv5oWQAd0EPoxHGORbw6sWkf+sYr8s:4RHV27+Ps56M0zBH2f2Is" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740793988", "to_ids": false, "type": "size-in-bytes", "uuid": "3af9ccbf-5723-4dff-af01-2e7168a53cff", "value": "4917007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740793988", "to_ids": true, "type": "vhash", "uuid": "75861407-46d0-46d3-b8e0-2730ceeb4aa0", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740793988", "to_ids": true, "type": "filename", "uuid": "c249b368-0fdd-499a-891a-95b1eb2e128c", "value": "d72878c806fc82fcb98d255dda467bda.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740793988", "to_ids": false, "type": "text", "uuid": "22774cd5-3eef-4dbd-b712-f9fd7d76609e", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859269", "uuid": "4e5ce250-a2e6-412d-9c42-a6f5449fc96a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859269", "to_ids": true, "type": "md5", "uuid": "cdd935dd-2221-4a7d-8a42-707c89374c1e", "value": "2c2f9f1210243fc67728ee123b9ce79c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859269", "to_ids": true, "type": "sha1", "uuid": "05e5f389-c1d9-4e41-8302-89122286b252", "value": "25b26500ed0407edddb6586dd319529ac793dc60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859269", "to_ids": true, "type": "sha256", "uuid": "8afc0012-ba1c-4687-bb7f-87b3782dee9a", "value": "beaa42012ac86e976ebe69e83613840db49a2af059550997771da2a052cd60e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794009", "to_ids": true, "type": "ssdeep", "uuid": "fdb89a81-87e0-4189-9e9a-626378300882", "value": "98304:N4RPp/JV3il7Pq5PIxv5oWUhpZSkpxhHGORbw6sWkf+sYr8v:yRHV27+Ps5+SQRH2f2Iv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794009", "to_ids": false, "type": "size-in-bytes", "uuid": "5e54063a-1c19-49f3-bd7e-1c8dad3d4d00", "value": "4916264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794009", "to_ids": true, "type": "vhash", "uuid": "127290ff-7062-4cc1-b6d4-326b3c5addc9", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794009", "to_ids": true, "type": "filename", "uuid": "5ea65653-188d-4afa-a60f-79a35f339923", "value": "2c2f9f1210243fc67728ee123b9ce79c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794009", "to_ids": false, "type": "text", "uuid": "2c9b846f-6074-4a81-8728-7ae4c5b569ef", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859270", "uuid": "740951db-c47d-4836-a03b-cca2a90ac1ee", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859270", "to_ids": true, "type": "md5", "uuid": "9723b4dc-1865-405a-82bc-ead2c4a3c6b6", "value": "ec35045be5ac647ad29b28208b923f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859270", "to_ids": true, "type": "sha1", "uuid": "e24a2a34-8456-4e86-a59a-63af57c31a2f", "value": "b7441a192202a8af142fbc43d2b48cab9bc2505a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859270", "to_ids": true, "type": "sha256", "uuid": "322c3075-cabf-40c7-86df-591205e7852e", "value": "969314a3043cc8010e907c74f25f5d225c3e62ea73d37e77c86f6bc4a85d3572", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794030", "to_ids": true, "type": "ssdeep", "uuid": "d80fe48f-f759-45e5-a344-53cb30789069", "value": "12288:2bhrdDUJ3rOun638WjibkWNyJnycfqAcUq2UG8eVMjrte5OfQR0Z2/+7:2bhr1MOuxWY0nycfHq1vk5Oq0h7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794030", "to_ids": false, "type": "size-in-bytes", "uuid": "1b17c06d-bc94-4dfb-ab06-3c50b28a845e", "value": "634055" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794030", "to_ids": true, "type": "vhash", "uuid": "c575a1fc-a574-4a0d-898e-fc809dbc37ca", "value": "a27c2d012389ef4e81cdfd12296a0aa9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794030", "to_ids": true, "type": "filename", "uuid": "93ad839a-b60d-4334-824f-c39e98a1665c", "value": "ec35045be5ac647ad29b28208b923f4f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794030", "to_ids": false, "type": "text", "uuid": "cf084f16-a1af-475c-aada-3fce2ad3b0c2", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859271", "uuid": "32681fb0-69c4-4515-9855-30d3526a88ec", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859271", "to_ids": true, "type": "md5", "uuid": "9fdc1fe8-4272-4afa-a3a2-2eb8e6b389d5", "value": "fdf578bc6485ca9d23aa28c358f584ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859271", "to_ids": true, "type": "sha1", "uuid": "15606121-8403-4a1e-a757-cde7f7186e77", "value": "2bbc387ae74db7a01e80915f9cfc3519ebb52fcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859271", "to_ids": true, "type": "sha256", "uuid": "07b9bd30-b7d5-4baf-93d4-21e9c1ab943e", "value": "68a0812f5b0f01a3c531214a940de787a1346ff39bbc5e455a241d88348b7629", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794052", "to_ids": true, "type": "ssdeep", "uuid": "1c68a4d1-317b-4611-be2a-6b2eaa7c3068", "value": "12288:oec/DT/gmIC9Ji0JrIrS/rPC+reu/1fb2Hb4wdRhRFXJjWQY:o7DTr9JiwrIQLCaD/9b6b4ez1WQY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794052", "to_ids": false, "type": "size-in-bytes", "uuid": "b71d86a7-8a7a-43ef-b185-82a3b40a88b1", "value": "634180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794052", "to_ids": true, "type": "vhash", "uuid": "388f139f-03d7-44bd-83b6-fb4ed34f00e8", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794052", "to_ids": true, "type": "filename", "uuid": "01a9dfa0-066c-4c4a-ab94-ed7fd866a962", "value": "fdf578bc6485ca9d23aa28c358f584ab.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794052", "to_ids": false, "type": "text", "uuid": "2c605a78-340c-4032-ad45-7e7a3d9dccd2", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859273", "uuid": "12e39918-3d77-450e-a505-6233d9bd1f09", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859272", "to_ids": true, "type": "md5", "uuid": "29d0c536-38c2-4c81-a93b-60165e3f3087", "value": "0132d945a10c45eb284b6a32e126933d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859272", "to_ids": true, "type": "sha1", "uuid": "5824212c-f44f-4283-bada-95f1c7b93251", "value": "279d1f93a2a000ce16f4af8ac94344bad29f2f32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859273", "to_ids": true, "type": "sha256", "uuid": "ef0c7378-6dd2-4d0c-a225-9a841fda776c", "value": "4314eef3298dfe87d5dd542d2f4c8ce1c6f29f778db06b8d961d6967d4783c0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794073", "to_ids": true, "type": "ssdeep", "uuid": "495b1d74-1d4d-4888-9273-6a22fe122977", "value": "49152:/stKw1qSIRvu+Jxda4YchhvjmRpKXRGohKLyn7nw+c0QCKrAZoEjA:ktKLSgxtjhvjmS3hoy2CSEM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794073", "to_ids": false, "type": "size-in-bytes", "uuid": "985a40ae-8146-4de6-9689-442bcee13687", "value": "3452253" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794073", "to_ids": true, "type": "vhash", "uuid": "21e7d207-3cfc-456c-888e-7b95cb95408d", "value": "6107a601c46c2a42ffffd071f6da372a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794073", "to_ids": true, "type": "filename", "uuid": "0d40a964-12d4-40f1-87e7-043abdf5288e", "value": "279d1f93a2a000ce16f4af8ac94344bad29f2f32.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794073", "to_ids": false, "type": "text", "uuid": "19476cb8-4705-42c2-ae42-e157ef72eaee", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:AndroidOS/Aio.A!MTB\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859274", "uuid": "15776ac8-62f7-4f82-a81b-bb996b7a5461", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859273", "to_ids": true, "type": "md5", "uuid": "8a89c16f-70bc-4a69-bbeb-433148d8f157", "value": "4ed73fe264ca76754d05e336e2e5f93b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859274", "to_ids": true, "type": "sha1", "uuid": "f3f40824-2572-4f84-9a4f-91a096469596", "value": "896e198988792ed72a17c32e6ec16b4028c77a3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859274", "to_ids": true, "type": "sha256", "uuid": "6dd5f2ac-7082-47fc-8529-d7605aa66684", "value": "ed3275117f2cd07f1d8bd68d176bbd2f442c393aec402a89be9d4b3a5c8eb82b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794095", "to_ids": true, "type": "ssdeep", "uuid": "f9d7181f-58f5-4e64-9464-06d0c1b7ee3c", "value": "98304:R4RPp/JV3il7Pq5PIxv5oWk+yqf1yDHGORbw6sWkf+sYr8k:GRHV27+Ps5fF1y/H2f2Ik" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794095", "to_ids": false, "type": "size-in-bytes", "uuid": "6b1ee069-3d0e-4f18-9552-1d7f5a1927df", "value": "4915492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794095", "to_ids": true, "type": "vhash", "uuid": "02bba714-38f5-4236-acd3-f6d4aceffdb3", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794095", "to_ids": true, "type": "filename", "uuid": "21f77bb4-2f0d-4e5a-b010-baff40ec90c8", "value": "4ed73fe264ca76754d05e336e2e5f93b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794095", "to_ids": false, "type": "text", "uuid": "d99032d8-0b7c-4d31-a84d-facff58c304f", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859275", "uuid": "1adde2cf-5b6b-42ed-9c21-bcbfffa93d2a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859275", "to_ids": true, "type": "md5", "uuid": "f80c09f2-ba13-4287-9b64-db4614d88a98", "value": "2e62752e83d22b6cdd231b3d8c722525", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859275", "to_ids": true, "type": "sha1", "uuid": "38756ba2-d6a3-41fc-94bd-c4c74d27efbd", "value": "effede7095a158b4ded6d8dcfcc1cbf18ae6ccc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859275", "to_ids": true, "type": "sha256", "uuid": "0520fef6-6855-44ac-80a1-9ce75f406dc9", "value": "e3fcbbdd1b0d921701aa9b053be41ab35135afc2344e9f28c3b89cad1709d003", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794116", "to_ids": true, "type": "ssdeep", "uuid": "3660a1a9-942d-414d-aa1d-408fbcef63bb", "value": "98304:P4RPp/JV3il7Pq5PIxv5oWu2HGORbw6sWkf+sYr8g:gRHV27+Ps5UQH2f2Ig" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794116", "to_ids": false, "type": "size-in-bytes", "uuid": "7df6dfd0-3d68-40f0-8b81-ca6b8759155a", "value": "4915483" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794116", "to_ids": true, "type": "vhash", "uuid": "354829c7-30ad-44a3-876c-bc621b5d0bcc", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794116", "to_ids": true, "type": "filename", "uuid": "0cb1b194-bc68-433e-8df1-1a4870c87f66", "value": "2e62752e83d22b6cdd231b3d8c722525.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794116", "to_ids": false, "type": "text", "uuid": "15f88e7e-8770-4e71-8ec9-70eb5514a625", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859276", "uuid": "00ac883e-7497-41fe-b6e7-76285a543143", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859276", "to_ids": true, "type": "md5", "uuid": "554d8e8a-f528-414e-a03a-8cb4bcecf676", "value": "c87770db6f1dfaf7b544d40166d0552b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859276", "to_ids": true, "type": "sha1", "uuid": "4e121fbf-3754-4e19-ab74-573ab4210fca", "value": "be1fd0c561fcfb1123e88e48a66fcb406be27994", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859276", "to_ids": true, "type": "sha256", "uuid": "9c5b2e9f-ba88-4e41-974d-cb49edd7fb6c", "value": "d9eef65a1f97125f6c9230357526b41a2908199e61eb078901355ded5dc8fe7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794137", "to_ids": true, "type": "ssdeep", "uuid": "c62871fa-6813-400a-ac75-e5497be02a84", "value": "98304:x4RPp/JV3il7Pq5PIxv5oW+mc1tnPs+1HGORbw6sWkf+sYr8z:mRHV27+Ps5gmc1t/H2f2Iz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794137", "to_ids": false, "type": "size-in-bytes", "uuid": "d17509db-0128-414f-8264-ad6a1f11f76e", "value": "4915423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794137", "to_ids": true, "type": "vhash", "uuid": "89f359bb-ece6-4d90-83c8-0fac046f0ab2", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794137", "to_ids": true, "type": "filename", "uuid": "a567e107-4dba-40a4-b2b3-723170901a13", "value": "c87770db6f1dfaf7b544d40166d0552b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794137", "to_ids": false, "type": "text", "uuid": "51b0458e-2279-4f7c-a4e6-cdbe1b388ead", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859277", "uuid": "2a5428b7-21ff-4396-ae54-a893bc23727c", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859277", "to_ids": true, "type": "md5", "uuid": "6e9ec669-970f-4bab-b67c-1103a28ae69c", "value": "63c482869fd368e4d4737b1d1f018721", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859277", "to_ids": true, "type": "sha1", "uuid": "a1f4581c-2166-4810-9e74-368580427278", "value": "eb8cceabc7e127347c7c02e75526f505de7c7baa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859277", "to_ids": true, "type": "sha256", "uuid": "1079a58e-2513-4fc2-8496-295654208964", "value": "da6d73d5bba52905a89fc41ceae42e1e6ca6e6983b9420f58fa4d66e875b6b30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794159", "to_ids": true, "type": "ssdeep", "uuid": "4343bc46-e5eb-4300-a071-d186699d0e4a", "value": "98304:Z4RPp/JV3il7Pq5PIxv5oWtZpx+kY+aHGORbw6sWkf+sYr8B:uRHV27+Ps5V2+8H2f2IB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794159", "to_ids": false, "type": "size-in-bytes", "uuid": "22215faa-7426-4f7d-be08-a7a6ea4f3c8d", "value": "4915372" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794159", "to_ids": true, "type": "vhash", "uuid": "b59a5f68-f020-4cab-b6a0-b0d5289cef89", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794159", "to_ids": true, "type": "filename", "uuid": "460a4169-f7c6-4a99-a401-504fdc75672f", "value": "63c482869fd368e4d4737b1d1f018721.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794159", "to_ids": false, "type": "text", "uuid": "18332d13-6e3b-41b0-bba6-bbd980c45850", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859278", "uuid": "90c120f0-05ea-469f-88c0-99920580e64a", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859278", "to_ids": true, "type": "md5", "uuid": "de5f0e0b-e4c7-4af9-a1af-3124b43c7698", "value": "dec990bed9ef89dced0435525ad9b58b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859278", "to_ids": true, "type": "sha1", "uuid": "533d76c9-3114-4a21-8846-d25c7d7e24bc", "value": "25cb46005c80632f1a7a352194efd1320c2f8f0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859278", "to_ids": true, "type": "sha256", "uuid": "d5328f49-2bbe-4016-9d77-ccdd60fcbea8", "value": "c2456b4b7e8d37228d624a6480709cc20f06c88dd3f73014a8ebd0d253e08510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794180", "to_ids": true, "type": "ssdeep", "uuid": "ec1f508b-d74b-42c0-b4f9-edd050f5aa7c", "value": "12288:vpQN5C34J1lvCEl41hwQl593NPZe6A6gxrrhJM6IzZoACoJW:vyNMo4H3xA6AzlC6amACaW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794180", "to_ids": false, "type": "size-in-bytes", "uuid": "b9580536-f0ad-4079-b8f1-bb8dfa16b1c8", "value": "634151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794180", "to_ids": true, "type": "vhash", "uuid": "0dffe661-cfef-4475-adda-cb6770e9db0d", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794180", "to_ids": true, "type": "filename", "uuid": "402b7eb6-e4b2-46ba-a70c-ca495e8c841d", "value": "dec990bed9ef89dced0435525ad9b58b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794180", "to_ids": false, "type": "text", "uuid": "373ec9b8-91d9-460d-b7e9-5179eac38507", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859279", "uuid": "8b4e13cc-e716-4a37-a8a7-f70f17e65834", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859279", "to_ids": true, "type": "md5", "uuid": "b1036323-117c-4655-b75a-a9f9d925c16d", "value": "24a58a4f33d4534e77d0221453801aa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859279", "to_ids": true, "type": "sha1", "uuid": "659dae8b-b372-4967-a560-71fe40d969e1", "value": "63ad2d88e8132a561184c70b37d02eab034b8977", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859279", "to_ids": true, "type": "sha256", "uuid": "03e73067-89c6-4a2d-9d2a-b90dfec9a054", "value": "96ca3e52b6f8fb1ff5589e76dd1e6b082475370c631ae85c57ec7623e7a42938", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794202", "to_ids": true, "type": "ssdeep", "uuid": "009e3e96-b51a-4a37-ad1b-2791a657955b", "value": "98304:lYVsMsv6jp/JV3il7Pq5PIxv5oWwJE7DHGORbw6sWkf+sYr88:SVTY8V27+Ps5T7/H2f2I8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794202", "to_ids": false, "type": "size-in-bytes", "uuid": "c609132b-6fd1-4ac1-a691-c83a5afa4748", "value": "4915414" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794202", "to_ids": true, "type": "vhash", "uuid": "e5bd1449-3a96-4872-890f-f09ec2004e3b", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794202", "to_ids": true, "type": "filename", "uuid": "00db77a0-608e-4990-8087-8a5e7efd6021", "value": "24a58a4f33d4534e77d0221453801aa6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794202", "to_ids": false, "type": "text", "uuid": "408b28fb-6ebf-4d86-bb2d-826ded6209be", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859281", "uuid": "20a37f37-2745-48f5-bfc9-9e3d5c64eb38", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859280", "to_ids": true, "type": "md5", "uuid": "9e158c43-987b-40da-89d9-9c4538b0c7ba", "value": "5c0189b9faa4e96b927a6e0aa7a31cdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859280", "to_ids": true, "type": "sha1", "uuid": "299d7dee-a83f-486f-bdb6-7201a5c46f9b", "value": "cab9c8c190e357e79ed7c27242824b8cdac31acc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859281", "to_ids": true, "type": "sha256", "uuid": "2efb5417-f76a-4575-a68b-a743cb773490", "value": "67450e07931407105f6f6ce30d86070486ed94693b320db3b1bc2c15796d4b62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794223", "to_ids": true, "type": "ssdeep", "uuid": "8224aa9c-ec25-45e3-97d8-15a660fb97d1", "value": "98304:ZYVsMsv6jp/JV3il7Pq5PIxv5oW7PGtNUO2HGORbw6sWkf+sYr8l:GVTY8V27+Ps50tN5QH2f2Il" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794223", "to_ids": false, "type": "size-in-bytes", "uuid": "bce79abd-de2b-4250-b0f0-adfbc08d522e", "value": "4915216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794223", "to_ids": true, "type": "vhash", "uuid": "45af5adf-d9ab-459b-b3a8-7f63c786cc5b", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794223", "to_ids": true, "type": "filename", "uuid": "8a294061-1f28-4427-a0c7-a90bc0e57a42", "value": "5c0189b9faa4e96b927a6e0aa7a31cdc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794223", "to_ids": false, "type": "text", "uuid": "2912ecde-d943-48e2-bf61-b6743155decb", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859282", "uuid": "91a5372d-0452-4007-a883-b4d48753e0f2", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859281", "to_ids": true, "type": "md5", "uuid": "372984c2-8f8f-460e-9209-a0432e9d2501", "value": "f8a6e8b3dd4e7a6077123daa51ee3eb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859282", "to_ids": true, "type": "sha1", "uuid": "20fb1c60-1c27-4dcb-a63a-75d1073fc7d2", "value": "abdf752e0aa4b0fd1da73aaf98479f2e647a29d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859282", "to_ids": true, "type": "sha256", "uuid": "83858dad-2494-45b9-80ff-9f166e6cc13c", "value": "ce0243bcc2f720d624f2c52b2966fac749ba59203b00c300959d15876977500e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794244", "to_ids": true, "type": "ssdeep", "uuid": "dd1cd7ad-5b7e-4e2a-ba28-6bc43efac80b", "value": "12288:CSQN5C34J1voexK4AjOn1aXw7APjSXDj/6vzBgPngK5U6069thd6H:CDNMaK4oO8SsjIz6vzBcngSRHBsH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794244", "to_ids": false, "type": "size-in-bytes", "uuid": "c88a257f-7f56-47e8-83db-9e47eb9668c1", "value": "634050" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794244", "to_ids": true, "type": "vhash", "uuid": "78009425-03d0-4318-8374-4c0203918461", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794244", "to_ids": true, "type": "filename", "uuid": "95047bbe-35a8-444c-8185-08476fcaa78f", "value": "f8a6e8b3dd4e7a6077123daa51ee3eb4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794244", "to_ids": false, "type": "text", "uuid": "a13db712-b25e-4d23-bd3b-79f9f7054150", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859283", "uuid": "a1c93e1b-5beb-4f7d-b53e-7bf1f8099ab0", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859283", "to_ids": true, "type": "md5", "uuid": "9265de9a-538e-4576-a5ab-bd98ff4b8abe", "value": "94b90e60a80eb5e1ea66a0e225a700e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859283", "to_ids": true, "type": "sha1", "uuid": "15177045-c333-440a-b94a-edcc358a700e", "value": "466ca8bdcbea9d436533d8deecfc6b4a8cb0cbc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859283", "to_ids": true, "type": "sha256", "uuid": "4b695e8e-0fcf-4a99-a493-dd7b486781b9", "value": "d3a396b2f0740feb301b14c11a70300416af341e5f11a4ef57ce4ada12b322b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794265", "to_ids": true, "type": "ssdeep", "uuid": "72a73d43-4cbd-45fe-bd7a-7275f8a24f7f", "value": "98304:dFxUZNIsHp/JV3il7Pq5PIxv5oWOwPo9/qvGORbw6sWkf+sYO8x:dkHV27+Ps5noFkH2f23x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794265", "to_ids": false, "type": "size-in-bytes", "uuid": "9aa34e1c-bc4e-45b3-89a0-d9555ad4dcdc", "value": "4909012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794265", "to_ids": true, "type": "vhash", "uuid": "bc618882-b0f6-4570-9cee-8f4ca4d8452b", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794265", "to_ids": true, "type": "filename", "uuid": "5791d5d6-a17d-4a58-83b8-91d9b4697ef6", "value": "94b90e60a80eb5e1ea66a0e225a700e1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794265", "to_ids": false, "type": "text", "uuid": "fcfa4caf-ad9a-4c86-964b-271888b23311", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859284", "uuid": "ba51431d-3f88-475c-8ed5-ae27232cadaf", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859284", "to_ids": true, "type": "md5", "uuid": "b9876c77-aea0-40c4-b555-62125e324636", "value": "b5fcfbf76c733bdf4a869a57ef19b6d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859284", "to_ids": true, "type": "sha1", "uuid": "55a78a6b-1091-443e-b09b-497b062997e0", "value": "70c18146191376dd8eb8195dbf3ac627a2fad5d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859284", "to_ids": true, "type": "sha256", "uuid": "edeb493e-c1c3-44f7-99cd-22b12ee66564", "value": "f85c014214da7ea803bc5367e7f7e1c6f339961235342f3ede8da45f17e7022f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794287", "to_ids": true, "type": "ssdeep", "uuid": "f2341596-1212-4002-8833-9620b8ab6b38", "value": "12288:bcQN5C34J1wRFj3Z4FSnA0+02HcxEvk3vHxawPFcA8H7HuaJbZpeZhw4:bFNMvp4FuN2CJDc7Huipaw4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794287", "to_ids": false, "type": "size-in-bytes", "uuid": "f35b70de-919b-42ad-b6ed-900d6d615c28", "value": "632859" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794287", "to_ids": true, "type": "vhash", "uuid": "41e4bf10-a724-41dd-a0dd-d7729fbb62c0", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794287", "to_ids": true, "type": "filename", "uuid": "327b4010-9204-41cb-a78b-48327dd93c2e", "value": "1031-70c18146191376dd8eb8195dbf3ac627a2fad5d7" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794287", "to_ids": false, "type": "text", "uuid": "64c94880-9fec-4ae2-a9e0-5c3e885f7670", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859285", "uuid": "562d888a-58e1-435b-94fe-a46f72c1fa04", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859285", "to_ids": true, "type": "md5", "uuid": "aacf99c2-4b8a-4674-afed-b2212f17f720", "value": "f255ccb48fda959457ce71520afe3038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859285", "to_ids": true, "type": "sha1", "uuid": "636e864a-0da2-4ded-929f-94a823e170c6", "value": "fdd94086c2bfc5af7cf491f3242b4e15687da866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859285", "to_ids": true, "type": "sha256", "uuid": "9b2b2a53-baf7-40f2-a165-257034b8b1d9", "value": "d6b311c17d9157dcd4d58afe6f00aab09e3834680714b2251323f768dc8c1e37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794308", "to_ids": true, "type": "ssdeep", "uuid": "11f97e7d-0935-4f13-a70d-b3eba4c30635", "value": "12288:PApBIAE5gMGNoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIf:YnBOgMKokahcSImWni+BlcIoz8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794308", "to_ids": false, "type": "size-in-bytes", "uuid": "8a442ef3-4047-4140-ae2b-2669f6ca7fad", "value": "678588" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794308", "to_ids": true, "type": "vhash", "uuid": "a95c9252-e906-4b0c-833f-30551a110e72", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794308", "to_ids": true, "type": "filename", "uuid": "a2ca0023-69f9-4d4a-9be5-b9dd16035cb2", "value": "f255ccb48fda959457ce71520afe3038.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794308", "to_ids": false, "type": "text", "uuid": "f0e8b4c2-431c-4e2e-a5ee-1e727ab95c9c", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859286", "uuid": "e71726f3-6ea9-4ef5-804a-961a93123280", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859286", "to_ids": true, "type": "md5", "uuid": "829122a7-6f3c-47e4-a27e-3ffa5caf99f8", "value": "774d9f8fe10c169784a78cd1613a550e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859286", "to_ids": true, "type": "sha1", "uuid": "ab7f1653-1c6e-4438-8322-76679ea1ca79", "value": "756e685261d2dddb91f9752c9ddda5e353fdfbcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859286", "to_ids": true, "type": "sha256", "uuid": "0e7b0f62-c521-4c2d-a466-071890aa55ba", "value": "e8b88ba3e5b8e9243fef85b04cb108197e037b2a995a32936b174eeb20e08c50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794330", "to_ids": true, "type": "ssdeep", "uuid": "84ec3b36-fbab-43cd-bf47-c059ef4a1ea9", "value": "12288:8wQN5C34J1e4Fj3Z4FSnA0+02HcxEvk3vHxawPFcA8H7HuaJbZpeZhwr:8BNMYp4FuN2CJDc7Huipawr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794330", "to_ids": false, "type": "size-in-bytes", "uuid": "0dfcfe4c-d92a-46f9-8631-bf2add9a1cf1", "value": "632860" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794330", "to_ids": true, "type": "vhash", "uuid": "1dca6f15-2ccd-44ca-b920-89c505a8f8a7", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794330", "to_ids": true, "type": "filename", "uuid": "0bc5781a-074d-43f2-92ed-188905958c52", "value": "774d9f8fe10c169784a78cd1613a550e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794330", "to_ids": false, "type": "text", "uuid": "74383aeb-31f0-40c6-aeb9-8631cde53430", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859287", "uuid": "e3f62b2e-bae9-4a04-a096-b8032ae3a116", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859287", "to_ids": true, "type": "md5", "uuid": "8a1d5bc9-2909-4d67-919c-c1cbc78888ac", "value": "c0edb87993bf3630900f5050e02d8b28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859287", "to_ids": true, "type": "sha1", "uuid": "a128bf50-f067-4931-8f82-4b7e612093d8", "value": "913861b0229fd80a267070fb3f5596eceaf2fa6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859287", "to_ids": true, "type": "sha256", "uuid": "8fc996e6-1640-4279-8bf3-7fe19f1cdd18", "value": "2fafb6a72b5e1b0f651ad475f82961263907db14d8ace217d8f19e356d3b4e15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794351", "to_ids": true, "type": "ssdeep", "uuid": "f420f47d-38ba-4e37-8817-6798c4b01ca0", "value": "12288:KyBIAE5gMnEoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIl:KYBOgMEokahcSImWni+BlcIozW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794351", "to_ids": false, "type": "size-in-bytes", "uuid": "74514f16-2a33-4cda-a6db-391a00b8f3c8", "value": "678546" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794351", "to_ids": true, "type": "vhash", "uuid": "36fe9f55-beb6-4986-a7e2-ebe23167bc97", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794351", "to_ids": true, "type": "filename", "uuid": "08b47c35-225e-4498-9e7f-a174f17b61e1", "value": "c0edb87993bf3630900f5050e02d8b28.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794351", "to_ids": false, "type": "text", "uuid": "eaed4443-cf9f-4479-be98-63989af6be1b", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859289", "uuid": "968a7729-6a0e-4557-a6c7-f15387671e9e", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859288", "to_ids": true, "type": "md5", "uuid": "12d2b404-f1bf-4809-b7ff-40a776720cbd", "value": "83c935bdec4df488dbf80a7c62f1cd56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859288", "to_ids": true, "type": "sha1", "uuid": "df736a42-aeb7-47f5-9ca5-84c611178add", "value": "f1e261665b244a165cff1f3471cb17054174696e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859289", "to_ids": true, "type": "sha256", "uuid": "801e1f4f-d0e3-47e5-a149-66120f7f40ad", "value": "9a9b1526b92ee1d4d5645a97391792acda36561fe6837a1959be9448a6782d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794372", "to_ids": true, "type": "ssdeep", "uuid": "47ad8c60-7080-4172-9bb4-99a957571c03", "value": "12288:vyFOJDl97C6PFj3Z4FSnA0+02HcxEvk3vHxawPFcA8H7HuaJbZpeZhwh:v9p4FuN2CJDc7Huipawh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794372", "to_ids": false, "type": "size-in-bytes", "uuid": "105cbe04-9d1e-44ac-a387-4764995731c1", "value": "632755" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794372", "to_ids": true, "type": "vhash", "uuid": "ef16feed-462e-40de-91c3-bf3769a9ac77", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794372", "to_ids": true, "type": "filename", "uuid": "4565ef06-6b5e-4584-b81c-f24a65305ea8", "value": "83c935bdec4df488dbf80a7c62f1cd56.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794372", "to_ids": false, "type": "text", "uuid": "e3388b5d-8cf3-46d4-a1d0-8f0d0eef4e7c", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859290", "uuid": "6876459d-6411-43f1-a57c-e936297a45dd", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859289", "to_ids": true, "type": "md5", "uuid": "fbff8f31-5cac-4fb7-a585-e40f3f8aff60", "value": "807be1c015a3d9c9dfe5714ced0a4da4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859290", "to_ids": true, "type": "sha1", "uuid": "f7460ed7-8898-4921-86b9-56a10e4521ce", "value": "54b35b018e5d92dfef9ea26249b945d53b7b8773", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859290", "to_ids": true, "type": "sha256", "uuid": "b9ea5bb8-3003-45ae-9b19-0998686d4aca", "value": "383cd5b23bf42f13969592322f5e60b082cea0b05ddcb1830cbd24dc254f60e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794394", "to_ids": true, "type": "ssdeep", "uuid": "8a057821-7b17-47ad-8b8b-b44559c6be97", "value": "12288:DdBBIAE5gMo/oka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIz:ZvBOgMWokahcSImWni+BlcIozg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794394", "to_ids": false, "type": "size-in-bytes", "uuid": "9b40312e-05e3-4b26-a6a7-961ea3040c16", "value": "678533" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794394", "to_ids": true, "type": "vhash", "uuid": "62dfc1fc-3970-44a7-8d4d-8c2202330587", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794394", "to_ids": true, "type": "filename", "uuid": "4c03e0cc-19d2-4292-abc4-f8bf15e69d7d", "value": "807be1c015a3d9c9dfe5714ced0a4da4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794394", "to_ids": false, "type": "text", "uuid": "bae27524-fb59-4c98-82fa-dd60bdc43797", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859291", "uuid": "b0fa4d36-a2ea-41eb-8294-22504604a48c", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859291", "to_ids": true, "type": "md5", "uuid": "0bbd7c24-bf98-415f-a573-047f87a3ad19", "value": "620a0d230fc6cd0fe57b9592e5cc762a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859291", "to_ids": true, "type": "sha1", "uuid": "7e15a857-6174-4a41-a978-4a7c3dcf3554", "value": "51c6014bac840dc80c650c7797195ace86150530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859291", "to_ids": true, "type": "sha256", "uuid": "b3a58d7d-7981-4761-b6fa-5b8f1d6c696f", "value": "43f4d46fbd9f939118e6f5c8e37aedc6235d3f72ecf05438ee350d26e1f65e2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794415", "to_ids": true, "type": "ssdeep", "uuid": "0c63d4b4-f490-4ea9-8a79-c3924daa0d79", "value": "12288:lFBIAE5gMcboka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIz:lDBOgM2okahcSImWni+BlcIozk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794415", "to_ids": false, "type": "size-in-bytes", "uuid": "0466f806-6ac2-4b12-afae-1e60b7c18b00", "value": "678535" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794415", "to_ids": true, "type": "vhash", "uuid": "ae110a00-589b-4c27-868f-275425e21df7", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794415", "to_ids": true, "type": "filename", "uuid": "2e2ad7e4-084c-43fe-b5b2-9209b19c0957", "value": "620a0d230fc6cd0fe57b9592e5cc762a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794415", "to_ids": false, "type": "text", "uuid": "cdad8d29-4811-42a0-9439-1490a6480d1b", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:37/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859292", "uuid": "478e858a-4bae-4603-abff-daf8731eb596", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859292", "to_ids": true, "type": "md5", "uuid": "3a107bf2-c318-4d27-aa1d-8dc7e2a972e4", "value": "bd2ff9a4884b282ce81861176eb57450", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859292", "to_ids": true, "type": "sha1", "uuid": "fa892c1d-4203-4d7a-9f6a-972c38017d49", "value": "85bc52ddb37041aa8dfda74628a15153ebc83fcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859292", "to_ids": true, "type": "sha256", "uuid": "4a60d297-8348-428c-adaa-8e2f434966bf", "value": "183bd648fddec2c111f0031f87be4bb393c4dd40ce58db7471f78d3f9a98b052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794436", "to_ids": true, "type": "ssdeep", "uuid": "148a1cee-9feb-431a-af0d-515db6aa4691", "value": "12288:veFOJDl97CtxFj3Z4FSnA0+02HcxEvk3vHxawPFcA8H7HuaJbZpeZhw0:vKp4FuN2CJDc7Huipaw0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794436", "to_ids": false, "type": "size-in-bytes", "uuid": "6366183b-52a6-484a-982a-1ffad64fc6fa", "value": "632721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794436", "to_ids": true, "type": "vhash", "uuid": "15c21028-0051-4872-a512-167cf84cc264", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794436", "to_ids": true, "type": "filename", "uuid": "94523955-fc69-4cfd-843f-3874a017f9b6", "value": "bd2ff9a4884b282ce81861176eb57450.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794436", "to_ids": false, "type": "text", "uuid": "e2b300bd-75a6-4bfb-9065-e83e75e3b49e", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859293", "uuid": "eda2403f-b754-4cfb-8bac-7b8a00693e8e", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859293", "to_ids": true, "type": "md5", "uuid": "77e219a3-6669-48e3-b76c-444429a12d7a", "value": "a2ed7e5fbe26366907f07f19355473c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859293", "to_ids": true, "type": "sha1", "uuid": "22d958c1-3071-48ce-95f0-37d740160a53", "value": "1a5e4c13509dd61bad7965ce3a022ae84f8fc13c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859293", "to_ids": true, "type": "sha256", "uuid": "2bf879f2-8d43-4808-89f6-cb85f1e45c40", "value": "33fef2964263fa51561806913cbca6c65d94f2d80073f73f02feec9533642c3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794457", "to_ids": true, "type": "ssdeep", "uuid": "ae184050-d534-4a6a-a49d-68e10b933c96", "value": "12288:UdBIAE5gMMcoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIA:ULBOgMRokahcSImWni+BlcIozb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794458", "to_ids": false, "type": "size-in-bytes", "uuid": "219deff0-b35a-4a61-a5fc-ab203bd81d8f", "value": "678533" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794458", "to_ids": true, "type": "vhash", "uuid": "418325ac-29d0-442e-8e90-205c88a17eb6", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794458", "to_ids": true, "type": "filename", "uuid": "1b6d35df-6d21-49fc-86b0-afcf2c9e8445", "value": "a2ed7e5fbe26366907f07f19355473c9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794458", "to_ids": false, "type": "text", "uuid": "c2ae0936-39af-4ee6-a081-f1144d490029", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859294", "uuid": "298a974e-99f8-4131-b618-413c312b42f7", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859294", "to_ids": true, "type": "md5", "uuid": "13d56805-3d41-49c8-b6b3-c74f7ac19759", "value": "449d9aa24a6b57648c716d76cc177dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859294", "to_ids": true, "type": "sha1", "uuid": "d8ce9ba6-94e7-4a86-b9e2-41f7da143219", "value": "fe11cc20ad8fb2eaaa744c7db05dbb5d0918744a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859294", "to_ids": true, "type": "sha256", "uuid": "28a3e45c-852b-4c07-8ef2-57c511420979", "value": "15cfaad9d46410903bd853a415a1fed97d89eaaf171c7c694a0b0f1c87f259e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794479", "to_ids": true, "type": "ssdeep", "uuid": "ade49842-b476-464a-bb01-e5443a96f9b7", "value": "24576:EfnSjz6eeMgRFzqpNTrLKwYBXXeNuMTEDOK3ndi0105cw+Rdh3dfXMWn:QIeMCVqzWw6XXeNucEqK3HCEL31cWn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794479", "to_ids": false, "type": "size-in-bytes", "uuid": "1bc5983c-8c74-4c35-967d-f9c9d5911522", "value": "1109176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794479", "to_ids": true, "type": "vhash", "uuid": "a3a19d7f-dfa7-4c7e-8de7-c2f689a6dbac", "value": "672e1e2bbfadbff1cd7285136eaa6dc2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794479", "to_ids": true, "type": "filename", "uuid": "068a209f-e560-48b5-aa29-2e1b6a3ac991", "value": "GoogleService.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794479", "to_ids": false, "type": "text", "uuid": "51ea0964-7d5f-4ce1-bc46-66589f5250fd", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859296", "uuid": "b5cff52e-e95e-4748-b727-bd2c1a777c19", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859295", "to_ids": true, "type": "md5", "uuid": "c0fa6222-2ecc-4d78-9095-079b0635211a", "value": "fa561993dbb740eec639c249591b9cf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859295", "to_ids": true, "type": "sha1", "uuid": "4416c829-2297-45f4-a865-082f4a7a07f9", "value": "54e826db05deb440bbf376b807febeeed9c0cc01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859296", "to_ids": true, "type": "sha256", "uuid": "09001b9d-907b-45fa-9333-3102fcc4cb1c", "value": "bff6c6e0b3fe236f52fa884654cc25e20666d251737ca4029fcce09d22433bd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794500", "to_ids": true, "type": "ssdeep", "uuid": "403101e1-2a21-4084-b36c-527082e0179b", "value": "24576:mumnSjz6eeMgRFzqpNTrLKwYBXSnRs3mvwO0g5S8ff2U/b7zBZhbu9XcFV:mhIeMCVqzWw6XcVj0g5StU/PTVu9Mb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794500", "to_ids": false, "type": "size-in-bytes", "uuid": "7c9b6804-9429-4c1c-a875-709ad136c0ac", "value": "1440561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794500", "to_ids": true, "type": "vhash", "uuid": "6945e26c-7690-4d86-8d37-4c071eb14e4f", "value": "caba5451dfb45c3f0a7e1e127b69a631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794500", "to_ids": true, "type": "filename", "uuid": "e3bdbb40-1619-4dc1-88d8-8dbb07963698", "value": "\u5c0f\u8349.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794500", "to_ids": false, "type": "text", "uuid": "de3cc396-ac2c-4ca2-9ffc-6a0dbb9e532f", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859297", "uuid": "82001e36-5ac0-459a-8c20-b9b66705a931", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859296", "to_ids": true, "type": "md5", "uuid": "6e3db2ef-9dd8-4b33-99d4-6fe5ab87485a", "value": "2584cba249c41bd85654dc584ad8d639", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859297", "to_ids": true, "type": "sha1", "uuid": "5330400a-f8a7-4d08-986f-5d4b75eb18d3", "value": "ba86afd3acda00bc356acbf2eee9c069ef123db6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859297", "to_ids": true, "type": "sha256", "uuid": "8f213b71-b02e-465b-a570-b3773823c137", "value": "1a09f97723e8c63424163c197d1f8bf8e9ba5ec1cb962056046abd0a9f41266c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794522", "to_ids": true, "type": "ssdeep", "uuid": "0cb1ddb5-f7c6-40e5-a93c-c838efe1267a", "value": "12288:efFOJDl97CYFFj3Z4FSnA0+02HcxEvk3vHxawPFcA8H7HuaJbZpeZhwl:e4p4FuN2CJDc7Huipawl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794522", "to_ids": false, "type": "size-in-bytes", "uuid": "7547ce94-5477-4f53-a8b5-c68faea09ca0", "value": "632752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794522", "to_ids": true, "type": "vhash", "uuid": "15aae61a-4a25-4509-9a4e-1f0b2715a2d0", "value": "29e7b9a852c611f6ccc32864472ca3d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794522", "to_ids": true, "type": "filename", "uuid": "5d6b65d6-319c-42b3-9389-e652b8d18cc8", "value": "2584cba249c41bd85654dc584ad8d639.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794522", "to_ids": false, "type": "text", "uuid": "bf3fe3fb-049b-4e6a-ba07-61c3c3a512cb", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859298", "uuid": "e3dfcfef-39c5-492d-a699-016a1698f353", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859298", "to_ids": true, "type": "md5", "uuid": "80e7c2a7-1806-4cde-9231-915d50d0af45", "value": "2cdcc467c3a7cb5affda5b354587af67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859298", "to_ids": true, "type": "sha1", "uuid": "2313af1a-cb7b-45a6-b673-b7356899ef1f", "value": "52a5b29219abba162d1e17457a29778c55e42b23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859298", "to_ids": true, "type": "sha256", "uuid": "65400e06-c057-437a-8a16-4677ca1b2b20", "value": "8a8cfa3f6ec994bbb820056b9f6e2f20d8fd59a9d2aa1ff38d9be016864b56b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794543", "to_ids": true, "type": "ssdeep", "uuid": "1426f135-77ed-46ff-a7ee-606dea525ea6", "value": "12288:dyBIAE5gMQPoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIV:dYBOgMGokahcSImWni+BlcIoz2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794544", "to_ids": false, "type": "size-in-bytes", "uuid": "5a4fc059-c99b-429c-9a36-8e410d0498e0", "value": "678508" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794544", "to_ids": true, "type": "vhash", "uuid": "6e215799-131f-4f70-881e-868b982a1a22", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794544", "to_ids": true, "type": "filename", "uuid": "3fed71bf-5481-4029-9575-b7f47dc2fb3a", "value": "2cdcc467c3a7cb5affda5b354587af67.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794544", "to_ids": false, "type": "text", "uuid": "fe1617fd-9c5e-480f-a422-f71f564e2aa2", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859299", "uuid": "9115e47d-b55b-434f-9c7b-f28ba1e3387b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859299", "to_ids": true, "type": "md5", "uuid": "db787b8f-cdf1-4b8e-85fa-10903506b0e5", "value": "129fb64531098f3eb2357fce0cadb511", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859299", "to_ids": true, "type": "sha1", "uuid": "a6fc273d-72d8-4660-be37-28c57b128111", "value": "4dc1e7fb8d84fed80691d084433e8119edba9285", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859299", "to_ids": true, "type": "sha256", "uuid": "a461385f-a5a4-4306-b0f1-cde7890fd946", "value": "0bbb848ab8ac501fc1eb4a17520184c68e60c822bd43db24276b53844f1ca36a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794565", "to_ids": true, "type": "ssdeep", "uuid": "53a52a4d-4fd5-4f9c-b323-ba3d41b51d7d", "value": "12288:mgBIAE5gMYkoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIJ:maBOgMhokahcSImWni+BlcIoz+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794565", "to_ids": false, "type": "size-in-bytes", "uuid": "ee743eef-577e-4b0c-b2e9-59e49b4a48f1", "value": "678525" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794565", "to_ids": true, "type": "vhash", "uuid": "982a51ab-4b21-4500-a8ee-abd3affdb172", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794565", "to_ids": true, "type": "filename", "uuid": "b7de4ba5-0645-47e1-84b2-da2f5243c192", "value": "129fb64531098f3eb2357fce0cadb511.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794565", "to_ids": false, "type": "text", "uuid": "16ea565b-371d-41ff-a015-25c94c6c57ec", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859300", "uuid": "d03b52ad-4381-4457-b684-801279128956", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859300", "to_ids": true, "type": "md5", "uuid": "dcc13e27-5fc4-484c-bb93-4212d4884cae", "value": "511339950fc73c527dbd14c193a3bd22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859300", "to_ids": true, "type": "sha1", "uuid": "e8f12ec1-a5c8-498c-8ea4-3e6f2c5ce80d", "value": "dda6f46e083001af13da1e1074d8ae4ffc4e8542", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859300", "to_ids": true, "type": "sha256", "uuid": "4147fff4-2a49-4ae6-b3ff-32c151ae51de", "value": "0c4d8159034e7ba32d629d89c6a9dee2d813152bcbc1b875160531b0de9fbee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794586", "to_ids": true, "type": "ssdeep", "uuid": "57446c2b-40f5-44a6-80be-781fb4f2243d", "value": "12288:r+BIAE5gMmloka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIL:r0BOgMiokahcSImWni+BlcIozE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794586", "to_ids": false, "type": "size-in-bytes", "uuid": "2a7b6a44-4907-45a4-90c1-9ab0a1ad0002", "value": "678525" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794586", "to_ids": true, "type": "vhash", "uuid": "57f7f78b-1a95-453d-aa07-3a41d8fe7b28", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794586", "to_ids": true, "type": "filename", "uuid": "a7668f9e-9a78-4c13-ad02-c2d27b8f2697", "value": "511339950fc73c527dbd14c193a3bd22.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794586", "to_ids": false, "type": "text", "uuid": "084cbdb8-7c1a-4f36-b2b5-754a59394c25", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859301", "uuid": "a71b4b5b-98f5-4992-9950-49624ea2eb1b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859301", "to_ids": true, "type": "md5", "uuid": "7c2885b5-8383-4333-8e9e-b004e26fef90", "value": "5b509141fa0795f9a4fe5ab5de7d78bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859301", "to_ids": true, "type": "sha1", "uuid": "5db892d3-3142-4346-802d-7edf606086ab", "value": "6b89f5446a6b48e0ac3efb5b641add8b756cb8f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859301", "to_ids": true, "type": "sha256", "uuid": "70c63ef8-bb7f-4913-8115-1830d1b0e8b6", "value": "f23b208fb7adc11934b6596132cc966199237e9deafeb1e9a8b68ef6ab9d9951", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794608", "to_ids": true, "type": "ssdeep", "uuid": "881c9927-98e3-46e6-ab09-3dd094d0a757", "value": "12288:6ABIAE5gMALoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIO:66BOgMCokahcSImWni+BlcIozJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794608", "to_ids": false, "type": "size-in-bytes", "uuid": "7b67333d-eba4-479e-a53c-ff00124ee20e", "value": "678523" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794608", "to_ids": true, "type": "vhash", "uuid": "8a614743-4ce1-4254-b326-b9eb71e5bfe4", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794608", "to_ids": true, "type": "filename", "uuid": "7234e8ed-f86d-4f4e-8537-21265c386a8d", "value": "5b509141fa0795f9a4fe5ab5de7d78bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794608", "to_ids": false, "type": "text", "uuid": "f6e73102-f9f1-457f-a43d-8e52555f4b17", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859302", "uuid": "5812bcae-8c26-40ef-933e-cc33237ce505", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859302", "to_ids": true, "type": "md5", "uuid": "16c22536-154f-4605-b7f6-aeb58fdd641b", "value": "734e802406b99421964d550bd0fe190e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859302", "to_ids": true, "type": "sha1", "uuid": "bcf7a9ba-3d18-4d93-b3c1-df2e39de2e53", "value": "74c10c0b3d944012088dffc9cac96656f54b996e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859302", "to_ids": true, "type": "sha256", "uuid": "57f8acd5-5e63-4a04-8102-b1ace16bb93a", "value": "a3a3057d55288c4f3012613d7aab07a44aecc4f2c9d9cf7d77062d8887612aaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794629", "to_ids": true, "type": "ssdeep", "uuid": "5d8acc94-5284-4ab9-955b-f61b498817b9", "value": "12288:ZFBIAE5gMACoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfI+:ZDBOgMrokahcSImWni+BlcIozl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794629", "to_ids": false, "type": "size-in-bytes", "uuid": "a35a5242-6fa8-4640-b91d-8bdffd7913c8", "value": "678505" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794629", "to_ids": true, "type": "vhash", "uuid": "0b6caf04-1cbf-438d-a5e0-d24a5c1ccd16", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794629", "to_ids": true, "type": "filename", "uuid": "ec0786cc-e786-4fef-aa42-61b95abab51f", "value": "734e802406b99421964d550bd0fe190e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794629", "to_ids": false, "type": "text", "uuid": "8d0ee300-92f2-4344-afd5-a75be21d2412", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:35/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859304", "uuid": "22ef6daf-3e89-442d-83f6-84f3b2e5e977", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859303", "to_ids": true, "type": "md5", "uuid": "14e8b523-b75c-4da5-834a-2251fdaeaa84", "value": "63afd8450b5d21cf17b122946bbc706a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859303", "to_ids": true, "type": "sha1", "uuid": "74cc6e03-bc8a-41df-a37d-8fefb9a405d5", "value": "f15273a9447adc02e91f350a2c725f533acffa05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859304", "to_ids": true, "type": "sha256", "uuid": "367f4ead-b705-461d-881e-8cb10b36ca13", "value": "27a234b00336660684a48a36e51316faf80446e0bc1989d8c18549a79e337d46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794650", "to_ids": true, "type": "ssdeep", "uuid": "ea567cd2-cae7-4be0-95b0-30ee35863603", "value": "12288:wpiGHCl74y+DEmarXQHaI3sf4lQnO97vvAGbdmvcCh3bMR511rWCT:wptV49QHh3skX9DYAmv5oRrVzT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794650", "to_ids": false, "type": "size-in-bytes", "uuid": "2fa389c8-4584-4aa4-a442-96ae2a0cef2a", "value": "632458" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794650", "to_ids": true, "type": "vhash", "uuid": "f3d2f56e-5b19-4f59-8e79-25b13a4d29bf", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794650", "to_ids": true, "type": "filename", "uuid": "1e093ede-d354-44e3-9c6e-5754a44b85c3", "value": "63afd8450b5d21cf17b122946bbc706a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794650", "to_ids": false, "type": "text", "uuid": "be10c349-7e62-4d35-af70-45a481a5dba4", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859305", "uuid": "29902237-b87c-4984-a20d-2be00eaff728", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859304", "to_ids": true, "type": "md5", "uuid": "9955b9c1-528c-4f89-ac85-b1570264a5b7", "value": "99dcb9519e16fd9617fe470a3ada5e8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859305", "to_ids": true, "type": "sha1", "uuid": "d9a126e2-54a2-451a-993a-a3c0cc7ac9eb", "value": "e4606d7e05bfa4d5546a5ab2f323785b6ab0b3a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859305", "to_ids": true, "type": "sha256", "uuid": "9d45596e-9b76-4874-b8eb-12355802e388", "value": "c2bd21cc17e25c0367b8dc40e950d5400dd97bdc9fe27d987f8ea8c867515899", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794671", "to_ids": true, "type": "ssdeep", "uuid": "ecaea145-e228-4b5b-8505-d2da9432adb5", "value": "12288:pOCpWgD84zglI0H5UYiA9OVe7my+DEmarXQHaI3sf4lQnO97vvAGbdmvcCh3bMR6:pOCpr8Cgi0HuqOh49QHh3skX9DYAmv5v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794671", "to_ids": false, "type": "size-in-bytes", "uuid": "d24a0422-a4fd-47e3-9f9e-f23fc9220912", "value": "764284" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794671", "to_ids": true, "type": "vhash", "uuid": "286ed709-c804-4c07-8d22-58086f205221", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794671", "to_ids": true, "type": "filename", "uuid": "a899f291-7f5e-4dfa-b7e9-144931e9f57b", "value": "99dcb9519e16fd9617fe470a3ada5e8f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794671", "to_ids": false, "type": "text", "uuid": "245708fa-9c38-4316-bd98-69d6452540de", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859306", "uuid": "d1f3036c-7288-40a4-9d2a-60cb69009a15", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859306", "to_ids": true, "type": "md5", "uuid": "82844fcb-9141-4224-b1e5-d3f995d3513c", "value": "ef9254c322fb4726e9d2832aeed9cd1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859306", "to_ids": true, "type": "sha1", "uuid": "4009cfa6-eb36-483c-a946-bc55bb30e776", "value": "cc2264f3c7a848709edd476c726eea2c303d5e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859306", "to_ids": true, "type": "sha256", "uuid": "2beb08b8-0ca1-48c3-8199-0d230cfd6483", "value": "c350101932df993bc177205a9d0f12ec0b0bfe876bae5065aa2fcfc374d0a8b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794693", "to_ids": true, "type": "ssdeep", "uuid": "1fd462ee-b9ea-468c-bb27-6bfcf57c0c02", "value": "12288:kVBIAE5gMGooka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfI+:kTBOgM7okahcSImWni+BlcIozd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794693", "to_ids": false, "type": "size-in-bytes", "uuid": "91fedb71-2aa3-4aa2-8c19-a91ab9e58508", "value": "678526" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794693", "to_ids": true, "type": "vhash", "uuid": "b662b2fc-f979-40f4-b415-9a49b008acbb", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794693", "to_ids": true, "type": "filename", "uuid": "9bd93236-1d9a-4925-adcb-840f68f85d2a", "value": "ef9254c322fb4726e9d2832aeed9cd1a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794693", "to_ids": false, "type": "text", "uuid": "d5da5bcf-a707-4997-b54b-b7a39ebc20ca", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859307", "uuid": "7e3930be-93bf-403b-b78f-87522ec9af9f", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859307", "to_ids": true, "type": "md5", "uuid": "e345b09f-5e26-448c-b1f4-2b4810819a01", "value": "2016a2b4d54476d4b65e8d726a9f6581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859307", "to_ids": true, "type": "sha1", "uuid": "df463690-54ec-4a87-9961-2610c177eaad", "value": "c703345fd302bb718675896473967b25751dba0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859307", "to_ids": true, "type": "sha256", "uuid": "a30ed88a-b368-4310-90d9-9d240edba595", "value": "d9b362039562f1d6ec4b89dadf0df59cfb38154e17b9dbd25ab2a1a6f2788593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794714", "to_ids": true, "type": "ssdeep", "uuid": "2cb73193-c774-403a-89bc-7bbf6b88259c", "value": "12288:ZRiGHCla5JgkeWJi2d2h1OetPC0bCmmefWDfuyKn:ZRt+aiIWMetQmPfWDfKn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794714", "to_ids": false, "type": "size-in-bytes", "uuid": "150a8806-29d4-4397-8d41-c630135073ad", "value": "632530" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794714", "to_ids": true, "type": "vhash", "uuid": "5b0ec4ce-d390-47a7-8701-d166b181cca1", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794714", "to_ids": true, "type": "filename", "uuid": "d368ee88-54b2-49fe-8c60-2e342dd2ff0f", "value": "2016a2b4d54476d4b65e8d726a9f6581.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794714", "to_ids": false, "type": "text", "uuid": "e7c2250c-3b61-4740-afe1-552402b8f89d", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859308", "uuid": "51a230a2-335f-46de-aba2-a742b9177a51", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859308", "to_ids": true, "type": "md5", "uuid": "14ce5ce6-3184-4065-8679-e6bcda4e172c", "value": "15dc9c880bf8105c743b5690b09536ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859308", "to_ids": true, "type": "sha1", "uuid": "3975f073-611a-498d-8d72-123fc82ec721", "value": "7b091f30fff28aa41afd61caec11e6e5a6e7d9e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859308", "to_ids": true, "type": "sha256", "uuid": "2327122a-d324-4ec1-a902-0f64e4a8448a", "value": "1013859204323db0dd2b23e6dca8aa6bb697d938900f0670ac2dba239992e4f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794736", "to_ids": true, "type": "ssdeep", "uuid": "11f87a7a-1ed5-4f6a-8b83-41be1510791d", "value": "12288:owQXJe/xWtcLydGJcHy+DEmarXQHaI3sf4lQnO97vvAGbdmvcCh3bMR511rWCo:ofXc/4y2GJc49QHh3skX9DYAmv5oRrVM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794736", "to_ids": false, "type": "size-in-bytes", "uuid": "13824280-28dd-47c3-934e-7cd3c528faca", "value": "764014" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794736", "to_ids": true, "type": "vhash", "uuid": "7b01fdc5-da5d-4bc0-8993-74306d81da14", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794736", "to_ids": true, "type": "filename", "uuid": "822dc815-a48f-4cdb-b84b-1ad0ea42cb88", "value": "15dc9c880bf8105c743b5690b09536ae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794736", "to_ids": false, "type": "text", "uuid": "8234648b-6622-4fe3-99ee-9c62c9a230c7", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859309", "uuid": "301ccd31-bf32-4d9d-9f53-f37541b1531b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859309", "to_ids": true, "type": "md5", "uuid": "cba1b2ba-adb9-4a69-a57a-cd921e647060", "value": "7db8c267e453c02930111a9688ba1fd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859309", "to_ids": true, "type": "sha1", "uuid": "0183d174-51df-406c-a0c5-93b8e69aa0a8", "value": "2f78757c9ba96a48f7014371fb1784c7c4508367", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859309", "to_ids": true, "type": "sha256", "uuid": "8acf4595-3987-4c9a-8848-d2225801eeb2", "value": "8e962def531e17288544e4a66096fa9fbba2660710303c2425ab44b6348cd605", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794758", "to_ids": true, "type": "ssdeep", "uuid": "dea612b1-da89-486f-9d1d-1c8ac483f683", "value": "12288:gRiGHClhty+DEmarXQHaI3sf4lQnO97vvAGbdmvcCh3bMR511rWCM:gRtC49QHh3skX9DYAmv5oRrVzM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794758", "to_ids": false, "type": "size-in-bytes", "uuid": "b079e575-a14d-4005-bb2d-7fe729d3c987", "value": "632490" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794758", "to_ids": true, "type": "vhash", "uuid": "21e127f6-32c8-42bd-84d0-0639578cc58f", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794758", "to_ids": true, "type": "filename", "uuid": "b3662e4b-eded-4c5a-adc7-c981e55f9843", "value": "7db8c267e453c02930111a9688ba1fd8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794758", "to_ids": false, "type": "text", "uuid": "468c4bdc-f448-4f32-a355-70d73ecae807", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859310", "uuid": "792c0f54-19d0-446c-bbfe-8cea36be56cb", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859310", "to_ids": true, "type": "md5", "uuid": "53b32757-0d9a-47a5-8f83-5e74c804d77e", "value": "86f7e129f2eae2e485af34b94ac72a1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859310", "to_ids": true, "type": "sha1", "uuid": "ffd99ff0-dc17-4332-8c3c-1e429ee30800", "value": "b67f28ef3a23e0a0e3f4a6d3e0478cc81059e2df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859310", "to_ids": true, "type": "sha256", "uuid": "0656b1aa-28ac-4f18-97bf-eaeac648210b", "value": "9475d241d2dd4f24b1cba76fa912cf7dabda5c544018ab69a22817c074566731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794780", "to_ids": true, "type": "ssdeep", "uuid": "06f87049-69b3-4ec4-86cb-9e38328e406f", "value": "12288:GGQXJe/xWtcLydGJqMy+DEmarXQHaI3sf4lQnO97vvAGbdmvcCh3bMR511rWCN:GJXc/4y2GJp49QHh3skX9DYAmv5oRrVR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794780", "to_ids": false, "type": "size-in-bytes", "uuid": "aa35e066-f601-4e77-b20a-7b7f6fdd3432", "value": "764012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794780", "to_ids": true, "type": "vhash", "uuid": "18cc4aed-deb7-466e-877c-ee7325e0fa76", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794780", "to_ids": true, "type": "filename", "uuid": "0b9724a7-c960-449c-ba83-c35b1e350711", "value": "86f7e129f2eae2e485af34b94ac72a1f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794780", "to_ids": false, "type": "text", "uuid": "f6685a8b-7ae4-4732-b2b2-43360d3ae05a", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859312", "uuid": "56e1d52b-7665-4f6a-8572-b7ed9cfc1810", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859311", "to_ids": true, "type": "md5", "uuid": "2158ee5e-38c8-427d-a5ec-4a7ba2da8835", "value": "752a57b67fe9e33520bff3194fdf90d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859311", "to_ids": true, "type": "sha1", "uuid": "6b307529-1c3f-4044-9754-5d26d24acca9", "value": "a1f8837d7e4745df39bfb35434860d2366c65301", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859312", "to_ids": true, "type": "sha256", "uuid": "b55481c4-73f3-4c88-9876-c9b5fa37b7ed", "value": "468b41e0a1939d7fa473e6394d995dafc9de6c6e5bf6ddce6bf6a7a32d29b6c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794801", "to_ids": true, "type": "ssdeep", "uuid": "37d63474-d2a3-4e30-b92b-8a0989676a8e", "value": "12288:/MBIAE5gMq5oka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIk:/mBOgMmokahcSImWni+BlcIoz/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794801", "to_ids": false, "type": "size-in-bytes", "uuid": "44464def-749b-4ddb-a36b-61f2eb979b85", "value": "678506" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794801", "to_ids": true, "type": "vhash", "uuid": "8c9718a7-cf35-4781-b578-804f00c6d0dc", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794801", "to_ids": true, "type": "filename", "uuid": "b7a9648b-3f23-4353-8959-25bd0e546f4c", "value": "752a57b67fe9e33520bff3194fdf90d6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794801", "to_ids": false, "type": "text", "uuid": "4e28a197-2120-484a-adff-b154d59404e0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859313", "uuid": "986f89d7-af3e-48d8-b6af-dd7ca93d86e6", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859312", "to_ids": true, "type": "md5", "uuid": "f2ae9c8a-96bb-4668-b511-1c46cd9bf58e", "value": "a1dc9834f031406a7553a63953ebc474", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859313", "to_ids": true, "type": "sha1", "uuid": "99e35a4b-9e4b-4a89-804e-aa5537f39e7c", "value": "465ef90ed1b178b9fa0aa193dbab2a42aa4c8b15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859313", "to_ids": true, "type": "sha256", "uuid": "88e7c046-9a1c-42a2-8212-033f4efa2484", "value": "c169f3accfef46c692ffb19ef844e329fca01ede32cd14c20b8bedc6b9b92905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794822", "to_ids": true, "type": "ssdeep", "uuid": "d84de181-4bc1-4b5c-93a1-9b1993000789", "value": "12288:29BIAE5gM3roka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIy:2rBOgMbokahcSImWni+BlcIozt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794822", "to_ids": false, "type": "size-in-bytes", "uuid": "fbaff65f-031e-4889-94cf-420946b534c3", "value": "678527" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794822", "to_ids": true, "type": "vhash", "uuid": "592f0564-ae5f-4800-83d8-07329e59adbe", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794822", "to_ids": true, "type": "filename", "uuid": "7bff89ca-08a7-41d5-b7ca-315d0ebb96b7", "value": "a1dc9834f031406a7553a63953ebc474.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794822", "to_ids": false, "type": "text", "uuid": "8a5ed4fe-3ba1-4036-b73b-0e92423ee21f", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859314", "uuid": "d9d80fab-7f78-46f9-a278-1362dd9479d0", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859314", "to_ids": true, "type": "md5", "uuid": "e5e7752a-df4a-450b-ab31-6f8fe05e6b24", "value": "2f78ea4f04de6fb5a1447031d95b6630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859314", "to_ids": true, "type": "sha1", "uuid": "f953e2d4-b4cf-4842-99b6-2ff634a6b448", "value": "048f450b9611011bb71444f46262f37ca53aded3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859314", "to_ids": true, "type": "sha256", "uuid": "e87e2c7c-3777-4051-9da6-172e5d5c7c6b", "value": "3ba33ece220fc3d69ac3b51bf4f761859a4be5713fce0b505f6bef4b88c9b3a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794843", "to_ids": true, "type": "ssdeep", "uuid": "bd704417-0a4b-4b64-bc8e-5cf7955c88cd", "value": "12288:0WBIAE5gMVyoka40Oi8peFQEEqIvhUQLniYNSokO3cIXuTyBanFfIM:0cBOgMsokahcSImWni+BlcIozf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794843", "to_ids": false, "type": "size-in-bytes", "uuid": "b750d30d-1320-408a-a0eb-c17a7ff0100b", "value": "678534" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794843", "to_ids": true, "type": "vhash", "uuid": "f8059e77-f6e0-43f6-948a-8cf0cd9c5c24", "value": "571ccbb515be8b813668e455a180ddc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794843", "to_ids": true, "type": "filename", "uuid": "af39e2cc-63a4-4040-a297-e75f57d87b99", "value": "2f78ea4f04de6fb5a1447031d95b6630.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794843", "to_ids": false, "type": "text", "uuid": "57328d1b-935f-4055-9b78-6c5ed668dc55", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859315", "uuid": "4820db6f-3c87-4771-a2d6-33d6fb015646", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859315", "to_ids": true, "type": "md5", "uuid": "194e4b71-4c2d-4a05-bd7a-c4911147bbbc", "value": "e0fb804b15d08c88fab9531c24d624d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859315", "to_ids": true, "type": "sha1", "uuid": "6baebca9-5960-435b-8976-aa9e29446c42", "value": "6760fd139d51961d9786f9a609ad4c173f9317ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859315", "to_ids": true, "type": "sha256", "uuid": "468d3c4f-e565-4f94-8635-5dbd102b982c", "value": "08395c920621cb2d3dd286bd0c05424e5756b84f08905d9a28b1ca0b9cc5cc2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794865", "to_ids": true, "type": "ssdeep", "uuid": "d8ab2b37-3537-4aa7-b062-8c515272ccd7", "value": "98304:1BgPZ2elp/JV3il7Pq5PIxv5oWFzW2kvvGORbw6sWkf+sYO8a:bgPZVRV27+Ps5rCH2f23a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794865", "to_ids": false, "type": "size-in-bytes", "uuid": "c15e2fbb-10c3-407d-8ad7-3e2e947472e9", "value": "4952467" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794865", "to_ids": true, "type": "vhash", "uuid": "93a62c8d-766f-4571-b795-529afe945963", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794865", "to_ids": true, "type": "filename", "uuid": "d9bb707c-3d6e-472b-844b-b11d344d817e", "value": "e0fb804b15d08c88fab9531c24d624d0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794865", "to_ids": false, "type": "text", "uuid": "a643e490-8a3a-4893-b851-6bae10554039", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859316", "uuid": "a0ff9848-92f5-4c03-a926-fe18ff10877b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859316", "to_ids": true, "type": "md5", "uuid": "475328db-b8af-448c-b17b-0cda1f3011b9", "value": "cfed1cb18a1664049604a5b295a929fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859316", "to_ids": true, "type": "sha1", "uuid": "699999c9-44ac-42b5-bc99-218e03b0ab90", "value": "9bccbdee2254819957a166bf6a64eb5e6a8d5cac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859316", "to_ids": true, "type": "sha256", "uuid": "1145f4a5-c268-46c8-b998-e7c514cd838d", "value": "1d8e82640af7b589c0a5e16342536880184d0a7b67293bccf869e47afaa48cf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794886", "to_ids": true, "type": "ssdeep", "uuid": "1b72de19-99f4-4d1b-9cd3-d5e5d7dbfd04", "value": "98304:a2gPZ2elp/JV3il7Pq5PIxv5oWbTIY1rvGORbw6sWkf+sYO8E:lgPZVRV27+Ps5eYxH2f23E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794886", "to_ids": false, "type": "size-in-bytes", "uuid": "b07dc89f-a27b-4b19-8390-69817db6102f", "value": "4953216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794886", "to_ids": true, "type": "vhash", "uuid": "efa099e6-cc7a-4e2c-b07c-448d2e7ce805", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794886", "to_ids": true, "type": "filename", "uuid": "5f911467-faf5-403f-89a6-21aa665fdc2e", "value": "cfed1cb18a1664049604a5b295a929fc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794886", "to_ids": false, "type": "text", "uuid": "a5c5e794-48c4-4edc-913e-088be8988bb2", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859317", "uuid": "9c1ef8d8-1ddd-4a3b-90f9-53b9e2bf5bb9", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859317", "to_ids": true, "type": "md5", "uuid": "5e6cce0b-44cf-4cdf-a756-f3321551f617", "value": "3a774b9e0fb2c7831310c1fc346e3774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859317", "to_ids": true, "type": "sha1", "uuid": "c9eeefe8-78c0-4710-bc24-5c55cc9c1962", "value": "fd99270e56cfefa94fd5a3b56eedb2b72c5a3e3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859317", "to_ids": true, "type": "sha256", "uuid": "3d8633bf-13b2-4906-a8b3-9b90103724d6", "value": "6d21696288c55eca4058c178eca35f0f84b886da913c0bf76ccd9195e6952fe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794907", "to_ids": true, "type": "ssdeep", "uuid": "ce23725c-2198-492f-8a95-a80d2ca58b65", "value": "98304:nngPZ2elp/JV3il7Pq5PIxv5oWzvHStvGORbw6sWkf+sYO8s:ngPZVRV27+Ps5pyZH2f23s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794907", "to_ids": false, "type": "size-in-bytes", "uuid": "9e14e885-cfb8-41ff-8a3b-4c062242b885", "value": "4953590" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794908", "to_ids": true, "type": "vhash", "uuid": "1579b692-4e20-4aed-92c3-459e6f56d5de", "value": "421b20e239765c52bfa1d7507aa2ca17" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794908", "to_ids": true, "type": "filename", "uuid": "b3f8899f-d88d-4b6c-8271-075eb9fb5b0a", "value": "3a774b9e0fb2c7831310c1fc346e3774.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794908", "to_ids": false, "type": "text", "uuid": "7cde542a-d37b-46f5-b78a-3e71de42fbd9", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859319", "uuid": "2df3c406-090d-4f87-8abb-f6e4cb51c6e4", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859318", "to_ids": true, "type": "md5", "uuid": "8b56b357-aace-447d-8c60-60a80ca9bbc3", "value": "99783478bc4abf798c5e4dcd39554672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859318", "to_ids": true, "type": "sha1", "uuid": "1714d523-ad80-4406-a8b7-4ec47f1eb47f", "value": "ba3870f2266e314acf1e78ec7215a9fcffb8fa36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859319", "to_ids": true, "type": "sha256", "uuid": "72cdde58-9c7b-4b2a-8e3e-1f393d8ed7c9", "value": "d0593f28f3dcb1d0e86d49be591b1f4a07e393027ae0a0a2802ecef9f5412f29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794929", "to_ids": true, "type": "ssdeep", "uuid": "aacf1c41-01c3-4711-a4db-67a8912a9659", "value": "12288:Rli3HmCITDfZEhISj4xc6lufIOXpUWrTvk77Z:7i3mtTscc6ltspUZ77Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794929", "to_ids": false, "type": "size-in-bytes", "uuid": "f7ca2118-672e-4700-8f82-9f1864111ecf", "value": "585355" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794929", "to_ids": true, "type": "vhash", "uuid": "b3bc9942-00c4-4abf-9b5e-ed435f432d4b", "value": "f78842381043c5c1579374674ced3f38" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794929", "to_ids": true, "type": "filename", "uuid": "ae49f02e-69f0-4e78-9eca-5b9587fbfbac", "value": "99783478bc4abf798c5e4dcd39554672.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794929", "to_ids": false, "type": "text", "uuid": "755dd5c8-0037-48cf-91df-d850fe554967", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859320", "uuid": "e86c7abf-a87d-4da4-b4f1-bcf32dcf9896", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859319", "to_ids": true, "type": "md5", "uuid": "1c1bc797-092d-45f5-a7ef-fcc725283f5e", "value": "d0d2e10ac1fee22044b1f120014ce035", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859320", "to_ids": true, "type": "sha1", "uuid": "c5fdd3db-72d9-463a-93d3-9edb8eb00795", "value": "f4e9952991b5b9b77825d4ef88c944e8f61596af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859320", "to_ids": true, "type": "sha256", "uuid": "60babd85-e0d3-49ad-8ba8-c8d6e5309357", "value": "1f29d7b64baf0edc595b6809efe978e805330838e42ce4ef61a97eaea461d961", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794950", "to_ids": true, "type": "ssdeep", "uuid": "da287062-7747-44e6-a286-7323d6b4fff8", "value": "24576:kX3mtTscc6ltspURvqcM4Kbf6soZ/9jg548XEJ:kX2lC6rLRvqcJ0f6FBO5480J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794950", "to_ids": false, "type": "size-in-bytes", "uuid": "d67f0f3e-cd57-4236-9a39-c470d7e90ef7", "value": "1034120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794950", "to_ids": true, "type": "vhash", "uuid": "7256152f-7ed6-4cc8-b930-68d77a48c15b", "value": "ae6038ecb4b27ba8eeb0d2c6af27559b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794950", "to_ids": true, "type": "filename", "uuid": "d044c446-6fca-458f-8f4c-3b03327c910b", "value": "d0d2e10ac1fee22044b1f120014ce035.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794950", "to_ids": false, "type": "text", "uuid": "e710a148-4373-4b9e-b46e-de351a700993", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859321", "uuid": "9a7f5b35-afb3-42e3-bfcd-1fa64aaab2db", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859321", "to_ids": true, "type": "md5", "uuid": "d467feeb-14d4-4d16-9982-4fd8a13f2450", "value": "0400749718952fdbd620a81dfbe7a249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859321", "to_ids": true, "type": "sha1", "uuid": "8640046b-63c9-47ed-a001-a0bcab7bab6c", "value": "f17826b9a8e1f0a786e08b60efbe52950ce16722", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859321", "to_ids": true, "type": "sha256", "uuid": "81a3e46a-28a0-4005-b7df-9ea8b6be70ae", "value": "b95907008fd3289e8f4b890c920e4ca478a353f8d6923034270718ba64f690ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794971", "to_ids": true, "type": "ssdeep", "uuid": "88a237b9-c420-4e3e-a874-b56eb459335b", "value": "12288:EszC43xOUth8RcNUMsrmoGlvXXFJt5aUpuV9Lh1jnqc7F:EszC4BOUth8RQUM5hB7raUcnh1jnN7F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794971", "to_ids": false, "type": "size-in-bytes", "uuid": "6505a772-5c64-4d8d-ac4b-9f4b531518e2", "value": "657110" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794971", "to_ids": true, "type": "vhash", "uuid": "f6d3bdd3-fee9-47df-8b09-9086da5604c7", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794971", "to_ids": true, "type": "filename", "uuid": "91e72320-a486-4924-bdcc-02e771c7bcf3", "value": "0400749718952fdbd620a81dfbe7a249.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794971", "to_ids": false, "type": "text", "uuid": "39fa2895-ebbf-4f34-93de-70dd8112e7e0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859322", "uuid": "44925234-5c66-4719-9cec-66de727dbea4", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859322", "to_ids": true, "type": "md5", "uuid": "7c1c750c-b57a-49b9-beee-48dd2ffe06ef", "value": "e0911a931cfde0cfc4f7356b0b22a498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859322", "to_ids": true, "type": "sha1", "uuid": "a272ab60-592b-4719-a8ed-e967e6c66959", "value": "f063e2320d77ee66a2fab624a4536bbf252384d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859322", "to_ids": true, "type": "sha256", "uuid": "c471e7da-4593-47a2-a0ab-cd6731d614a8", "value": "7ae40fcb6c240c0c76eba0c2376d0731b9e7f380c03cd5f24aa5b9b95dd9764e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740794993", "to_ids": true, "type": "ssdeep", "uuid": "cc0c453a-d9ba-498a-a4be-14abe45a22a9", "value": "12288:g+fjlowwn4DarOUth8RcNUMsrmoGlvXXFJt5aUpuV9Lh1jnqc7A:g+hSn4mOUth8RQUM5hB7raUcnh1jnN7A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740794993", "to_ids": false, "type": "size-in-bytes", "uuid": "f30ca49c-1ce7-4c43-8e65-8f25a4a7c8c3", "value": "678507" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740794993", "to_ids": true, "type": "vhash", "uuid": "9850aa8a-c88f-4266-a8ef-79f316537d12", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740794993", "to_ids": true, "type": "filename", "uuid": "d74d8462-8fce-471f-8cff-b51721c2ba8a", "value": "e0911a931cfde0cfc4f7356b0b22a498.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740794993", "to_ids": false, "type": "text", "uuid": "4bf99eae-02a2-425c-bac8-b2a546007b41", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859323", "uuid": "0fca6c11-20cd-4023-8488-c1cc870fcace", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859323", "to_ids": true, "type": "md5", "uuid": "9fe4a6cc-9bc1-4228-beec-7101fddae70e", "value": "6aaece3209d0dff440006b6307ff37b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859323", "to_ids": true, "type": "sha1", "uuid": "222d56db-0fb7-42e8-b066-fcc1f43d49c7", "value": "a30c7eb9fdfca04518bbed9f25b086ecaaaa2e68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859323", "to_ids": true, "type": "sha256", "uuid": "164be806-0324-4d7e-8bcf-2a601aa0d951", "value": "9be64f5fc4cb2de6ba9b0dc67752bf31b85f7b41a0479c38d589b47eeebee2c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795014", "to_ids": true, "type": "ssdeep", "uuid": "d5c8d4f9-8c16-4aad-8cd8-32f8837a327d", "value": "12288:TwYNQPTkaGBriyHZX4BGZOoYzXzhAkTCTMY0Xzybmw:TMkZiANJZOoOXewCZOzwn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795014", "to_ids": false, "type": "size-in-bytes", "uuid": "b33f5a5a-30f6-4e03-bd9d-68741ca18db1", "value": "634667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795014", "to_ids": true, "type": "vhash", "uuid": "147ee0f8-79e2-4fb8-9d94-74506f5d8075", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795014", "to_ids": true, "type": "filename", "uuid": "2d0d4d68-b4eb-4518-b6a4-876651b585f3", "value": "6aaece3209d0dff440006b6307ff37b9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795014", "to_ids": false, "type": "text", "uuid": "49a4deec-5b33-4841-8bf4-8dac1f31ad2c", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859325", "uuid": "ed089d0f-e2fa-4373-a7e3-64fb223e1923", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859324", "to_ids": true, "type": "md5", "uuid": "f8c7b03d-36ef-4df6-a6ca-d17b545d7cd7", "value": "3671f708576e750aa6b7d5f7837758f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859324", "to_ids": true, "type": "sha1", "uuid": "963cae5e-552e-4f95-8b90-fe7b013c83b2", "value": "7f2a4225291abfaf317b342e925af9f6184c6e9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859325", "to_ids": true, "type": "sha256", "uuid": "dc0cb5fc-8fbb-4c05-819c-797bd0ea98cf", "value": "32b7880651114c0af7b2dfd8f55ebeaaf8292232a4f34bf67e2fec9221c45e1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795035", "to_ids": true, "type": "ssdeep", "uuid": "20d6f0d8-46eb-4868-bee6-09b9f2c2df20", "value": "12288:jq77KHLXndZs21CscMivAjnHitKVZFcnm9Cw4j:jq77EXdvCsli6nHi2gnmYwe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795035", "to_ids": false, "type": "size-in-bytes", "uuid": "c599d5ca-1183-45df-b5f6-05e1d7afcf66", "value": "585837" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795035", "to_ids": true, "type": "vhash", "uuid": "d57fb3b2-5c91-4be3-be61-415079b86fa4", "value": "139a77364d7116b2ae5803685a4a27dd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795036", "to_ids": true, "type": "filename", "uuid": "6066fbf5-41d1-4e98-b553-2521456334c5", "value": "3671f708576e750aa6b7d5f7837758f3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795036", "to_ids": false, "type": "text", "uuid": "caccca0c-a29e-4a7d-9875-43f044200560", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859326", "uuid": "23041631-17db-4fae-ab15-d01872ee5a36", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859325", "to_ids": true, "type": "md5", "uuid": "f80bfdb8-eec4-4695-bdbd-b89219410c24", "value": "85020848d254f2f3446952b4aca8cfc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859326", "to_ids": true, "type": "sha1", "uuid": "8e687b37-5f4f-43a9-b9ed-948d9e60d12e", "value": "ac90079f7c63bfa595b3e9bb1e60b9f365938e9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859326", "to_ids": true, "type": "sha256", "uuid": "5f4e3595-52e0-4a89-9a14-8f327c5ca504", "value": "54a0906638311c31ec20d889a20e388b99ab0171f4148cd390a0a6da23ddbd0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795057", "to_ids": true, "type": "ssdeep", "uuid": "cade8332-7c79-4052-bd32-3f1539b7830a", "value": "12288:yxfw/yny/OyjzR8eeZugRjZNEyqp+QXhVDfr3rAz8vDDyVwY9/XT1jeIa9Bl7YFK:yJnSjz6eeMgRFzqpNTrLKwYBXVu9XcFK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795057", "to_ids": false, "type": "size-in-bytes", "uuid": "64ab2b7c-593f-4ffd-a59e-b30fe138110c", "value": "674402" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795057", "to_ids": true, "type": "vhash", "uuid": "10388987-ca7d-49cf-93cf-d2ac342de75b", "value": "e3ee368dabe128c24f8569bcf7fe7121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795057", "to_ids": true, "type": "filename", "uuid": "34b14c8e-566e-4b44-a7c1-bf04f5d7d4f8", "value": "ac90079f7c63bfa595b3e9bb1e60b9f365938e9a.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795057", "to_ids": false, "type": "text", "uuid": "0e28388b-f25c-4c92-9278-f40db024ca80", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859327", "uuid": "0bab2203-aada-4276-bf77-41e759cab093", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859327", "to_ids": true, "type": "md5", "uuid": "060f2e26-3402-4a21-84e7-89d95f5cd8a5", "value": "21c7658ea380c6cb7458343d966cd4e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859327", "to_ids": true, "type": "sha1", "uuid": "c2c0d7d8-ac7b-4fcc-bde5-34ec1a2c272d", "value": "ba9bc94a2ff722712f70268264e3e52ee05dc4c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859327", "to_ids": true, "type": "sha256", "uuid": "ba8cbeff-0204-470b-b98a-b3bdd8c7c24d", "value": "6b67576150fbd93a9313fbd582eea2377d021f74f00752a755314e9c675ba12d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795078", "to_ids": true, "type": "ssdeep", "uuid": "71bf90d3-4005-49e0-849e-e7c38809c48e", "value": "49152:4kapILPlc6bygkzTcRMkkv6voBfVirbzCQAJLzCXwjsAU:AqrbjkCMz9V8bzCQ0/CGs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795078", "to_ids": false, "type": "size-in-bytes", "uuid": "a0074306-7834-4b57-933a-9ff3ef80f82a", "value": "2347071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795078", "to_ids": true, "type": "vhash", "uuid": "0431c8ee-59d0-4d7a-9597-ad5be988ded1", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795078", "to_ids": false, "type": "text", "uuid": "1c3587d2-376f-41e6-9b0b-1197317fb773", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859328", "uuid": "858b7f88-a002-47a5-81d3-3046b8b96817", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859328", "to_ids": true, "type": "md5", "uuid": "2c663223-4a56-4dda-86d5-59d1d1cc46fe", "value": "e50c42cc9943beb62629d24b26f3da34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859328", "to_ids": true, "type": "sha1", "uuid": "62221cff-2f8b-42c2-a06d-e9a82d2ed8d5", "value": "0c721159c6e73ede8fcdd398b56e2a2ae33544a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859328", "to_ids": true, "type": "sha256", "uuid": "38edf4d1-5796-47a8-b9e1-5372bf0b7f25", "value": "a5347c04c815a6b3abf7c439c15473a466d3580d975853f02a9196da341c8c63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795099", "to_ids": true, "type": "ssdeep", "uuid": "53a5a2f6-f5e1-49bb-9b25-9f4452e7ff7a", "value": "49152:2kapILPlcBJyusgiJU7lwxXNFqfyywY/RtaeKDUYPlzdSDPmufBym5jpuYstVA7X:GqnZGfyyPZtaeKJlzdSDPXBym5jpzcVM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795099", "to_ids": false, "type": "size-in-bytes", "uuid": "90f61aa7-4633-4d25-bc04-968f8f27c873", "value": "2432734" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795099", "to_ids": true, "type": "vhash", "uuid": "802039ab-c075-4563-be80-a1d66cad5d7f", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795099", "to_ids": false, "type": "text", "uuid": "4db9580e-08df-42fb-adb4-69d4bd24afe6", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859329", "uuid": "9ae63b2a-181b-48b3-918b-e2e0696766be", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859329", "to_ids": true, "type": "md5", "uuid": "298cc78e-c110-4d26-b7f4-2c31b9929aa9", "value": "8124ad692c6a5ab74cf7aab07a936c8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859329", "to_ids": true, "type": "sha1", "uuid": "b06f3e82-3821-4069-8dab-c03892e7a542", "value": "359a0e662eca9f13841387e8b0f3276185d207af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859329", "to_ids": true, "type": "sha256", "uuid": "c11aad11-2491-4ce9-907d-51374aebaa8e", "value": "99b2436019351203b75571655c8e6d9ae7130d70f1614fa1147170d1bfa0bccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795121", "to_ids": true, "type": "ssdeep", "uuid": "20d0e437-9f02-4111-a164-182138d27a69", "value": "196608:dWaUkCdGmRgeLjUCGIRQ2YwfWkskSuXM+D:XlCdrBUCGPCskRM+D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795121", "to_ids": false, "type": "size-in-bytes", "uuid": "b6357ad9-c1fb-42c4-b562-f1097f40ce01", "value": "7917714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795121", "to_ids": true, "type": "vhash", "uuid": "c29494d6-b9aa-43e1-8238-9ff2dc350a35", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795121", "to_ids": true, "type": "filename", "uuid": "668ca219-e3e8-415d-9bea-a840155e6ab2", "value": "VirusShare_8124ad692c6a5ab74cf7aab07a936c8a" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795121", "to_ids": false, "type": "text", "uuid": "61fd210d-dcc6-489d-be44-ef4a7f1ac8d0", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859330", "uuid": "e86d331c-c479-4c6f-a536-d787621c870b", "Attribute": [ { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859330", "to_ids": true, "type": "md5", "uuid": "a2033110-3810-4bcc-b6ac-d714bacc8a20", "value": "6c5a8f6e3a2e57bf95034256b69bdb5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859330", "to_ids": true, "type": "sha1", "uuid": "e91a74c6-702f-4abf-ab18-da6f0231e5fa", "value": "b4612ce01770d280efb3c035c660879674156500", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SilkBean", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859330", "to_ids": true, "type": "sha256", "uuid": "f92e5140-6fff-435b-ac73-0389643e9295", "value": "b9b0d357f84d97cd74d4605adfbf59ee5f8149a342724a4d6f8a0308ca8d38e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795142", "to_ids": true, "type": "ssdeep", "uuid": "c5353861-ec30-432f-9afb-1aeb88566138", "value": "49152:AFxGJZhGkIsj8VyxD2fEoyTd1hXGign1r7MHYB1YuubN:AFxUZNIs4VT5yTTh6oKnuB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795142", "to_ids": false, "type": "size-in-bytes", "uuid": "1ae5b4cd-4344-4373-bfe9-db13ad3f2fd0", "value": "2380692" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795142", "to_ids": true, "type": "vhash", "uuid": "8c4e5326-7683-4ea4-b3cd-7ff778400c02", "value": "130a75217f1c4f4f54bcc9eaea9cff49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795142", "to_ids": true, "type": "filename", "uuid": "3e52fb30-992d-4dff-bece-798202cd6f66", "value": "6c5a8f6e3a2e57bf95034256b69bdb5e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795142", "to_ids": false, "type": "text", "uuid": "f8ea2a7e-a491-4848-aa12-d9eb8dbdf8cf", "value": "SilkBean\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859332", "uuid": "da0fde77-17bf-4df7-a53a-6b0c525e0ba1", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859331", "to_ids": true, "type": "md5", "uuid": "38663f08-b6f7-4459-b8a0-dc1d68b07e85", "value": "521e01a8a66c3ca5da2c34e6fab2ab91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859331", "to_ids": true, "type": "sha1", "uuid": "13c50cf5-d399-48d5-97c9-c1ad1d40d3fd", "value": "4ffc6f6e5d54d2cac14efebcf4d63c0310cce2e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859332", "to_ids": true, "type": "sha256", "uuid": "4f4386f6-92bd-4ef0-8596-cd2a6ed84105", "value": "79925d6ba998b5efb57c66a0b549fdd6e73c62ef567cb3788cf4f497b2342cf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795163", "to_ids": true, "type": "ssdeep", "uuid": "f5c741e0-083c-4c50-ab6c-b449883125f2", "value": "98304:2NYgDjzpDBBzYZxU2bSCnc27kUT9czBddoDUDOtN2nH2RCQ+PMOEqeh:Il3zpvCT7kdzBMNWWI5Pzkh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795163", "to_ids": false, "type": "size-in-bytes", "uuid": "e5188c42-8b07-4f2c-b05b-90361e29f169", "value": "4844656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795163", "to_ids": true, "type": "vhash", "uuid": "02c24a0f-d5fc-4162-95b7-a4c986323ded", "value": "546b94d1c5662d272a8c724b5b71238d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795163", "to_ids": true, "type": "filename", "uuid": "27fcdee5-0d75-4946-a07e-c7bbe4f77801", "value": "521e01a8a66c3ca5da2c34e6fab2ab91.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795163", "to_ids": false, "type": "text", "uuid": "5a725a30-ff7c-4f21-ba27-982c6209b690", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:20/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859333", "uuid": "ecfec0bf-f045-4981-838d-a4e95b7f4ce4", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859333", "to_ids": true, "type": "md5", "uuid": "ed9eb4f1-cfc2-4845-acf8-9edde1ed57fa", "value": "18fdf9b9286217ac7889e7b23405e43b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859333", "to_ids": true, "type": "sha1", "uuid": "d2143a1c-77d1-4a6a-851b-f7a856025236", "value": "19e96c58db322f4d7f4f074fc75a1236cbd44db8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859333", "to_ids": true, "type": "sha256", "uuid": "18761b0d-2e58-4920-952d-01f11914a0d6", "value": "de076c30e5949c333d08e3d24c3fb3c15091934ee0804e2971a6de75343b2070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795185", "to_ids": true, "type": "ssdeep", "uuid": "028950b2-fa51-4cd5-88a4-10a121628341", "value": "196608:IdvIpEvy+1XeWWQQ9yrXmsrI3P16hVhuqZPtvNlZXwlARvXtH8i:ppEv7XehgW3cZ1vHZgSJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795185", "to_ids": false, "type": "size-in-bytes", "uuid": "19de427d-bbdb-4bf4-9ecd-1d292a169ed5", "value": "11492426" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795185", "to_ids": true, "type": "vhash", "uuid": "28f17aa3-986f-4cdb-8208-ac7f86f179c1", "value": "b6f40765a7f84310affceaef27624033" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795185", "to_ids": true, "type": "filename", "uuid": "7444a64b-72a3-480d-b82d-6e9e21363732", "value": "RFA.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795185", "to_ids": false, "type": "text", "uuid": "7a51a121-cf77-4173-a17b-26b39bbdb0fa", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859334", "uuid": "240ccd76-c319-4ac7-91c4-7f2cdfa12f94", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859334", "to_ids": true, "type": "md5", "uuid": "5f9bda81-04e4-432b-930a-f8bd0367dec9", "value": "5a3ad1d4d36d1cb3d3afe171bf9262c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859334", "to_ids": true, "type": "sha1", "uuid": "9a8d2b65-1ce6-4afb-897b-5e1e69e2e77d", "value": "884dda8df2f3a5d85d6475fab3e38f8fdefa2f5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859334", "to_ids": true, "type": "sha256", "uuid": "920b2743-396c-4820-962f-3cbf7939aafe", "value": "1ebee587c6021fad004d394684e5e94ff34b75e8097f99c9fc1af6f352dc72d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795207", "to_ids": true, "type": "ssdeep", "uuid": "3b11cada-e544-41df-8226-9f01658fc92b", "value": "98304:tGfyyPZgaeKJlzdSDPXB+umn19khmo3/aad1WkzeWWgfiruybMdLq:gfVPZVeKJZd+PX/g6y+1XeWWg6gU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795207", "to_ids": false, "type": "size-in-bytes", "uuid": "df8254c7-9aac-4f6d-a969-1feb5d0c1849", "value": "3730911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795207", "to_ids": true, "type": "vhash", "uuid": "e40d8db4-6cbe-4ebd-8a42-63c04f14f3dd", "value": "6f03d80c94a569c8cdde44bf0e033443" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795207", "to_ids": true, "type": "filename", "uuid": "ce1b5290-141a-4fad-832e-b9193f0ee4f1", "value": "1EBEE587C6021FAD004D394684E5E94FF34B75E8097F99C9FC1AF6F352DC72D1.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795207", "to_ids": false, "type": "text", "uuid": "a782da7d-308d-4d83-b33a-5fc9790e4ba3", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859335", "uuid": "90badc16-13b2-478f-9727-63819342a4e1", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859335", "to_ids": true, "type": "md5", "uuid": "98c14809-29df-46e5-9ab9-f067375362b5", "value": "d8172f0e2e1f413e1e13064b1d39884f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859335", "to_ids": true, "type": "sha1", "uuid": "e2e1fd67-6ab9-4583-9bed-9d606e9b1720", "value": "2e52d2cbbfe98702bfbd72efbee5674665472632", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859335", "to_ids": true, "type": "sha256", "uuid": "60ade420-338e-4517-9b8a-1afb9905e716", "value": "c497a2d2af2e52e5121fd2be4756f4bf85f749b363393ef22baa4fc1e608e3b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795228", "to_ids": true, "type": "ssdeep", "uuid": "ff32ea41-53fd-45bf-a03a-651bbe3477e9", "value": "49152:hX/2XK6cbqsasmou5iCKQCLrEady2m1m0kzeF4WUb+UVPB3L5aQz4MnWjB2JY4vz:hTFhmo3/aad1WkzeWWUSUVZ4JB2zvz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795228", "to_ids": false, "type": "size-in-bytes", "uuid": "8b31798c-d056-41e5-912e-ff3fb5936501", "value": "3487281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795228", "to_ids": true, "type": "vhash", "uuid": "91dd3c77-40b0-4992-abee-8743838a34b6", "value": "4312cedd3c45c60101c5e8df32a3aef3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795228", "to_ids": false, "type": "text", "uuid": "0c870bcb-fae4-4366-a8f5-d054693798b3", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859336", "uuid": "d86166a0-3e95-4870-8205-51295ed4bfa7", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859336", "to_ids": true, "type": "md5", "uuid": "dea057ad-0254-422a-9b47-3c54edff45cf", "value": "db26afde9481e9d18fca27ef82ebbc59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859336", "to_ids": true, "type": "sha1", "uuid": "bf27c118-4797-44b0-a83f-069cca6b1a04", "value": "4c108d925d6b0acf1b940bc56034f812a8f53b83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859336", "to_ids": true, "type": "sha256", "uuid": "bebca0d4-4584-4aa4-a2bc-ad52816655fc", "value": "3849ab258e483edfc3334b4e8e118b40811add56dd3d709067bb557d075d1ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795249", "to_ids": true, "type": "ssdeep", "uuid": "2542523e-7477-47da-9759-384116edeecc", "value": "786432:dioAOVk6dKvNXei1Vw+4A8q82BV9tbV0R94u2Acg94NLe0Pv:dXzdKv118qh9tburXJcgq1e0n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795249", "to_ids": false, "type": "size-in-bytes", "uuid": "627f340a-23c2-49a9-8751-75e20d844251", "value": "34422540" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795250", "to_ids": true, "type": "vhash", "uuid": "4516e261-6bed-4062-8f60-1a0b4b2e1ff4", "value": "b01e83a40af1e3ed520a0233616f3e56" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795250", "to_ids": true, "type": "filename", "uuid": "1894823c-2717-4c4a-b0c1-b7d391a61dd8", "value": "3849ab258e483edfc3334b4e8e118b40811add56dd3d709067bb557d075d1ec7.file" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795250", "to_ids": false, "type": "text", "uuid": "f5c3513b-4c66-41b1-8b9f-c554fb491888", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:21/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859337", "uuid": "a1a8dae2-ebc3-47b5-9b88-4244b15e16b5", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859337", "to_ids": true, "type": "md5", "uuid": "1a2f61d4-5c7b-4aa2-990b-bfdc800d84e3", "value": "1f3574a07bd018ab7c7cc94e22282143", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859337", "to_ids": true, "type": "sha1", "uuid": "c14b8ee8-1a27-4701-af44-c873d506cc4e", "value": "d9e61ef6966510920fd2bdce5af33a2e9136cbd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859337", "to_ids": true, "type": "sha256", "uuid": "e1141b28-036f-496f-94cf-993167805ac5", "value": "25058bfed1171ca7f93db746d8678de8bf278b23a26677b3a38f9ed18b960872", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795271", "to_ids": true, "type": "ssdeep", "uuid": "895fb4c6-4761-451b-b6ba-e46bbb981234", "value": "196608:JoCp7RM79K0l3y+1XeWWFhF+HBEtnJ+xLbKJWv4WjFUeu0HPJOqjFCMnytRIq:2Cp130x7XehFhF+HBWJ+xPKJWgMbdvJo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795271", "to_ids": false, "type": "size-in-bytes", "uuid": "f97a49a5-0f2f-49f6-b34e-3d785ee09174", "value": "9779124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795271", "to_ids": true, "type": "vhash", "uuid": "cb122a0f-fec9-446d-a58c-f4c697bff86d", "value": "2aa38bc6c30d31a8a72fefe0dae4ba8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795271", "to_ids": true, "type": "filename", "uuid": "efcd913e-21a2-4d36-b57a-00e3ed96c8c2", "value": "20190520092741_1111.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795271", "to_ids": false, "type": "text", "uuid": "96ccba22-3a8b-453d-8948-9d46bfd19e72", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:26/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859339", "uuid": "9425f1be-9c70-4cf8-ae10-3208386a6593", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859338", "to_ids": true, "type": "md5", "uuid": "f0aca074-ee00-44ec-9d2e-1fa348ab35be", "value": "9f39efa0a8965cfe3256a6c8e748e982", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859339", "to_ids": true, "type": "sha1", "uuid": "71154efd-994b-485b-812c-ac41a64e68b9", "value": "dc9c90b95712911e589764bdf407c6e3c67a8bae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859339", "to_ids": true, "type": "sha256", "uuid": "f65787fe-5c05-4a6c-98ff-e34b967c5dd7", "value": "7f466a95b00d038c09049233a19e5992ad0e056f301dc50c113320e7d8743214", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795292", "to_ids": true, "type": "ssdeep", "uuid": "e9e6b4b0-0dde-4c4e-874e-f2d4ba5a308f", "value": "49152:QYNFqfyywY/RMaeKDUYPlzdSDPmufBKAOnvNh/H+QLWwD9toKNf+JpyR:tGfyyPZMaeKJlzdSDPXBKAOn1hv+2dDh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795292", "to_ids": false, "type": "size-in-bytes", "uuid": "18171e88-f503-4247-99ba-1cb162f77536", "value": "2305949" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795292", "to_ids": true, "type": "vhash", "uuid": "1af84985-da55-41d0-954b-df5eb7eba47b", "value": "053623431f91f5db4395ead43b319044" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795292", "to_ids": false, "type": "text", "uuid": "9e47e07a-5b83-463f-a798-7dda5f8b8141", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859340", "uuid": "9d743a60-268a-434b-843d-b93981d43bfb", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859340", "to_ids": true, "type": "md5", "uuid": "b9b5fc63-54a6-41c5-8fde-2279e231d232", "value": "028f1d245ce15d604d6608a1c7a4f356", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859340", "to_ids": true, "type": "sha1", "uuid": "cd182e02-fb70-4e62-a6e4-104b2ab222d1", "value": "ae599259900433b82692d8b07a696a0c5c3897cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859340", "to_ids": true, "type": "sha256", "uuid": "4c969d4c-6c51-4e66-9846-cb798808d694", "value": "490ed870ee1fa328da38f012b8adcc6677b0348a58b14d9dabdbbf6c41375d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795314", "to_ids": true, "type": "ssdeep", "uuid": "76276053-97e6-4e02-8f01-72c3231840f5", "value": "98304:4r6Ge+2E1g9X20GHrdX6eY+/O5Lyd26/AY36Zs:4r6C2EmlIH5XN/O5Lyd2MT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795314", "to_ids": false, "type": "size-in-bytes", "uuid": "79df52a1-4b56-48b5-b88c-d5ef530693bc", "value": "4609304" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795314", "to_ids": true, "type": "vhash", "uuid": "86f27db7-9722-48e0-9cb4-d61860966f82", "value": "238ca92bbbeca3e3d818a205a3c45d98" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795314", "to_ids": true, "type": "filename", "uuid": "2b3e96c9-ab00-4b47-acaa-7563a9df9308", "value": "028f1d245ce15d604d6608a1c7a4f356.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795314", "to_ids": false, "type": "text", "uuid": "c0d656c3-55ea-45a1-af4c-7bc95bc278ae", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:22/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859341", "uuid": "6d3d54ef-d278-4512-81cb-075f5df46f81", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859341", "to_ids": true, "type": "md5", "uuid": "4552bf66-bb6f-472b-8dcb-063fb671b9c2", "value": "47e2a86cbfd8a372a706846824de825c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859341", "to_ids": true, "type": "sha1", "uuid": "ce907458-7000-44fa-a536-8337730b446e", "value": "bc617634a5a40176c9af6040fe56b1907fb026ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859341", "to_ids": true, "type": "sha256", "uuid": "6827e3f1-5182-4613-abce-f5d4d896627c", "value": "37b9ab8475ef283df88bfff20ef37c517ae81fa12bda5f6dbf4e64a606059453", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795335", "to_ids": true, "type": "ssdeep", "uuid": "20673eb1-05a0-4dd5-adef-e4ac2ddb2f6b", "value": "196608:z+u5fxog0UX1Ij/P49cKnbhxI0RwSerl6Ey+1XeWWshcGy9lwkevPMtpzE5+TDYP:v5fxfk/A9cIjwx7XehsHycvM9ECi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795335", "to_ids": false, "type": "size-in-bytes", "uuid": "dec9897d-01fb-4a56-8aae-2662ff95e032", "value": "11857852" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795335", "to_ids": true, "type": "vhash", "uuid": "0cf1d0ae-4756-439f-a79f-406987d9cbd7", "value": "76b323a450abb97c174f0c7c13dabb0e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795335", "to_ids": true, "type": "filename", "uuid": "fdc1f8e4-d30b-4fe4-9d38-860f5d636805", "value": "air.edu.iu.celcar.uyghuralphabet.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795335", "to_ids": false, "type": "text", "uuid": "f6309221-2f4e-4265-b9ea-4dd87d27a865", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:24/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859342", "uuid": "af01fcf4-dcda-4295-9715-7e8208dafcce", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859342", "to_ids": true, "type": "md5", "uuid": "afeee60c-d4fb-46af-920a-75e5572ea235", "value": "3eb1ec8457a4e49928def648d124704a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859342", "to_ids": true, "type": "sha1", "uuid": "f5748998-466f-476f-8315-48def6cfe3ed", "value": "9814797aab670b7054378c050e35f1a7cb960bd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859342", "to_ids": true, "type": "sha256", "uuid": "5a1c38b7-8be7-41ff-952e-36ca5ae1db06", "value": "0162def83726db32a8d7713d2113f452714bfc57f1956a5de6a268587d0838a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795357", "to_ids": true, "type": "ssdeep", "uuid": "44dd2cae-b408-4dbc-895e-6315745eb666", "value": "98304:hq1sE5W+22EAffwNHJmtWt4AJdNhEzL2855qD4S5:Ajj2YwN8MtFEN5q8S5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795357", "to_ids": false, "type": "size-in-bytes", "uuid": "81824ef2-279b-4ce3-990a-c8b8f1705ebe", "value": "4032602" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795357", "to_ids": true, "type": "vhash", "uuid": "430af381-dbef-4e51-a81c-8b4fd91cbe04", "value": "efb74a9cdc6d181527f87f4677f47c5d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795357", "to_ids": false, "type": "text", "uuid": "ca5d9d56-316f-40f9-bfd2-46abeac2a962", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859343", "uuid": "c1e08390-2404-4322-9ea2-2f36dc18f996", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859343", "to_ids": true, "type": "md5", "uuid": "f431b4ad-5879-4442-b677-038e7ca8dbcf", "value": "b8f04cdd1aed9784052ed034f6dad428", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859343", "to_ids": true, "type": "sha1", "uuid": "3f2d28bc-9aff-4d69-a57f-a40d38e3467a", "value": "8a1594d91c3a795c019f92140d9a5c0a26f4b470", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859343", "to_ids": true, "type": "sha256", "uuid": "009ffb08-9332-4260-b587-eebd47e0bec7", "value": "7b08f8eb3453e68787691de71d0cbdaa30ddc1b0a1f32f866f63fa66554de4e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795378", "to_ids": true, "type": "ssdeep", "uuid": "0a8654e0-5641-47fd-83ac-0c87cc3a81f2", "value": "6144:IQKDlOYelnxRXL86caC4fbWD11taHgqGbKyAHY7X8ay:Jfav4fbWhWgHWlH+May" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795378", "to_ids": false, "type": "size-in-bytes", "uuid": "a4eb57e9-27bd-411e-b6c6-6c86899e392d", "value": "271932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795378", "to_ids": true, "type": "vhash", "uuid": "b1e4f832-0a83-411f-b299-02a9ebdde3b1", "value": "13301ab4723c2e1885793e14e7463ed0" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795378", "to_ids": false, "type": "text", "uuid": "536eb149-e617-4a97-9c55-82364b4aadf9", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Exploit:AndroidOS/Lotoor.A!MTB\nVT Total Detection:34/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859344", "uuid": "5276a27a-c681-4ee0-b641-d68129d2cf6b", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859344", "to_ids": true, "type": "md5", "uuid": "6194c6ad-4234-47b4-bc92-6d4b298173e1", "value": "48a62f69b3be3bdc57caa0778b42649d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859344", "to_ids": true, "type": "sha1", "uuid": "04ca2674-52ba-42e6-8935-21c929d02f05", "value": "e6b0b95f22d843892de6c497819c8099d0c80101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859344", "to_ids": true, "type": "sha256", "uuid": "0fed20e5-32bb-4808-98ad-ef9a729273fb", "value": "ffa95651386087433304a5f3fc519f1f2767c50e8482ba12a236d6a31a7b17dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795399", "to_ids": true, "type": "ssdeep", "uuid": "e017a653-d9ab-4339-9764-135cd3bbb531", "value": "3072:/vJ2UlV36+g1+2ZLZ2nVIMCpfZ3FL7XqV9VN0eg3NG0tx67VOv+c/ydeZG9/L9BD:/gUl8EYN2SM0VfM9v/gdG0tx67c2Aw//" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795399", "to_ids": false, "type": "size-in-bytes", "uuid": "866c93db-83c2-45ab-8626-c7014ce50b06", "value": "192606" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795399", "to_ids": true, "type": "vhash", "uuid": "de835224-e6de-41b6-8f24-d3157626bdba", "value": "4eed10bf3e2a8ea7bf2badea085d3496" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795399", "to_ids": false, "type": "text", "uuid": "315b7233-c5bb-4567-8492-ac44d844f34c", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859346", "uuid": "09f01d2b-bb53-402b-84e5-77dcd327fa53", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859345", "to_ids": true, "type": "md5", "uuid": "fc242ab1-ffa0-46f3-8730-034550af087f", "value": "e57291afc9402bfc772b8b9b89b9bcaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859345", "to_ids": true, "type": "sha1", "uuid": "07a0706a-5ab4-4dce-ba7e-0dc9e1bb411e", "value": "057d174eec03e19a61b5f53998dca028c499359f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859346", "to_ids": true, "type": "sha256", "uuid": "f9081699-1d72-4d47-9f03-50810d3df2c7", "value": "70a65d277259714f0633dab195a2ed7f03c5de61e368a7ce149a0daf3bcbd129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795421", "to_ids": true, "type": "ssdeep", "uuid": "718e1534-e673-4449-acfa-5d8c9db19899", "value": "49152:uf2eioh2FuFO/aGGVshTKa2gJRr2ggSnG0uOlE:3ohuuFaG6hTKa2E6ggSnGfOlE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795421", "to_ids": false, "type": "size-in-bytes", "uuid": "8c40865b-273b-4958-b28f-c306f131e5c9", "value": "2405015" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795421", "to_ids": true, "type": "vhash", "uuid": "12fff58c-540b-433a-ab55-19f7c967348b", "value": "22e674863feb7556c835a0dde0edd60e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795421", "to_ids": true, "type": "filename", "uuid": "585973b0-762d-4f45-93cc-c10e409cd9e8", "value": "9415377.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795421", "to_ids": false, "type": "text", "uuid": "72d15499-a16f-4bc7-93c2-d01a2667e1e0", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859347", "uuid": "87d25ceb-eff0-49e8-a941-67bb77817850", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859346", "to_ids": true, "type": "md5", "uuid": "dac936d1-b404-4e52-812c-3a61814cb5e8", "value": "875155f0c138313148a41974971f7df7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859347", "to_ids": true, "type": "sha1", "uuid": "d3ab2f9c-7a72-4652-a06a-6b93e1be1d9f", "value": "04d710458fe84ab9731ec71a585206a0d6078b84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859347", "to_ids": true, "type": "sha256", "uuid": "54368eb0-7065-41bb-acd0-415c77edda74", "value": "278c6de349b386098982cd3bb2b217b8b3366446d4a7fbca38c1359cf35e2a25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795442", "to_ids": true, "type": "ssdeep", "uuid": "96f41ab3-5424-43c8-af08-e4b795d4aadf", "value": "49152:zsxEYVYOvwTefvo9LrJPvNkerzZmiqu0UXBkSL/rzGoHWRrzOG3toart3ZdQ1TLL:zdzh50MBkS/zhWRzPhVqNXkJaF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795442", "to_ids": false, "type": "size-in-bytes", "uuid": "ebe27f19-522a-4416-a69e-b4cafc779cee", "value": "9180690" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795442", "to_ids": true, "type": "vhash", "uuid": "067c4bb8-6af6-48f4-8f5b-de55cff98ec9", "value": "0a68c929fc833a7bc6296f43dcd1a05c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795442", "to_ids": true, "type": "filename", "uuid": "fb58b97a-d96a-486e-8c25-c281fe351896", "value": "9415393.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795442", "to_ids": false, "type": "text", "uuid": "74523350-8111-43c0-94ff-75144c1be24c", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:25/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859348", "uuid": "96fca53d-c198-4052-993b-cec9e5eaf0e4", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859348", "to_ids": true, "type": "md5", "uuid": "50737c4e-6819-4dcd-95bf-601e382a9d0e", "value": "ea94c1638a5c65cd65c1720187783bfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859348", "to_ids": true, "type": "sha1", "uuid": "c8f98c75-1042-4e4b-b4d0-73925247be60", "value": "1b6af2bf7255ebd07d069e0347ca3f3d183cabe4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859348", "to_ids": true, "type": "sha256", "uuid": "3df65970-d7ce-4a45-8645-8b94dbf01fa9", "value": "33a91cb295640ab8e92afc3f1d40befde55ecbdfcbb450a9991aa60e160f4ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795464", "to_ids": true, "type": "ssdeep", "uuid": "ddf4f715-75f9-43d3-bfbc-1724989bb1c6", "value": "196608:XhPADTBnYMT6Gs1+TEmfmjAYCUqjF+S8wm36hn:XhPADTBnYMeGs1uEJAYCLAS8B36t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795464", "to_ids": false, "type": "size-in-bytes", "uuid": "d1f227b7-5d01-44df-a7e3-65b6d728dfc6", "value": "8941287" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795464", "to_ids": true, "type": "vhash", "uuid": "176015af-a80b-4594-9923-d45a798af232", "value": "72e7e4fab8b29ef00d397faaa0e090f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795464", "to_ids": true, "type": "filename", "uuid": "b33427e4-5c0f-4516-8138-ec6c676bb1ea", "value": "9415399.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/03/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795464", "to_ids": false, "type": "text", "uuid": "863af101-2bdf-4921-bdac-da64af659848", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859349", "uuid": "d233f606-ad2b-4c47-be1f-e6cade17bb90", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859349", "to_ids": true, "type": "md5", "uuid": "892a41bf-97f0-472e-99b7-45faf5865a27", "value": "7a6e1423e209713f8113a9cf287a320d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859349", "to_ids": true, "type": "sha1", "uuid": "8f4fea5b-9a02-4ff9-9fb5-379133feaf33", "value": "e63b80390ea82bac912d30b1eafe61326f0e707f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859349", "to_ids": true, "type": "sha256", "uuid": "2d3f75fc-2718-480f-a100-d64ccc8af963", "value": "b07744361e32570eb3af80576307d3356b97f2bfe3f53ef90301abdc322872bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795485", "to_ids": true, "type": "ssdeep", "uuid": "371ead62-d0eb-4ec3-bd20-40de4c6f018c", "value": "49152:LVikLM2nx0ryUfZpZ5yEZNC1Z6I+3IsF3FvDxKqyHxRCbtKQ2ui5DDAss:LokwkbUpPyEnp9hT7x2Hg/2uSDDAss" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795485", "to_ids": false, "type": "size-in-bytes", "uuid": "13e06396-eeb5-46e9-9243-c3d9db882d44", "value": "2497601" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795485", "to_ids": true, "type": "vhash", "uuid": "62319a89-f086-48c2-8c58-409dffea8e78", "value": "5020aba239e794876ae18a011ee79173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795485", "to_ids": true, "type": "filename", "uuid": "7e49b1ae-fc3c-4419-958d-ab21284bef38", "value": "Quran_For_All 1.0.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795485", "to_ids": false, "type": "text", "uuid": "24c126a7-6ec2-41d8-9d1e-8a3a2b3accbc", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859350", "uuid": "2d8c1c1b-07ed-48ad-bce1-8c74526a4728", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859350", "to_ids": true, "type": "md5", "uuid": "f0139428-b9df-46f4-a1e9-601ce74596f5", "value": "d2862a852fc0a0c51748c41a4ffd5d62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859350", "to_ids": true, "type": "sha1", "uuid": "19578779-d8de-4faf-8587-24c9f2808ab9", "value": "1030f7e362cbaddc8965fde9a664e4d21d8ceafd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859350", "to_ids": true, "type": "sha256", "uuid": "5f86e44a-ea5d-443e-9215-75244a67c753", "value": "98d55e46d42d21b00aff0e6589b7fa0da862747113ab09f2fc7c87dd02951aac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795507", "to_ids": true, "type": "ssdeep", "uuid": "2ed44046-9ddf-46f3-bedd-f64f778077d5", "value": "49152:7jX5W+K/PvYoDWSKM01/n9CpgHcquEhGjSg3DWAJKyK:7bs7vvaRM01sYcquEhGjrWAJS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795507", "to_ids": false, "type": "size-in-bytes", "uuid": "62a53312-3623-4c1d-847d-63b899c56da1", "value": "2804465" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795507", "to_ids": true, "type": "vhash", "uuid": "f548c4e9-7e8f-4353-a705-755fe53e1943", "value": "8ef4a9810d31e2f15d46b18cecb37e25" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795507", "to_ids": true, "type": "filename", "uuid": "c8ed2a6f-d026-48c4-8440-04ecc2cc9973", "value": "Uyghur_Quran 5.0.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795507", "to_ids": false, "type": "text", "uuid": "18f111de-f448-49fe-ad87-b3fd5351a5f3", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859351", "uuid": "473171a3-ebe9-46eb-8656-68dd779a63a9", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859351", "to_ids": true, "type": "md5", "uuid": "2db5be1a-8a65-4ebf-9dc2-f447358ee78e", "value": "7383b429162044299542dba882477b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859351", "to_ids": true, "type": "sha1", "uuid": "3418a62b-1e8d-4542-b4fc-a87cdb21ba4e", "value": "9c7c6eb949b3cb25ab3dabd6470cdc3cc4ec59e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859351", "to_ids": true, "type": "sha256", "uuid": "fbcf9b76-8a35-4555-9514-d16222e15ac4", "value": "e844033dd9fd8f8c6f2d7568d1a6d02f8fe8708d85d0b369982eb215b3d01cee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795528", "to_ids": true, "type": "ssdeep", "uuid": "283d0538-8582-4105-bbea-7a0eba598246", "value": "393216:xoGT6slUO1/XlkQ0ixYLfWQ+Aa0wnGRl1HwbLtnUcvT:H6kp8Q0iaLiznGDebLtnUaT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795528", "to_ids": false, "type": "size-in-bytes", "uuid": "9a36fe6e-1222-44b7-9cf9-24995c72feda", "value": "18145707" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795528", "to_ids": true, "type": "vhash", "uuid": "8f06df2b-049e-4628-a954-eed1413d848b", "value": "a59b4bdde656e6d198cd89589dc416da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795528", "to_ids": true, "type": "filename", "uuid": "98a43cd3-ea81-4e3d-a7bf-1a1f26129ef9", "value": "HEUR-Backdoor.AndroidOS.Chuli.c-e844033dd9fd8f8c6f2d7568d1a6d02f8fe8708d85d0b369982eb215b3d01cee.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795528", "to_ids": false, "type": "text", "uuid": "b281b35e-71ef-4372-99f6-15b3530635a9", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859353", "uuid": "61cab63f-1069-48bc-a2cd-6f8360499f34", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859352", "to_ids": true, "type": "md5", "uuid": "7d2322a2-d7d6-4666-ae84-9bfdc21d75e6", "value": "28c80aff636922d4f203eb220fb5e0d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859352", "to_ids": true, "type": "sha1", "uuid": "99249992-21e4-48c4-aa1d-34eb2a305247", "value": "528e84f9029e20d999760db629dba881395d9a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859353", "to_ids": true, "type": "sha256", "uuid": "02ba0328-26c4-460b-b726-9bed338b81e9", "value": "40dfae9d01f4cfbdbffc33168d04ff0da8bc9983c1ab833c22cc7817f30e07d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795550", "to_ids": true, "type": "ssdeep", "uuid": "822a24e9-abf0-4c5b-80f6-edfc61928b37", "value": "196608:Tl3T85zLsNeO5El00/i58MWXF1jnP4OccjJH/8JzTerC0xd7AqgIqA8B9RK:p3nv5+05HIwEJH/8JHeWmdEqgIV8B9E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795550", "to_ids": false, "type": "size-in-bytes", "uuid": "49dae03b-49f4-433a-bf45-972218cc9009", "value": "8758021" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795550", "to_ids": true, "type": "vhash", "uuid": "bb16e745-3c6f-4a67-9c8e-105f9cffd7e3", "value": "33d160bbbd4a22935d15fded958a57c4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795550", "to_ids": false, "type": "text", "uuid": "ea95cd59-e0cf-4b09-a62d-19d6dd1acc26", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Exploit:AndroidOS/Lotoor.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859354", "uuid": "4b1c1517-92b2-45f2-be25-a0cb74e39db0", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859353", "to_ids": true, "type": "md5", "uuid": "ffbf6be4-db82-4207-a417-04517bb80ba2", "value": "6ae0a5347b83cb1c47c0af85c81d73a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859354", "to_ids": true, "type": "sha1", "uuid": "f6ce5099-eaeb-4aa4-a2ab-0717d5c2457d", "value": "11c0e0502f9cf7515806f74c424d7c7d43067dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859354", "to_ids": true, "type": "sha256", "uuid": "b30540bc-c45e-4c1e-b45a-bcea54c2dac9", "value": "51dbcda3f480d20d808fb3f705be6d2f78cfcb39f28a18f22155afb602767ea5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795571", "to_ids": true, "type": "ssdeep", "uuid": "61357021-0cc0-413e-9c94-d7f920d892e4", "value": "49152:WI4KiM5lYj6emdb/1yt+H5GDCIGxlwQUfBVj87IK:LaM5lKYJQ65G+zlw7mIK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795571", "to_ids": false, "type": "size-in-bytes", "uuid": "a558ceda-ce95-4780-9953-0b0ae88b1f5f", "value": "1933829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795571", "to_ids": true, "type": "vhash", "uuid": "de56bac7-6f2b-44db-aee6-1143474bdb1c", "value": "fd451e79d1054b80eff00d91af835015" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795571", "to_ids": true, "type": "filename", "uuid": "f666e2f7-618a-4be3-a711-7f7f33c291f1", "value": "6ae0a5347b83cb1c47c0af85c81d73a8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795571", "to_ids": false, "type": "text", "uuid": "965cff80-3433-4320-9b92-2058598895b2", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859355", "uuid": "1ee05da3-3d6f-4779-a6ec-35539a4f7778", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859355", "to_ids": true, "type": "md5", "uuid": "7a6d3fc9-b47b-4c6c-be20-dc3a518fb612", "value": "f85c76e2b54bdfe5635039739c89ec42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859355", "to_ids": true, "type": "sha1", "uuid": "85824e7f-63d7-4c22-9b77-0b87cf736ae0", "value": "da5128cb25c91ce56c614369ca16e610213aa872", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859355", "to_ids": true, "type": "sha256", "uuid": "45a1b1eb-4dd9-4841-80bf-6a3ecbc628e6", "value": "c0e261024c85394920f801385b904b0fc322512e953bb2603695ed97333c6cd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795593", "to_ids": true, "type": "ssdeep", "uuid": "6e0d35b0-f075-4da0-9345-4b66153346f9", "value": "12288:bq1KmC0ixHm1FBTLu5AdltZMApWwb3NLxYU9yL3NjQtsalEutWAqwl2p96x:brBhxMHjPtGApWJUSxQtsj4WlGokx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795593", "to_ids": false, "type": "size-in-bytes", "uuid": "cb6fc8c6-81b5-4eaa-8e7d-4f3dc8379702", "value": "605277" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795593", "to_ids": true, "type": "vhash", "uuid": "2861afb5-5722-417f-8b0c-eeb1fb560d85", "value": "1f4e277187d1fa5570c45e7d42093cfc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795593", "to_ids": false, "type": "text", "uuid": "b997e662-5041-458e-8d97-247a994b8c57", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859356", "uuid": "d187f0d4-3c2e-48b7-8c6a-1a9cb98834dc", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859356", "to_ids": true, "type": "md5", "uuid": "84a68f7c-fb45-4e15-9ea5-1bf58a02f559", "value": "b0baba18c67e00194510453aec3a97c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859356", "to_ids": true, "type": "sha1", "uuid": "76c2c85f-ef43-4062-99b5-046f4c1878e9", "value": "70445020477a181c3616af3fc5f70884dde73125", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859356", "to_ids": true, "type": "sha256", "uuid": "486079cd-22f3-4c38-bb37-9f9080f5ee0f", "value": "5907bf3da9ac0a424a565654ee779f78842c04d989b12ad106f712e00e42d101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795614", "to_ids": true, "type": "ssdeep", "uuid": "793ce86e-b009-4704-8f90-70b856e6c3cc", "value": "98304:0xTO2bDpw2CVCGtDbJXLU4yxlXQ1dd/C4LEPA3mZOAk:cTtFw2uCsDbpyxlcddqeE43+OAk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795614", "to_ids": false, "type": "size-in-bytes", "uuid": "54a4d158-df46-4ca3-b2b4-a5b7d129806d", "value": "3690765" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795614", "to_ids": true, "type": "vhash", "uuid": "9d54c90c-d325-4e1d-8f56-1f5bf7f3a094", "value": "68fd407881e28b0d760bf652dc537f97" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795614", "to_ids": true, "type": "filename", "uuid": "977853d5-552a-46f7-90c8-92ec0a035a8c", "value": "\u0642\u06c7\u0631\u0628\u0627\u0646 \u06be\u06d0\u064a\u062a\u0644\u0649\u0642 \u0633\u0627\u0644\u0627\u0645.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795614", "to_ids": false, "type": "text", "uuid": "96b25f18-3e55-426c-8f04-230b456ef65e", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859357", "uuid": "18895f73-fe8c-42d6-a1ae-fbd0bcbb4397", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859357", "to_ids": true, "type": "md5", "uuid": "8b10b822-f11f-451a-bcbc-396e3625ef82", "value": "ee2f9efdae91a5a03fe175f929184b99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859357", "to_ids": true, "type": "sha1", "uuid": "41210958-a10b-4a39-8945-dcf3bf56880a", "value": "a747c1c17efc4b4c3afcc80e9943297e1abe9497", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859357", "to_ids": true, "type": "sha256", "uuid": "7ff353a2-020c-40ed-b061-374ced111b8c", "value": "e613798501a811ec76160307c7155ca4e4c50e474e7df0f7c9330a3dba81c1ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795635", "to_ids": true, "type": "ssdeep", "uuid": "6f6c0f75-7ec9-4cb6-a9eb-9be869674b64", "value": "196608:ldB31a/51a/y1a/81a/2ioXQytKWc4UCkW1a/uf3+:h3w5wyw8wvoXQuKh9Crwu/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795635", "to_ids": false, "type": "size-in-bytes", "uuid": "89fef8db-e3af-4e66-b2a5-70908bb0efb8", "value": "7189015" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795635", "to_ids": true, "type": "vhash", "uuid": "584ffb36-ec11-417c-9e84-e45516de1011", "value": "ece309429c0baa28ffcc78efdfc0d62a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795635", "to_ids": true, "type": "filename", "uuid": "69eebaaa-7e3c-4a6f-88c5-21a961e3bf13", "value": "ee2f9efdae91a5a03fe175f929184b99.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795635", "to_ids": false, "type": "text", "uuid": "71bcf16e-c09a-47f4-bca8-b209cfcbee84", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859358", "uuid": "cc2a3937-ce79-4874-91c7-dea5f94c57cc", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859358", "to_ids": true, "type": "md5", "uuid": "9f30488e-97a4-4a26-8a53-61fe2f5c71e7", "value": "6496f6656d9f164957b48a3727e58703", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859358", "to_ids": true, "type": "sha1", "uuid": "36367111-328d-4ce8-b659-a926144b9beb", "value": "ac664ac57f4b32b1c71d91b8a0ca4f9fcbda8a8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859358", "to_ids": true, "type": "sha256", "uuid": "8f5cf17c-dd08-4369-8a0d-975a00b0cf2a", "value": "571cdb99eefe5d0fcd8c8854c34f05690c617c89cc3e5212d7bb3e766ff02c68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795657", "to_ids": true, "type": "ssdeep", "uuid": "e2b4fae6-00b0-42df-9607-526f50211a5b", "value": "98304:JMK10i7K3pUo+6uU8+05QN7u2/7GU0N+Ap1:NasK3+r6ux5QNy2CnNTp1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795657", "to_ids": false, "type": "size-in-bytes", "uuid": "f350a0e1-5437-498c-94a4-fbb8363b6489", "value": "3554211" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795657", "to_ids": true, "type": "vhash", "uuid": "738b3152-ccf1-49b3-a671-1da54e41804d", "value": "888d410709383dc6807d061ab3e7976e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795657", "to_ids": true, "type": "filename", "uuid": "9068d095-4b3f-4800-ba59-d94899c73337", "value": "HelloAndroid.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795657", "to_ids": false, "type": "text", "uuid": "5d0db351-8fe5-4e98-8ce9-6545038bb215", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859360", "uuid": "65ec52b9-37e8-4936-8e34-ffb4fc7371ec", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859359", "to_ids": true, "type": "md5", "uuid": "e5b6707e-f855-4583-9ede-007e0051023e", "value": "0e1e3ea0e11ba2e2e576eeb9050047f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859359", "to_ids": true, "type": "sha1", "uuid": "176f8855-f51d-48df-a57a-5748cc309411", "value": "61c0837583e9bfa915b7d897ed9d6b6c0faf7e4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859360", "to_ids": true, "type": "sha256", "uuid": "e033de94-0c26-4ce3-8feb-ced9ae947f60", "value": "b63dbd540e9f3ef7aede9ea528ef2fa16394ab2f973bb778340e0df78463b4c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795678", "to_ids": true, "type": "ssdeep", "uuid": "e3f87410-f46f-4314-98ce-411994025991", "value": "98304:CMK10i7K3pUo+6uU8+05QN7u2/7GU0N+ApncrgVdT3Bh8b:gasK3+r6ux5QNy2CnNTpnGgT9+b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795678", "to_ids": false, "type": "size-in-bytes", "uuid": "5df70691-b8d5-4128-9e46-c83d91454362", "value": "4401679" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795678", "to_ids": true, "type": "vhash", "uuid": "42ae459b-5c18-4913-895f-03d67eaf2eb6", "value": "e244d1d5e99628d66fd568c27428c997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795678", "to_ids": true, "type": "filename", "uuid": "fc20a9e7-80e8-44b9-903f-e5421c5f81d6", "value": "Quranm.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795678", "to_ids": false, "type": "text", "uuid": "f9489a88-600b-4d92-8c00-971ef2a82e5d", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859361", "uuid": "303ff2d0-246d-41e8-b7e8-267189d623da", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859360", "to_ids": true, "type": "md5", "uuid": "d4ff5541-d25a-4e99-86cc-4f56ecbbe4b5", "value": "cb1e36d188aab770edbd1d219e6f746c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859361", "to_ids": true, "type": "sha1", "uuid": "fe97ee7b-c65d-4d3d-a7a8-775f08c58911", "value": "20848e59e23509f3386759cf6ab1eeabceb5cc68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859361", "to_ids": true, "type": "sha256", "uuid": "4271b12b-e681-4f10-807b-fdfd5f95409a", "value": "b4afb07bbfd1d19210106002aa5982f3550c56312bd8464c6e2760d3381e1baa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795699", "to_ids": true, "type": "ssdeep", "uuid": "61b9c856-a2f8-42ad-8905-b1ab1dcfadd2", "value": "98304:sVvxR7QXY2J2iX+srMtK2J22sfX/m57LJ80E2J2i7YEsa6xw+6MtN0T0Nn0HxHrt:+vn7jsrMtdss7Ll7Rsa6OpMtH0HNrMt+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795699", "to_ids": false, "type": "size-in-bytes", "uuid": "1efc23fe-d7c9-4632-b44b-216b8df50e89", "value": "7038417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795699", "to_ids": true, "type": "vhash", "uuid": "f4067de4-0c46-489c-88ed-6e3467cc4f20", "value": "387f6adac9a93123a9b76b669886c9a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795699", "to_ids": true, "type": "filename", "uuid": "950477f1-67a9-4bdb-954f-df9e63daafe3", "value": "wahan karidori.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795699", "to_ids": false, "type": "text", "uuid": "230b9659-2a81-4b34-bc5b-851e08963055", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:26/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859362", "uuid": "571db957-4f65-4c23-b1d4-84c52813e691", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859361", "to_ids": true, "type": "md5", "uuid": "9c5aee77-31aa-452a-86f6-dde6222af15a", "value": "b7a8de41f78bf9dd09797b29fb8b93ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859362", "to_ids": true, "type": "sha1", "uuid": "04ff3f6f-714a-43cc-9a11-7b60d9496de9", "value": "03b136350422f40e9d5720ecb53518b587727d78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859362", "to_ids": true, "type": "sha256", "uuid": "00a6ca85-79ca-4586-9ae5-c3d016b09593", "value": "6ca7aaaa6a0d10e17cc1e0763fb4fbfeb046f64e1f8488ef6f48596df7a65e16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795721", "to_ids": true, "type": "ssdeep", "uuid": "54319b6d-c4f4-4f4a-b6f0-07dc2c9b53fb", "value": "98304:DuWx27tX/2J2vXQsCMtR2J2isFXmX57KH70w2J2U7ZtsClx8vUMtz0E04nXaxfzu:6W87GsCMtcsI7Km7DsClysMtnXaFzMtV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795721", "to_ids": false, "type": "size-in-bytes", "uuid": "f86de9e3-25ae-4c1e-ae6c-bbbc430c08ad", "value": "7038417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795721", "to_ids": true, "type": "vhash", "uuid": "d4292f2c-c1cb-476c-bb29-4562b43eb25b", "value": "387f6adac9a93123a9b76b669886c9a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795721", "to_ids": true, "type": "filename", "uuid": "195bc911-216a-4862-8642-6384cce2c0f1", "value": "Wahan Karidori.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795721", "to_ids": false, "type": "text", "uuid": "639f875e-07f7-49d9-9963-7be29220721e", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859363", "uuid": "63878047-cdc2-4ae2-91d1-70e781742e0f", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859363", "to_ids": true, "type": "md5", "uuid": "5a5ffaee-5855-40f3-8759-a6add07e3fef", "value": "d18827d32647fd3f0c534dbc29d5cba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859363", "to_ids": true, "type": "sha1", "uuid": "439cb36d-ec74-4d57-a110-9c89c058daaa", "value": "9771ca4315c13d8e85d465dd6d9d4e169947ba24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859363", "to_ids": true, "type": "sha256", "uuid": "865241f4-624f-41e9-94aa-fb37779d65e7", "value": "117d5a8a6c33b05e33bb40c791e60dd9738ed236786a4fa56f823572598c1d20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795742", "to_ids": true, "type": "ssdeep", "uuid": "e6509011-177c-42b7-b63e-df0268347981", "value": "24576:TTSei3g0nNOjKxzsK/on1oMvfMPhUqVRJKULHhteYL3EgCwqPwV9gk:TeeiDN9qKI1lXMPhUqVRB7nBL3EgCXPY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795742", "to_ids": false, "type": "size-in-bytes", "uuid": "a0339ba7-f8d7-4f52-bfc0-37f0e7596b66", "value": "1251549" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795742", "to_ids": true, "type": "vhash", "uuid": "b305389d-097d-4b38-b7e9-13f2d261048b", "value": "94be053f957a8778fb66c37cc10feccb" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795742", "to_ids": false, "type": "text", "uuid": "b1306844-ef15-4362-b143-5ac0705a8f73", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Linux/Multiverze\nVT Total Detection:42/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859364", "uuid": "573705df-fc4b-4e2c-9f7f-e39d501e2f82", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859364", "to_ids": true, "type": "md5", "uuid": "be019e39-86ed-4f71-9038-8f5a98afe82b", "value": "caf2b13eef531b78e205cab6b636b7e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859364", "to_ids": true, "type": "sha1", "uuid": "0e49e690-f4a1-40df-a7ef-9356589789f4", "value": "2f966edfc175c367c95dc7292bc7b1203bd93a4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859364", "to_ids": true, "type": "sha256", "uuid": "30e8fb60-e07b-46eb-8a52-a8b1b12ea090", "value": "16607a536c3f9f065a8a34d2301e6ea53074c507f96d2a2d9090b77fa4d97bab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795763", "to_ids": true, "type": "ssdeep", "uuid": "a66a68a4-cb8a-4b6e-b348-8d4314071a61", "value": "98304:hQ+t33mDgN7IqY7CMD0hrkN24Rz1gGwxiGGLdu5XarXRm46Qqn3F64eYh8hOQiDx:hBBkWQCMz1LNduiXRfoV64eHKd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795763", "to_ids": false, "type": "size-in-bytes", "uuid": "162c3aae-aaec-4f35-8641-142bb25a0abb", "value": "7307854" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795763", "to_ids": true, "type": "vhash", "uuid": "5b01696c-aab3-498a-bd01-c6eaa49af366", "value": "73cdb83c76b480dce0a93ddc36fc23f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795763", "to_ids": true, "type": "filename", "uuid": "cb4db24e-a70a-48d1-9bd9-2dd9c95e4444", "value": "magiccall.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795763", "to_ids": false, "type": "text", "uuid": "44161055-0ec1-4491-94e4-da3a250834d5", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859365", "uuid": "94e24209-6efb-4af3-998e-b68df24bc6e7", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859365", "to_ids": true, "type": "md5", "uuid": "f0e09b7e-d94e-4ea8-8593-8e98c18c1ec6", "value": "ec0cb47ace65abefad84470c474962d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859365", "to_ids": true, "type": "sha1", "uuid": "324da22e-9199-4ee6-99a0-169a1f59d500", "value": "766d67455a5e15ad0fd15b530592776c63aa3726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859365", "to_ids": true, "type": "sha256", "uuid": "5f352863-7157-4d32-b1cd-8399e0b50b64", "value": "d11f151d40d45645418863d5975b18578b2e11dc39fccfa41c9eb1b2b8e0e06d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795848", "to_ids": true, "type": "ssdeep", "uuid": "67dd806b-a6e5-43d4-a8ba-fc1aff61bf4b", "value": "393216:ebtYFUzTrV8mvl1VwCPR0Oimt9RbsHjmaJWtnpc:Stc5m9oCP+vmXRbYJWtnpc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795848", "to_ids": false, "type": "size-in-bytes", "uuid": "0c55c258-3a98-4bc0-ba3d-3759a2979735", "value": "17112569" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795848", "to_ids": true, "type": "vhash", "uuid": "125529e8-72df-4b98-bff4-96643488b116", "value": "0aacfc3878641ced9a5adbf818466030" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795848", "to_ids": true, "type": "filename", "uuid": "f61e37c1-f46a-48af-9b74-7732032d7d87", "value": "HEUR-Backdoor.AndroidOS.Chuli.c-d11f151d40d45645418863d5975b18578b2e11dc39fccfa41c9eb1b2b8e0e06d.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795848", "to_ids": false, "type": "text", "uuid": "affc1009-f4b4-4264-8cb2-369f44650e33", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:20/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859366", "uuid": "02c67c1a-bada-4249-b071-2c1ffb820c59", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859366", "to_ids": true, "type": "md5", "uuid": "0c213794-75d0-4e0f-b114-d8cbb39aaed4", "value": "b6b5aa3efc73e513710c097d98378a80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859366", "to_ids": true, "type": "sha1", "uuid": "3e360621-e41f-43da-9964-d6f9eeab0f7b", "value": "d5e569428cabae25c6ff7b3fe56cb687947a846d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859366", "to_ids": true, "type": "sha256", "uuid": "c76692ad-9da8-40c0-95b0-f46c2d815fba", "value": "8cc9672e6148672fe8025be374c4cb7e98d58572713fe1feaa821b8ea5046599", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795933", "to_ids": true, "type": "ssdeep", "uuid": "9e80542e-24bf-482d-acb0-0ad35e7c7240", "value": "196608:iJO6HjTUpQNW/xu+h3cxKM3jU8YPXYEQ0Pc8KRpjl0DIqiYPXnD:iPPwQ+xuUMxKRp/YEfojoX/D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795933", "to_ids": false, "type": "size-in-bytes", "uuid": "b036c896-4513-41b5-b2f6-25b5b3d71917", "value": "9637124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795933", "to_ids": true, "type": "vhash", "uuid": "82e627e1-f11b-44d3-af71-b5ec4bc9b2a1", "value": "97cf35d6923fa707b0ba22181f3c0468" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795933", "to_ids": true, "type": "filename", "uuid": "766042cb-898e-4a05-8d55-4d471f7a1b79", "value": "filename" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795933", "to_ids": false, "type": "text", "uuid": "5d106d26-da7e-4a56-9460-4e07b7f1d17e", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859368", "uuid": "191780b6-584d-49ea-be85-408ff1006f37", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859367", "to_ids": true, "type": "md5", "uuid": "924db689-4a81-4df8-86cf-d9376933920f", "value": "e9ce66c72c63d7bc247c838a7bc29268", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859367", "to_ids": true, "type": "sha1", "uuid": "a25e621c-6fea-498a-93c6-81c7e32e18ba", "value": "4ef9f46ec78e3e02597e8d3b89a765d815b7ab59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859368", "to_ids": true, "type": "sha256", "uuid": "0bf53549-83ec-46bc-af3a-380845858853", "value": "6848b3eb554a4a72286403d89fedbdb08ee04aabce89c29d120ff839c8b99b25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795954", "to_ids": true, "type": "ssdeep", "uuid": "6e5f3e70-4b79-4877-98d4-cbbb4838a939", "value": "98304:Z3UxpvBxb4B1Ec6nwC4dTxEkpWi8jqVbzg/K5LSnxJb93vt0TmYeM:2EB15QwCCTXZ8j4zdLWDTpM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795954", "to_ids": false, "type": "size-in-bytes", "uuid": "ea3fd652-bc1f-40f1-8420-91fab5a0afb6", "value": "5756201" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795954", "to_ids": true, "type": "vhash", "uuid": "eb19527e-95bb-4ec2-84d0-77b955a4a0dc", "value": "2850a13343bbe699fc040a360e1d488a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795954", "to_ids": true, "type": "filename", "uuid": "11c2c9df-0b81-455d-a595-caee25651988", "value": "TalkBox.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795954", "to_ids": false, "type": "text", "uuid": "2e39a6b5-c0d4-4573-86dc-d71f13a31d70", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859369", "uuid": "b7e812be-62fe-47ab-a5ce-855e5e0fb8b9", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859369", "to_ids": true, "type": "md5", "uuid": "bbd53da1-1f55-4da7-bb18-349a81966415", "value": "8dcb2cb84d448fc5639112e3ab4f7423", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859369", "to_ids": true, "type": "sha1", "uuid": "d250a484-c185-426b-8157-fb586b3f2432", "value": "f88ecacd1e5a79fdffea0b4a47f37cb262d1df7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859369", "to_ids": true, "type": "sha256", "uuid": "cd8e0b0b-506f-4777-bd20-4e2d5cf04ed9", "value": "b6ba815ed5942ac9344b8bcdb7d25546c3fe3d9a87b1bc2ce4e6d3da24395ab3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795976", "to_ids": true, "type": "ssdeep", "uuid": "937148f1-4cbb-4908-ba43-472ebcbeceda", "value": "49152:qoCA0b0Lc9bnjVDvTNut9M7XWC+ABBY419xK7kw2d6XXH5TbBk+LD7z:qoCA0b0Lc9bnpDbNGhCLTY419xnZd6Z5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795976", "to_ids": false, "type": "size-in-bytes", "uuid": "d46da39a-334b-4a0c-9c05-22faae6269f7", "value": "2685814" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795976", "to_ids": true, "type": "vhash", "uuid": "f05945aa-8a96-40f1-9b0e-c5337d2e0418", "value": "27692e884d20a52caa303b342b3b7900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795976", "to_ids": true, "type": "filename", "uuid": "878435db-0d2d-42c3-8523-054be2e283ab", "value": "NewsApplication V1.06.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795976", "to_ids": false, "type": "text", "uuid": "770dd85b-986b-422c-af27-93764397070c", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:22/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859370", "uuid": "4c2107c8-4500-46a8-9046-f22ae95f1a6c", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859370", "to_ids": true, "type": "md5", "uuid": "d05b44f5-2d5f-4e73-917e-aa004dc44fec", "value": "d03f211777300c96dcdb6477f6e4dc7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859370", "to_ids": true, "type": "sha1", "uuid": "3cefe586-890b-495b-8ac8-3f61c7acbf54", "value": "d2809652569fa8446f1d0361e3ba0063a503fc94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859370", "to_ids": true, "type": "sha256", "uuid": "1f919888-c033-4731-b019-6ef6e8201f28", "value": "2bf683570b267c9363f5afb85271a4b7e33e31fe7ebac8360f3fdccf3209d47a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740795998", "to_ids": true, "type": "ssdeep", "uuid": "6c3bfe03-fd1b-4259-b61f-257ff7288738", "value": "6144:4xX9aMqpNVAEQGhSyN7jjE1qFmZEcMZmKGARjr5stctohLr6bH5po5wg:uX9iNV4GhD/xFtzsArmtcy0qt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740795998", "to_ids": false, "type": "size-in-bytes", "uuid": "31db5688-231b-48cf-a8e6-f393fb6dff4e", "value": "328582" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740795998", "to_ids": true, "type": "vhash", "uuid": "7283285d-7c7c-4fcf-8bd6-fd10eb7c8072", "value": "60a28eff6354e3d4c88654f13ca98820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740795998", "to_ids": true, "type": "filename", "uuid": "d24f1d87-8bfa-4002-b494-fb16fcb3b4e7", "value": "2bf683570b267c9363f5afb85271a4b7e33e31fe7ebac8360f3fdccf3209d47a.file" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740795998", "to_ids": false, "type": "text", "uuid": "073f0725-9793-4a0d-b1a9-4f37f863e1eb", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859371", "uuid": "fcf1490f-c27d-487d-bcc9-56f7a089be85", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859371", "to_ids": true, "type": "md5", "uuid": "b4cbd61e-d6cb-4ca3-98a1-fd27366d1697", "value": "b8e4be73d4886af79e155729ae31b6fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859371", "to_ids": true, "type": "sha1", "uuid": "3ab88781-2f26-4aee-a4b7-3af118feeddb", "value": "0b3f1c266db60e0423463a45321f20fefab619e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859371", "to_ids": true, "type": "sha256", "uuid": "0ada2ddd-7996-4d36-b635-a4c9a402f4b4", "value": "6ce52ce4e1b9fd71ed2e1e5abfb61d198446118599e81d5514f3db38f8b2d476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796020", "to_ids": true, "type": "ssdeep", "uuid": "447cd287-7da2-460a-a4e6-8e15f4da68d3", "value": "196608:qsS6QdGD1V/AYVEMTnfHFADdloeu/u8dzSqWa/Gdji4UR:qsS6g+AixTdA7oekrdGqf/EjpUR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796020", "to_ids": false, "type": "size-in-bytes", "uuid": "d4924f0c-8b3c-4e5e-8ef1-ec230a52f2d9", "value": "10808082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796020", "to_ids": true, "type": "vhash", "uuid": "a7a717ac-f406-44fe-be41-50c00f369c1d", "value": "a1713c218a73462fa74c377798f082b1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796020", "to_ids": true, "type": "filename", "uuid": "ff604cfe-94db-4944-bb3c-e8d0ccf0f9ec", "value": "WeWe_V3.4.7.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796020", "to_ids": false, "type": "text", "uuid": "b42607af-bcd5-44ea-bd7a-5b211bb3f591", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859373", "uuid": "983762d7-8376-4a3d-916a-a8565e3d17bf", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859372", "to_ids": true, "type": "md5", "uuid": "729b3b93-91e3-4d87-86f4-8ab36e4b485d", "value": "742dec94cb48839c4f0352b4924b8a14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859372", "to_ids": true, "type": "sha1", "uuid": "7139f054-34d4-4d00-bf52-bbab8eb59c1e", "value": "5462c92eb482379aef3e79e1b965640ec3901541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859373", "to_ids": true, "type": "sha256", "uuid": "449f1fd9-d97e-4ca2-a082-cd5226556cdc", "value": "5d7c75be7a3345eb562a67410fe748c9e8d4dbe52bf34fbf26b93e8aeb5b6267", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796041", "to_ids": true, "type": "ssdeep", "uuid": "62eb9286-4b99-45be-b179-5e7900625691", "value": "49152:3hWhUJBx0g9p8+gWnnaFngzlKjkSpO638c0reqn8f+aFubrAgWSfIU0KT:3wuBeQp37naFKlKjkSpORCqc+aFgdvHp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796041", "to_ids": false, "type": "size-in-bytes", "uuid": "8384904d-6671-4626-ac54-3d6e5f9d6275", "value": "2957912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796041", "to_ids": true, "type": "vhash", "uuid": "6e5686e1-68f6-47b3-adf9-f38a4aa6a852", "value": "77170d9fd19ec71417641a7beed990da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796041", "to_ids": true, "type": "filename", "uuid": "fdb0f4f6-b36a-4990-92a5-2a5bd1b1ff75", "value": "1f9dc093-48a4-41da-81f3-ebaad8baa2f2.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796041", "to_ids": false, "type": "text", "uuid": "b602e2cc-c3f9-4e5c-979d-292d12090073", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Tnega!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859374", "uuid": "b09bc58f-3e80-4c88-ad72-91cfe0b2642a", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859373", "to_ids": true, "type": "md5", "uuid": "abec111d-aab9-485b-86cd-3c49e31ddfaf", "value": "2ea3c05844df6f4bc79edac27a94fb16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859374", "to_ids": true, "type": "sha1", "uuid": "29e9fa80-2182-4631-875d-9e18471e30ce", "value": "1ccd2a6f6b9875b3e41becc2f4436f40b9bcd6b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859374", "to_ids": true, "type": "sha256", "uuid": "ac3a5646-44e4-4d7d-a2ce-a01c1b0cbdd2", "value": "7fb1e314a69ebcad837aed9053025cf3db805c40d4162f0c03faa3c7450f2a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796063", "to_ids": true, "type": "ssdeep", "uuid": "8c2f867b-8416-401e-ab31-039f9002a335", "value": "49152:t4iAfVK559DCXa9r7XcHulMU8wVi4paQZC8YtRslv9bAt:Hd1JaQZCdt3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796063", "to_ids": false, "type": "size-in-bytes", "uuid": "71f34a5a-3134-4d52-8599-224b14c8677e", "value": "1887717" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796063", "to_ids": true, "type": "vhash", "uuid": "80bed93b-1cc4-4a1e-911a-e5dffcb51d93", "value": "927323f8148af558bfe680ad9e6871f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796063", "to_ids": true, "type": "filename", "uuid": "04bc6cfa-80be-4b37-9d9f-f87b2708361d", "value": "2ea3c05844df6f4bc79edac27a94fb16.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796063", "to_ids": false, "type": "text", "uuid": "fb9442cc-48c9-4d02-a24f-11d8bd351c76", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859375", "uuid": "e3a0cb4b-e757-4e93-90d0-3cec7c7c2b51", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859375", "to_ids": true, "type": "md5", "uuid": "547a3ad8-3e77-4e5d-bc27-d4df7eb3b993", "value": "0a3a4b8031ac6102098ba0f132b727b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859375", "to_ids": true, "type": "sha1", "uuid": "0c3ef4f5-5a70-4aa8-986a-ed68c31b2496", "value": "1d440ce51a85a2bd145e80e093237a57188ab056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859375", "to_ids": true, "type": "sha256", "uuid": "341bd05d-46bc-4d91-b720-f809814137a7", "value": "628053fbad33bf740514c578a28da7b7be8c066e575885a3c2b8e4e713e09e54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796084", "to_ids": true, "type": "ssdeep", "uuid": "5b0f1479-34e6-41dd-9fe0-0226bd790a06", "value": "49152:PhNVnsp4JVyFVJ1upQCzDGSiC4Wl5tUs5sUASRK:Phjsp4JVyLuLzFJYsWUASRK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796084", "to_ids": false, "type": "size-in-bytes", "uuid": "c6b52ce2-96a4-4ee6-8bfa-01db68b84688", "value": "2093376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796084", "to_ids": true, "type": "vhash", "uuid": "9491a29d-8341-4202-ac1b-219ba256a409", "value": "cf01b7ba26312be6a7d7758b9bf46942" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796084", "to_ids": true, "type": "filename", "uuid": "e26b04a9-0a68-4f6f-ba3b-7b4fbcc6f824", "value": "0a3a4b8031ac6102098ba0f132b727b0.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796084", "to_ids": false, "type": "text", "uuid": "a775534b-8b58-4809-85cf-a3b238051466", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859376", "uuid": "194c7f53-96eb-4c00-a4c9-0b0aa2c06c8e", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859376", "to_ids": true, "type": "md5", "uuid": "f469d269-75ef-48c8-be15-1a4291e027f1", "value": "fb0d28b65519cf5138eb6625f4bf16f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859376", "to_ids": true, "type": "sha1", "uuid": "bcdbce0c-e98d-43e6-b791-e25eeb9bc234", "value": "8bcf7788cebe1343d7602bb24e19db4e5a4c50b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859376", "to_ids": true, "type": "sha256", "uuid": "29539fa0-9cb3-42c0-b269-0f5629376803", "value": "d483f5e5dc67008a270fbd25473cb3f3c34522705f715c19b07db1421608ba34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796106", "to_ids": true, "type": "ssdeep", "uuid": "77510465-1584-4f25-a2f7-4019db78e1f4", "value": "24576:loHz+t4Iq+N3/u+prSZ+JBKKQdYqb9LnYG5i/44M:lS++C3/u+JB2Vfw/ZM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796106", "to_ids": false, "type": "size-in-bytes", "uuid": "53715030-89ae-4dcc-afb4-a6ecef99a52b", "value": "861565" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796106", "to_ids": true, "type": "vhash", "uuid": "32cff716-c363-4cdc-a258-1e72185363e7", "value": "2d8cf27d2c4a18d1b979513ecf278014" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796106", "to_ids": true, "type": "filename", "uuid": "b2b693d2-93ad-4823-a030-3698badebedc", "value": "fb0d28b65519cf5138eb6625f4bf16f8.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796106", "to_ids": false, "type": "text", "uuid": "a948d168-502e-46ae-bc4d-72c5b34af8f4", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Trojan:HTML/Redirector.AD\nVT Total Detection:40/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859377", "uuid": "5dbd4a1c-179b-4618-a233-f23c6057ae8f", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859377", "to_ids": true, "type": "md5", "uuid": "b80883b2-c3d1-42a8-b031-89a57ee2c0a8", "value": "8b279a0e3865b004665ed46c9d5cda21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859377", "to_ids": true, "type": "sha1", "uuid": "6efb153f-47ba-46f8-9955-426f46ad78a5", "value": "ab724367d7ae9e75a5d9d46f29b74df157aea446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859377", "to_ids": true, "type": "sha256", "uuid": "0d83ffdf-650e-4dad-b265-7b60d447d043", "value": "f52bb238e5dbb971e96aff2f3d1de57ec6f0e07c183a587e0faa74af1f011fc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796127", "to_ids": true, "type": "ssdeep", "uuid": "c1c5108e-9313-4c6e-addf-472ad6351b51", "value": "98304:EyF8p5pmh1hXDN9sBzfg8a6HmqIP7+X/MXbNYZ4U7Fy/HtFG06Hsg:EycI1hXUzo4DIP7eEXZdeet363" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796127", "to_ids": false, "type": "size-in-bytes", "uuid": "62dcb164-95d3-43bb-a058-6c75b318f672", "value": "4746174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796127", "to_ids": true, "type": "vhash", "uuid": "8d103143-a625-4051-8e80-1fddbe2bf9cb", "value": "1d3424cb038974390975ebc5f89d8bea" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796128", "to_ids": true, "type": "filename", "uuid": "6aa4432c-0668-4e30-9a24-662a3ff2f29d", "value": "f52bb238e5dbb971e96aff2f3d1de57ec6f0e07c183a587e0faa74af1f011fc9.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796128", "to_ids": false, "type": "text", "uuid": "95395b7f-7c4b-4a60-97c3-8e37d1a4cc9d", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: Adware:AndroidOS/Multiverze\nVT Total Detection:32/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859378", "uuid": "5c5ca446-7ebb-44fb-bdb7-e50835f454ce", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859378", "to_ids": true, "type": "md5", "uuid": "9438c5a3-7373-4c29-be63-e878596d05f1", "value": "b7724ebe7c11278faddbcb8c72e02ea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859378", "to_ids": true, "type": "sha1", "uuid": "d5820535-4850-4deb-9b79-212b782bc79c", "value": "54543f096981770b397e72fff1c138628f010cbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859378", "to_ids": true, "type": "sha256", "uuid": "d36196c8-1745-4a2e-bed0-c320be1cc795", "value": "b1b834e5f82072033b2c67bf20eecda7cb85d3707fc06e7b60851a87865838dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796149", "to_ids": true, "type": "ssdeep", "uuid": "0963d574-e21a-4598-80b3-fd245fdb9d27", "value": "98304:lqaYekIjRC8CM4QnCB4UCOQLN1xdTxj94xAs/2arFxZ4BRafxTLOK5L9+TIZX2eT:lMLbriU1ANFT6ASTZ8WxT7LgUx2epAw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796149", "to_ids": false, "type": "size-in-bytes", "uuid": "416daa5c-1ed5-4b33-94b0-9d032f2b9765", "value": "6858170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796149", "to_ids": true, "type": "vhash", "uuid": "a3c76d19-ad41-4e94-8fd8-bedcdb2029cb", "value": "8345a0ca8985f564c125191ffd07c640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796149", "to_ids": true, "type": "filename", "uuid": "c2c51cab-158f-4cf1-97d2-829e5751f62f", "value": "vti-rescan" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796149", "to_ids": false, "type": "text", "uuid": "9c240d1b-c034-4a56-8f8a-c8f50f14c349", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:21/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859380", "uuid": "9f75a13c-ff74-4322-a4e6-49aae2653088", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859379", "to_ids": true, "type": "md5", "uuid": "78f4007b-1be2-490b-abff-b6940a3fa18e", "value": "ba760392f171e2f05d0352cc1e00190c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859379", "to_ids": true, "type": "sha1", "uuid": "b0ed8fe8-7f76-485b-950f-555415161f26", "value": "015ea52dba3b0e13d1acb4c1f2904b90eca2312c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859380", "to_ids": true, "type": "sha256", "uuid": "541e7e74-4516-4ad9-b5f1-6bc53ad0f4a4", "value": "e769fdf8f2e1a5311ef089c422a7c0cb360d77082d7d1ef1ff39a95c9321ec40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796171", "to_ids": true, "type": "ssdeep", "uuid": "801a4574-bbf6-4a57-97f0-0a84f77b1300", "value": "49152:3hWhUJBx0g9p8+gWnnaFngzlKjkSpO638c0reqn8f+aFubrAgWSfIU08n:3wuBeQp37naFKlKjkSpORCqc+aFgdvH3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796171", "to_ids": false, "type": "size-in-bytes", "uuid": "10985aa8-1868-490b-8631-513e7ac719b2", "value": "2957876" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796171", "to_ids": true, "type": "vhash", "uuid": "a4205da6-12a7-448e-98c4-87af8a22638d", "value": "77170d9fd19ec71417641a7beed990da" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796171", "to_ids": true, "type": "filename", "uuid": "8bd5ad6d-23bf-4fa5-8674-62112d42f2c1", "value": "ba760392f171e2f05d0352cc1e00190c_1.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/02/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796171", "to_ids": false, "type": "text", "uuid": "3bc0a9bd-d42b-4cd7-ab09-96dbfcf03da5", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859381", "uuid": "8119861a-9bc1-4596-b1a5-949b2d5d732f", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859380", "to_ids": true, "type": "md5", "uuid": "a7c850ff-926f-43e6-aa8c-a9744df47452", "value": "cbc474e34f26b4afd02932d8cae9e401", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859381", "to_ids": true, "type": "sha1", "uuid": "536ffc58-9f6a-442c-94c8-350c5f60118a", "value": "495b622d8209820022fe743c340b39e6e9313cd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleAgent", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859381", "to_ids": true, "type": "sha256", "uuid": "a440c592-8032-408e-95fa-a171bbb2f989", "value": "9390a145806157cadc54ecd69d4ededc31534a19a1cebbb1824a9eb4febdc56d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796192", "to_ids": true, "type": "ssdeep", "uuid": "1b02a879-269d-4638-8e0f-61b2b724c253", "value": "98304:v5fVVci/LwIKmV5/hRhiFQXbyRpJ4oc6XMK9LtPKrCCOFtA66OP7+PR:FZbKmX/liQX+o6cKN4IQgIR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796192", "to_ids": false, "type": "size-in-bytes", "uuid": "a74574b0-2c9a-4198-ace3-e8c6a760b6f5", "value": "4774630" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796192", "to_ids": true, "type": "vhash", "uuid": "21c8b52f-23db-47d9-839c-3525746c7383", "value": "4de3350a39205de71981eb1671745ba2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796192", "to_ids": true, "type": "filename", "uuid": "e729fcd6-57e1-4c5c-9c75-d93411bc5304", "value": "cbc474e34f26b4afd02932d8cae9e401.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796192", "to_ids": false, "type": "text", "uuid": "641f60cb-1878-4ac1-9194-52f6451d0df5", "value": "DoubleAgent\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Saurftp.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859382", "uuid": "a460627d-d267-4124-bf12-7677540d7291", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859382", "to_ids": true, "type": "md5", "uuid": "c481f38e-fb01-4b36-aa14-92bdd9d2ab1a", "value": "530a0e43cc1143d2cd1daf632d73615b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859382", "to_ids": true, "type": "sha1", "uuid": "32c3e5ba-554a-4e18-8ed7-49cf7a22de5d", "value": "5724ede472e9ab95118445af8a51f3c6d926cc6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859382", "to_ids": true, "type": "sha256", "uuid": "5447bc30-63e4-45ec-ac56-b3742064f619", "value": "941692aa6bb4b6389dca58f4c65e353ccfddab4c23c2d16e6b78a8db596990b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796213", "to_ids": true, "type": "ssdeep", "uuid": "d179d7c6-fcf9-4101-a955-f05fe8f17156", "value": "6144:t3wLgiPyFTfKklttN88uGtGTyheeoPHuXJvSk5JgMLIpDuJxz6J2EAbnnVHyrg:GsiPyFjbla8h9UejVSUgM5VbnVKg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796213", "to_ids": false, "type": "size-in-bytes", "uuid": "f1688c94-1e2f-4a9e-9c81-0e2ac4b2186f", "value": "431718" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796213", "to_ids": true, "type": "vhash", "uuid": "d144073d-0672-4664-bc5a-07f8b78f3339", "value": "fb4a76e26491b3b335ed83c48647627d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796213", "to_ids": true, "type": "filename", "uuid": "817514d8-d17a-463a-ade9-2e03bc963556", "value": "530a0e43cc1143d2cd1daf632d73615b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796213", "to_ids": false, "type": "text", "uuid": "774bce15-f432-4297-837c-2c532b083d4d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:22/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859383", "uuid": "1a754076-d817-42f5-851f-11e12528d269", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859383", "to_ids": true, "type": "md5", "uuid": "34f9da4a-fdf1-4b21-838e-077cdba7437e", "value": "0f19c69099b78b4b79a1407f44874c5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859383", "to_ids": true, "type": "sha1", "uuid": "7185dcff-37e1-410c-9e39-6a5ae6aa688f", "value": "2fddc6122fb8bf9c02d5e6fbd5c8acecf506282e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859383", "to_ids": true, "type": "sha256", "uuid": "6f15cec4-5386-462d-8408-865e2ec6c835", "value": "ade2f25462e04a082e5638cb97f6145eb5f12f3144871b34f8e527506c9b044a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796276", "to_ids": true, "type": "ssdeep", "uuid": "fa549470-e7c2-4a21-bc27-c5dcd633cddb", "value": "6144:pf+DhDTHDOHuaCjHp63iKGCyKtOW3Q1wt/2ml:pfWyOvklGxMOW3QOF2c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796276", "to_ids": false, "type": "size-in-bytes", "uuid": "f28f4908-1811-4caf-9255-e770b959ad26", "value": "278999" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796276", "to_ids": true, "type": "vhash", "uuid": "9149fd1d-55c4-422b-a864-7a2c5f0fe8bf", "value": "18d72edf629d205b5e6f05850b9e7d10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796276", "to_ids": true, "type": "filename", "uuid": "2f80c669-aefd-442d-9885-605febcc1a72", "value": "0f19c69099b78b4b79a1407f44874c5d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796276", "to_ids": false, "type": "text", "uuid": "8a9613a9-abf6-4cbf-99d3-30fe90f7b524", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859384", "uuid": "0d1402a2-af18-4475-9a6a-fa13be1ec131", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859384", "to_ids": true, "type": "md5", "uuid": "4ca90cf4-9fa1-46ca-90fd-8ed50d98a25f", "value": "d389f54f681d1239d09902616aa9a04a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859384", "to_ids": true, "type": "sha1", "uuid": "fcc350fa-d5f9-4780-b750-ed6a56d2d331", "value": "dae02a7e00bec86f832069c2ff1328054e0e45ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859384", "to_ids": true, "type": "sha256", "uuid": "87de8b34-bdcf-47be-86f8-e4e44d81532b", "value": "f8e65432061ae653dc321ad7bd93fa0a5d0fd1bc1ea70d42336a432b1020ded9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796319", "to_ids": true, "type": "ssdeep", "uuid": "c6149e3c-e7cb-49ee-a1ad-7788707d24f4", "value": "3072:t3wwyHqM5/RGHPhtRpuorYaxX07ty2KS3y8Mw8k34WMu/kLxcGpD+pzoE7q2i:t3wq9vbuorYaF2KJ8734WMucXDUg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796319", "to_ids": false, "type": "size-in-bytes", "uuid": "8245093c-5437-4934-8c17-8745c9588b3a", "value": "243179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796319", "to_ids": true, "type": "vhash", "uuid": "e757272c-4eaf-4710-b1c7-46c2b88fe924", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796319", "to_ids": false, "type": "text", "uuid": "757b1429-e03a-4635-a730-29f51a2be861", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859385", "uuid": "4be2953e-8668-456d-bc46-453f1b2e56c8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859385", "to_ids": true, "type": "md5", "uuid": "0a1eee4f-29e0-49e7-849a-9b7bc7908791", "value": "56faf9eaa52c49bfd17d0611a3b002e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859385", "to_ids": true, "type": "sha1", "uuid": "8de6930e-f496-47eb-9b81-25c90af062c6", "value": "fc8251d0ded073fbc9f433f74e7c862b27d9778a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859385", "to_ids": true, "type": "sha256", "uuid": "3e9d436d-046a-4191-b681-69030b24c84a", "value": "7b3174614aff4bac9de708caae27a189a94569c266ca6e197014b5aaffb946b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796340", "to_ids": true, "type": "ssdeep", "uuid": "0cacd176-0edd-4bd0-93da-1fd72ba9815c", "value": "6144:Rzj3wA+WFzTHiGRZdV/ziH1YPla6C1PDoF:RzkA+WFzTFtiHa9a6ooF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796340", "to_ids": false, "type": "size-in-bytes", "uuid": "2dc26697-a99c-4b2a-b115-32a3b46129ff", "value": "243159" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796340", "to_ids": true, "type": "vhash", "uuid": "d5f94b8d-77f3-42d8-b52e-cc89d133488a", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796340", "to_ids": true, "type": "filename", "uuid": "01cf1ad1-4d62-4bce-9d62-fb49481f288c", "value": "jpws8NcTKW5nY" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796340", "to_ids": false, "type": "text", "uuid": "b8b9189c-758c-4c3f-81fe-a6170059e805", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859387", "uuid": "316372ae-9f8b-478d-96f3-b588e1a974bd", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859386", "to_ids": true, "type": "md5", "uuid": "b524d276-c2b7-4a36-b32b-0f883756fe05", "value": "b363e48cde3f73ef3a971ddebff1f8d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859386", "to_ids": true, "type": "sha1", "uuid": "e63a719d-982c-409d-b28d-4934d90ffce1", "value": "349388eae390ccfaad2bcc7b06c1419d3577c7f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859387", "to_ids": true, "type": "sha256", "uuid": "a8436521-fa50-4043-96e6-c1c8b2a7d965", "value": "d56a2b18019efc616d60b24340314aec2e66e2b0d7b457a48ad9428861dab106", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796362", "to_ids": true, "type": "ssdeep", "uuid": "663981cd-f034-4540-af53-d20cb2d48c52", "value": "49152:njU0gbWaHVsr2kkYvpzyFafTErY00XtM2Cl:no08Hsr2kvRz1r+Xp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796362", "to_ids": false, "type": "size-in-bytes", "uuid": "e274bc31-2a89-44c4-9507-395ca5083a10", "value": "1610701" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796362", "to_ids": true, "type": "vhash", "uuid": "8f67305b-3a0e-4f4d-b298-772f2b5c65ce", "value": "15e3c81a7cdf50d758fa89c9e0a4ddb2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796362", "to_ids": false, "type": "text", "uuid": "17fffe0c-bd7e-46a7-a4d4-124b25b3b3c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859388", "uuid": "64e59202-ae62-4ba3-bab6-c9b64aa712cc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859387", "to_ids": true, "type": "md5", "uuid": "e5167f07-d68a-49d1-97cd-dfc80b1d4dda", "value": "c42df76a5c806abe25588b3463313b05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859388", "to_ids": true, "type": "sha1", "uuid": "dad1cb7c-b3c5-4cb9-9e70-34102e9c6056", "value": "5ffc5fb3e6dc994cbcf0953be46fad5909725ed1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859388", "to_ids": true, "type": "sha256", "uuid": "dc3f5199-e0dd-430c-b05e-691dc4269451", "value": "f8d9bc85094904a71e42bbc636d75a2f3331316ab8e4b3bf9438029db1b613da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796383", "to_ids": true, "type": "ssdeep", "uuid": "cf07b6a6-a52c-48e7-97d0-fa91bb1dba66", "value": "6144:QrBecolGx+vO1/SQV4hkrslVb+yfu03wo:QIlGx+vOas4uaONo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796383", "to_ids": false, "type": "size-in-bytes", "uuid": "e3edc7b8-bde1-4786-b407-73d5b0f933eb", "value": "244800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796383", "to_ids": true, "type": "vhash", "uuid": "dd03aa48-3512-462e-98ec-3b91806588a0", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796383", "to_ids": true, "type": "filename", "uuid": "a24bad09-c83c-44f0-a8ee-efbe77408116", "value": "c42df76a5c806abe25588b3463313b05.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796383", "to_ids": false, "type": "text", "uuid": "0eec255d-7519-43bc-a26e-b19c639e1618", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859389", "uuid": "b5ceeb73-96d2-4cd6-ae00-276042c2fc83", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859389", "to_ids": true, "type": "md5", "uuid": "5d14df6d-400b-4159-bc01-7de7b4b70b29", "value": "6d3a33330a80aa52f6f1377760928256", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859389", "to_ids": true, "type": "sha1", "uuid": "714fd83d-4f8f-4369-9fb5-e2b2fa7b07f0", "value": "915d1c78343f0cd7d75abf03b4b33be415f194be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859389", "to_ids": true, "type": "sha256", "uuid": "b7650f74-7426-44c4-aa45-0104668e2c88", "value": "79727284ef7db9f7e9fa63b22b7cff16b4e45805950925bc1fa878fae4185ef5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796405", "to_ids": true, "type": "ssdeep", "uuid": "785aaa06-76b2-406c-b6da-f6688e854839", "value": "3072:d3ww6G4EsWVjIaWHrP8RzMQFyp7NBjVltzuUuxx3qlpTyZFMlCtYj3QsOfYFwh8E:d3w64EsqkPmuxBhlFusRyMlxTdEYacf4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796405", "to_ids": false, "type": "size-in-bytes", "uuid": "b17bc553-193d-48bc-ac57-9bf761fa5a8b", "value": "243052" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796405", "to_ids": true, "type": "vhash", "uuid": "b9b76423-58cc-43c4-bd34-8b542e86073d", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796405", "to_ids": true, "type": "filename", "uuid": "8d68b069-1f5c-480a-ae14-f9711b4d4fdc", "value": "pjsmxSqWMFLlo7S0zxhSRnxEK8fVBG6MZIHOB1z" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796405", "to_ids": false, "type": "text", "uuid": "3369de57-c9cb-4817-bbeb-0f57b1eb7a95", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859390", "uuid": "e873b4a8-d61c-48b5-9d0b-dcc53fc48e7b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859390", "to_ids": true, "type": "md5", "uuid": "2de197f0-7585-461e-81f8-fd2c81cb967b", "value": "e7a239834e2c38a11ee38adbf8cf9758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859390", "to_ids": true, "type": "sha1", "uuid": "14d7dc12-eee6-49f6-a270-905ed3bc4780", "value": "7f50149d9d8d852f05a95016db788b04d0b30139", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859390", "to_ids": true, "type": "sha256", "uuid": "70ce7951-cfc9-42ca-a06f-5cdbe467c8d7", "value": "488ee85fbf630ddb5d8f92c66396e9fe3422d5820e43e43f8f9024a79cb69672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796447", "to_ids": true, "type": "ssdeep", "uuid": "dc6b2f3a-dca3-4043-a3ae-a16440d254de", "value": "6144:9kn/AR81QassViMiTPR9TOF9/y72avhDYB1cMluST2Iq0wxoqcGl3wE:ySyiTJtOF9a7FhDYB1cKu+HwxotGuE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796447", "to_ids": false, "type": "size-in-bytes", "uuid": "c52ee1d5-0f7e-4b54-9568-bf28f3b4275a", "value": "352100" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796447", "to_ids": true, "type": "vhash", "uuid": "f6a9f46d-7410-4162-b68e-33a1f74f4912", "value": "61300933a8deaa5d1f5915136ce252bc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796447", "to_ids": false, "type": "text", "uuid": "6c61ce8c-a807-4b6f-925e-4df78d066d1b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859391", "uuid": "4b9d8f88-3ba7-4e6d-90bf-3d06a2fdca67", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859391", "to_ids": true, "type": "md5", "uuid": "5fdc07fa-31e0-454f-b0cb-d26ebb62e31e", "value": "b60ff4d451cc40b1008845869fa468c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859391", "to_ids": true, "type": "sha1", "uuid": "01d860c8-6700-4914-b31f-e96356a0e088", "value": "314ef5243aefb9b5d9142ce92efc3dde5d3fa041", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859391", "to_ids": true, "type": "sha256", "uuid": "06f03956-51e8-42e1-86c2-54dec667ebf6", "value": "d3978e109a481c3693668f990ee696c76dcc375a3db5e9e02124f627323846c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796468", "to_ids": true, "type": "ssdeep", "uuid": "b73e6119-b2ae-4d1c-a5ea-e81e804191ce", "value": "3072:R3wwrAdPUvHCkLrItIP71TVNjmmOGrbGVq3OnHo7gMSgoZtYBN4d3D/zoO7q2k:R3wrdcCCrIt+71hN/OGryc+nIUis574" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796468", "to_ids": false, "type": "size-in-bytes", "uuid": "a87b7fe3-10f7-4058-a745-49e950ac3e18", "value": "243328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796468", "to_ids": true, "type": "vhash", "uuid": "3fd452b6-fa70-4a07-b756-44c429987e10", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796468", "to_ids": true, "type": "filename", "uuid": "ac3eaa83-092e-4f69-bddd-1a3f96ab4e60", "value": "b60ff4d451cc40b1008845869fa468c1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796468", "to_ids": false, "type": "text", "uuid": "00e21660-0be3-496e-b943-fb183335ced2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA13\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859393", "uuid": "b121fdb0-6e9d-4983-b825-9dde05588f48", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859393", "to_ids": true, "type": "md5", "uuid": "6a0c3e1a-ad90-4c34-8fcb-aa360c3658c0", "value": "4dbe0bf4b282364b882c2b3e6191ef9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859393", "to_ids": true, "type": "sha1", "uuid": "0ff9926b-4791-4210-8134-e6b9fa267056", "value": "b7417c10b7a0fa613fe997d305abcde8dbcc1f2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859393", "to_ids": true, "type": "sha256", "uuid": "6dd04dc7-079e-4634-82c7-8ae22f19cfbf", "value": "0dfcc4b5a24b470a2023b26989e60bdf6e20bb4d1b3ed3626a532f9df280e3fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796511", "to_ids": true, "type": "ssdeep", "uuid": "ee1adc7e-5a88-426b-a31c-231a76b31847", "value": "6144:sy3wRdrb4hNIfMtCIQvbNek8gKZAstbhgTcIMgZDoN:iPb4kMt7Qv8ystOcIMgpoN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796511", "to_ids": false, "type": "size-in-bytes", "uuid": "838a0256-7115-4050-a64f-d45e57433088", "value": "243292" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796511", "to_ids": true, "type": "vhash", "uuid": "6fd64acd-0029-47c2-8f4c-b71db78fdccf", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796511", "to_ids": true, "type": "filename", "uuid": "db3a82be-6ca4-4525-bb95-50bed4ccd09a", "value": "4dbe0bf4b282364b882c2b3e6191ef9d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796511", "to_ids": false, "type": "text", "uuid": "922b85cf-755e-4de9-b611-5d30286c6dbf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF4\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859394", "uuid": "36af4d49-a1f6-4101-9dfc-0cbc2cb77bf0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859394", "to_ids": true, "type": "md5", "uuid": "6fa60666-28fc-487c-a3f1-8816395cb334", "value": "388254d88c179325d9cfff00a7117773", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859394", "to_ids": true, "type": "sha1", "uuid": "ae7c17c9-d832-4fe0-bd20-20757d701c14", "value": "b2686fb961e4294996986166aef3bd4254e99cde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859394", "to_ids": true, "type": "sha256", "uuid": "15acbab5-0657-4da5-917c-fa5c496097ec", "value": "da885c402e103da2a0784a7fccd6b453e31167f1dad1258e0dd23179fb5f1672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796532", "to_ids": true, "type": "ssdeep", "uuid": "5e22a769-fe7a-40d8-b654-f6f93b5c1673", "value": "6144:pFyGNxpbVXpX4UrF5C39pQx1gvcCgb5CsSieJFZ5h9Ql3wQ:jNjpZX4ULCDkqEC459iFnrQuQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796532", "to_ids": false, "type": "size-in-bytes", "uuid": "cf52a76b-f598-4fb7-981c-9c7791535a43", "value": "350345" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796532", "to_ids": true, "type": "vhash", "uuid": "addbfe8a-9946-4173-9297-0feebff546df", "value": "0e85f8bcd2462f6a8b0283c8bea2ad77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796532", "to_ids": true, "type": "filename", "uuid": "dfde8e85-90a6-4010-b45a-c7651f159c08", "value": "388254d88c179325d9cfff00a7117773.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796532", "to_ids": false, "type": "text", "uuid": "faa25543-8afb-4968-90fd-03732e1e5e3a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:JS/CoinHive\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859395", "uuid": "99aec0c2-b36f-42b6-916e-1d1fe25abd0c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859395", "to_ids": true, "type": "md5", "uuid": "7ac2499c-c194-426b-a4a0-8a0d3af8cca9", "value": "31f7caec68c433eaf988ff22aa80469a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859395", "to_ids": true, "type": "sha1", "uuid": "683f5eac-3b91-43c4-8bf7-f05efdaec4dc", "value": "d56ec882a1d2e9176c13c3fa46677ead65060347", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859395", "to_ids": true, "type": "sha256", "uuid": "dc0f31be-a1d5-43c6-ab0d-1172df8a13e1", "value": "93435215bdc22e1e27369dd4347edb77d99f585313dc98dfc7f1a4e31ed10c9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796553", "to_ids": true, "type": "ssdeep", "uuid": "874a0735-d270-42c9-9898-a4f90631d84e", "value": "3072:gzoQ3LP1sfSkV+0XRyEkSfpm3QSWAYR4LRj+jsmFqGn5WDGFSbcL2Z7q2x3wwg:QLLdQPRURrWAYGagJGnilbd3wF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796553", "to_ids": false, "type": "size-in-bytes", "uuid": "4791641c-d8f5-4acf-b4aa-944e798c23ca", "value": "243242" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796553", "to_ids": true, "type": "vhash", "uuid": "b990d820-3a08-459b-9cf5-9e86086d9307", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796553", "to_ids": true, "type": "filename", "uuid": "7b6c78ec-d2af-4eb3-a174-46518daeec73", "value": "com.huawei.lucky_money.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796553", "to_ids": false, "type": "text", "uuid": "08903b62-ca35-4bf6-b91e-f19500e0d6f0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859396", "uuid": "2d87d27e-d83d-438c-b986-99e82bc70c23", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859396", "to_ids": true, "type": "md5", "uuid": "688bef42-d17a-4793-81ee-7f450d6fea66", "value": "90d7ac7acbb59d361518b877fa41346d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859396", "to_ids": true, "type": "sha1", "uuid": "7989f95a-fe5b-4c57-9769-a98776d12648", "value": "96437decfde286eb946e87b47d8049c6901ea229", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859396", "to_ids": true, "type": "sha256", "uuid": "e08ee369-0139-465e-80cb-dd853cbe3142", "value": "54304e3e18bc782ccf52c6d5461c1ba9f5fd5168c23149bc9222f069678d5adc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796575", "to_ids": true, "type": "ssdeep", "uuid": "27047d3d-bedf-4b38-8749-ef395f8beace", "value": "6144:0+v1uwLY/Z7n40kzFIFcU/+xF63iWl3w+:hPk00k5Iu43iWu+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796575", "to_ids": false, "type": "size-in-bytes", "uuid": "df421bc4-1423-4377-a43b-a2216e949f21", "value": "353724" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796575", "to_ids": true, "type": "vhash", "uuid": "ee08e830-c6f6-4cc9-806f-f272f9b2427b", "value": "976c53e0dd95b139fe07be7da0003b34" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796575", "to_ids": false, "type": "text", "uuid": "a3796810-2a98-4018-8851-db8933ee4f39", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA47\nVT Total Detection:33/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859398", "uuid": "b8fd0887-a990-4fd0-9f57-f573aa73643e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859397", "to_ids": true, "type": "md5", "uuid": "f33c4a20-af35-4e60-91c2-561bdc1c1272", "value": "7873e2105e4f7ca53d6293d93732644e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859397", "to_ids": true, "type": "sha1", "uuid": "1db9ac41-4fe0-4cb1-9bb7-9854771b1ff1", "value": "d69efaa8134305062af65d778fb79d678634b143", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859398", "to_ids": true, "type": "sha256", "uuid": "19c5270d-c369-4cdc-ba0f-5010f5ff9002", "value": "78ede35d9760a81982c3a9749187ed1a2eeae40eda1d3d8faed7e91576da0422", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796617", "to_ids": true, "type": "ssdeep", "uuid": "4918a781-6b67-44fb-bfd2-e13dce69dd6e", "value": "49152:LZ6yROoA4RxSDuzYzLelOHFafTErY00VJM2Cmz:Nn5A4rpzsqlr+1C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796617", "to_ids": false, "type": "size-in-bytes", "uuid": "5f1fad63-8b2d-4aad-96d6-06c6b434ee55", "value": "1622357" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796617", "to_ids": true, "type": "vhash", "uuid": "a334f5fc-3e5c-4db1-bce4-69200d1d7b09", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796617", "to_ids": true, "type": "filename", "uuid": "6ce22db5-0345-44f3-80c7-a8798d0857de", "value": "7873e2105e4f7ca53d6293d93732644e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796617", "to_ids": false, "type": "text", "uuid": "31b33695-6822-40ad-ab9c-7c67a93e0fb5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859399", "uuid": "67ec9fd9-ea83-456a-bd78-8882b52bc9cb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859398", "to_ids": true, "type": "md5", "uuid": "55b1c428-bf69-4304-9a85-d723e41fac95", "value": "7a988ed315c5e76802d599a4f00cf0e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859398", "to_ids": true, "type": "sha1", "uuid": "770d1435-de88-4003-be0f-4cbd26686f8e", "value": "099ea7ad09561b928fbe3a7a4a80df5e0513bc2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859399", "to_ids": true, "type": "sha256", "uuid": "c8e69127-c6ad-424b-8d72-cf39faa8569e", "value": "58f379d135f3af70c13c88c23b5f6e583113da1c9f418541e903fbb8dbe42236", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796659", "to_ids": true, "type": "ssdeep", "uuid": "ff2260b8-294c-40fa-a3c7-5e31d679c004", "value": "6144:vD6F9x84MLiPRml06YeucNkgzkDQQnQe3wt:b6FPVDiuMkggDuPt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796659", "to_ids": false, "type": "size-in-bytes", "uuid": "6f1b71c7-0e4b-4ba8-8aef-ddb2e5d89113", "value": "243097" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796659", "to_ids": true, "type": "vhash", "uuid": "c3b9398e-a397-47e7-9f62-73a925f8e4f9", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796659", "to_ids": true, "type": "filename", "uuid": "f3e66e16-3912-4846-b7db-d97fb6ca3125", "value": "7a988ed315c5e76802d599a4f00cf0e2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796659", "to_ids": false, "type": "text", "uuid": "7b43add3-0836-4f0c-b6fd-f2f0dd8a315a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859400", "uuid": "c00f3df4-bec9-4aa8-9430-66e7102f06d5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859399", "to_ids": true, "type": "md5", "uuid": "f2db3ae8-5b57-4308-807d-a8b88c40a27d", "value": "56f5c7b506df783aa0c5517e8af33104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859400", "to_ids": true, "type": "sha1", "uuid": "2c59435c-654f-4001-8532-03ddfd4c2b7d", "value": "2db31f2975ad14c41c543c424224ab8f7d632b51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859400", "to_ids": true, "type": "sha256", "uuid": "e2cd7efa-4a70-4887-9952-ecfa0913926d", "value": "870655377bc88f9d7785eed5a07ab926b0e7497dfc739b243712dba456758bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796681", "to_ids": true, "type": "ssdeep", "uuid": "2427121f-befc-42d3-ad8b-d634d06e9040", "value": "6144:oC3wrK/hNw9ArOB33e1+AIWBOFpIBfLDos:orrKZNw+rGiltGp2f/os" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796681", "to_ids": false, "type": "size-in-bytes", "uuid": "e801108d-04f1-466a-bb66-c88ca0e0581e", "value": "243161" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796681", "to_ids": true, "type": "vhash", "uuid": "432928d8-a8c3-4ad7-8544-e0985786ab50", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796681", "to_ids": true, "type": "filename", "uuid": "6fae3f09-b05f-4eb5-b341-c1eec3d94778", "value": "56f5c7b506df783aa0c5517e8af33104.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796681", "to_ids": false, "type": "text", "uuid": "0901f780-01b7-4aaf-92de-d26f7d901687", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859401", "uuid": "77913848-6819-4bc6-b2f7-f9dfc012c181", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859401", "to_ids": true, "type": "md5", "uuid": "a4307074-43a8-47c1-aab8-82c5957ca9df", "value": "9f844984cb52003b3afe714e7b8d4c2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859401", "to_ids": true, "type": "sha1", "uuid": "37def32c-4d4d-4c46-8938-54ac194f9f2b", "value": "02dce68dcb63259ec960b768bf5a1587db7c2de6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859401", "to_ids": true, "type": "sha256", "uuid": "73a37314-73c0-4d82-b5f1-45a3e3019d3b", "value": "ba7ad5ef8cb8158edbcc97df1da3adecf857030ef4a11b25a7189dad26ec392e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796723", "to_ids": true, "type": "ssdeep", "uuid": "ce2a67ac-0e92-43b2-a169-b75b6c52172e", "value": "3072:KwD9oVpbeIJTUJ+ZttXQGPWeaLMNSkTufwI24/Hks8JATcCp6rNC7q2qzoU3wwwR:KwB2FboJItX1WMNSlJMZXC0hNl3wD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796723", "to_ids": false, "type": "size-in-bytes", "uuid": "b1dd4495-97b4-450e-94ae-37a0cd9917fe", "value": "244070" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796723", "to_ids": true, "type": "vhash", "uuid": "af07c07c-c516-46f0-955c-acc3d69a6a6a", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796723", "to_ids": false, "type": "text", "uuid": "55f53e3f-67ed-4a39-934a-ab0958d49fa3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859402", "uuid": "7f163531-546b-4078-9f53-f14f7b1a1606", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859402", "to_ids": true, "type": "md5", "uuid": "a8ceeef6-da34-4c21-b92f-9d15d1e4174e", "value": "4c335b65cecf6678b3e91929985d36c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859402", "to_ids": true, "type": "sha1", "uuid": "e58e69f7-3de8-410e-9443-476916e1e3e9", "value": "8bbb3fb5cb9bf6ea01c3f7ad576eb5f46b563adc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859402", "to_ids": true, "type": "sha256", "uuid": "3340d772-f604-4437-b35d-2c1abfa839af", "value": "0bd5bd86a37aba0464b734a444b935556f175d81932e466d5890565a03f75bc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796765", "to_ids": true, "type": "ssdeep", "uuid": "0f543dda-c992-4df1-a820-aaa5096b8157", "value": "3072:c3wwHC8N1tN4/9F2XVqjhqwRMKHcTs20fTNdSl+QWnRjpa+mdq4aJ0JW6Xedh6ns:c3wuU9YcjhTH6Cf7SvW0d1aCPAwnlDof" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796765", "to_ids": false, "type": "size-in-bytes", "uuid": "884d6efb-689f-4ce8-b58c-15f4e1a03a6e", "value": "243146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796765", "to_ids": true, "type": "vhash", "uuid": "041d24ef-7453-4e1f-b227-6acb911de63c", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796765", "to_ids": true, "type": "filename", "uuid": "b9416184-fbba-4a30-93d2-9affbd44ee1f", "value": "lt8ebsON8724hSuNKqJYHb2NChh2zb4QBczO" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796765", "to_ids": false, "type": "text", "uuid": "4397cdf7-03c6-48d0-bfe8-ccd9e7212724", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:Win32/Aicat.A!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859403", "uuid": "e695581d-1673-46ff-8ca2-d635fe913363", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859403", "to_ids": true, "type": "md5", "uuid": "f36fab56-4031-4b91-beae-a42b983619c0", "value": "9cc63003fdfb3b54f04b272a709a3cd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859403", "to_ids": true, "type": "sha1", "uuid": "4cacf6e3-3449-4155-a099-1cc378f1aa74", "value": "db665ee1390a7e5af882f249e8e3dffe9fea341c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859403", "to_ids": true, "type": "sha256", "uuid": "3cbf42e0-6d59-4350-9204-fcc1d48d95fc", "value": "dd912a19a1a91838190e5d04fcfb3899f28046d84f99ce856db1171c6190ff40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796786", "to_ids": true, "type": "ssdeep", "uuid": "ce326a82-7e67-47ef-9afd-39881a191b9a", "value": "6144:vx3wQMArz5LK+fjl43N61UpCDVJ9YlVUDoN:viQMArlLKUd12CDVvYlVsoN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796786", "to_ids": false, "type": "size-in-bytes", "uuid": "98ff9a61-abf2-437a-8496-52ade2a5468c", "value": "243163" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796786", "to_ids": true, "type": "vhash", "uuid": "ea0e3a79-081f-4453-8f9d-e484c7891906", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796786", "to_ids": false, "type": "text", "uuid": "2309daf0-6c0d-4097-b502-e9212d6fb602", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859404", "uuid": "b73115c8-0346-4b83-89f6-cd2ad56c2062", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859404", "to_ids": true, "type": "md5", "uuid": "c1402984-a9e2-4b25-8316-553cfa5441c9", "value": "f245b839444825fc3b61a8bd54b84b3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859404", "to_ids": true, "type": "sha1", "uuid": "ecd18436-1312-4d4d-81bc-daa7bc301d82", "value": "aef186dbc332d564aa3873254d5a50f307289195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859404", "to_ids": true, "type": "sha256", "uuid": "85251b54-9e38-46d0-a943-2b4daed59ad8", "value": "ce0f73761b53a5f8839113e1e481de3af808623cc6189b67596f847916dbfd8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796808", "to_ids": true, "type": "ssdeep", "uuid": "a2e3d359-c82b-4e61-be8b-c636880cd4c5", "value": "6144:sy3wzs2z5LLuKz9uUiwG7Tb0c7slfpSaDJDoC:s7zs2lLvz9uHP30c4xpSaD5oC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796808", "to_ids": false, "type": "size-in-bytes", "uuid": "1e660e47-669c-45c6-8423-5cc890f3cc68", "value": "243160" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796808", "to_ids": true, "type": "vhash", "uuid": "069e074b-4622-4cb3-b422-d40f0074e2c2", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796808", "to_ids": false, "type": "text", "uuid": "ebcf822d-b325-410a-9d64-5e325488ef0b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA6E\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859405", "uuid": "08188b0d-bd21-47c0-887c-491333bb6689", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859405", "to_ids": true, "type": "md5", "uuid": "b4168bc9-8405-4da6-836f-6a51aac89208", "value": "729389de2dcc223fc1c95bdb13ad5da3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859405", "to_ids": true, "type": "sha1", "uuid": "f6328ee2-b924-4def-8975-d87d70820c99", "value": "1ee4b076895c38de7cbd99a8db79b281c9175fb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859405", "to_ids": true, "type": "sha256", "uuid": "eb75acc4-2330-4d23-8c6d-0458c77767dd", "value": "9743156a7e113e1c25b5d263d4c4a8a9fe41f4673c0e8440b3b286b83f687ff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796829", "to_ids": true, "type": "ssdeep", "uuid": "712981ce-e34a-4014-8bbd-5d20d843279c", "value": "6144:B3wrAKc3YJt3LNbVVamTqVkZZOARGPshh74jbv:ScbIL3q6ZZOTshR4Xv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796829", "to_ids": false, "type": "size-in-bytes", "uuid": "39fcb3c0-7dbe-40f0-b82e-4f28c0ef81af", "value": "243332" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796829", "to_ids": true, "type": "vhash", "uuid": "739559ba-5a4c-4f3a-932c-123e49b35c2d", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796829", "to_ids": true, "type": "filename", "uuid": "ac5a5696-59ab-49e1-9ad9-58e869c18495", "value": "wsdcvnkkTRO3GgSUdzz2g7Yve2YBd1NukQfJHo6TZA7E4Nq68VbO" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796829", "to_ids": false, "type": "text", "uuid": "ef76b3f4-2c09-4f2b-b92b-f3ddc8fba382", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859407", "uuid": "09ad8440-5adc-4eb8-8e23-c7c22d4c3122", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859406", "to_ids": true, "type": "md5", "uuid": "39033fde-519e-4ce8-bd0d-637bf9ee2311", "value": "b896bce36c9d3340b9ddbbf493217056", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859406", "to_ids": true, "type": "sha1", "uuid": "2783a7ad-d8c3-40dd-97dc-90fe6a57aa35", "value": "e54b53507f07122648f44168059a483cbc26d985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859407", "to_ids": true, "type": "sha256", "uuid": "f3e73b42-ed61-4063-bb86-7516770122fb", "value": "4444e23599876714082c656d26d4c10f80c0994cabe8e77b1657d3b79e933140", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796851", "to_ids": true, "type": "ssdeep", "uuid": "71d689be-4870-4150-8909-0f1678ee6a66", "value": "6144:a3wliK30Qle7exkxRJZb3wm8vx8n+zMgvhg:TcMs7ukxRjwN8/Mhg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796851", "to_ids": false, "type": "size-in-bytes", "uuid": "2d20cc7f-3ac0-4c1e-a5f2-d54a3ed6ccaf", "value": "244884" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796851", "to_ids": true, "type": "vhash", "uuid": "57e59c3d-7ca1-489f-a81c-bb31369a3d77", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796851", "to_ids": true, "type": "filename", "uuid": "b3386451-44c9-4a28-b2a2-3d0548eaadc2", "value": "ltaUyRYhpubwdjUjw9dpuzJTTaOXPmaxuVGRax0PCfwtvqBTIJHMZaiS6aE" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796851", "to_ids": false, "type": "text", "uuid": "9e3080a6-e52d-44bf-ae53-5c245108e06f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859408", "uuid": "5cff48f1-f1f8-408b-b57d-0114643c23b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859407", "to_ids": true, "type": "md5", "uuid": "1e02a288-52ad-486a-bdd9-174b9ada7306", "value": "467e457538ce7e558f984e1340795e64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859408", "to_ids": true, "type": "sha1", "uuid": "0f7fa554-89e0-4f4d-81bb-61eb44f70f33", "value": "5c320a735af73e42d39304259166cc37bb43d4ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859408", "to_ids": true, "type": "sha256", "uuid": "b764338a-3d80-40f7-9751-b64e3ece0062", "value": "45a599951ceafa92188516792e8e68e0c933db3a0b8f96c1e888634a39639552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796894", "to_ids": true, "type": "ssdeep", "uuid": "7c70f970-7a20-42ca-9547-dadfc4d2a03d", "value": "3072:RUrUifDc4q4rDaOMAtJRI9PWRNs1SJDzW1m+b56wpG+7BkN77Hmzxc7q2azoU3wF:RGF5HXxtzI9PSW1m+5h7BkNqRl3wF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796894", "to_ids": false, "type": "size-in-bytes", "uuid": "b2cafb70-327b-4cf5-9d57-edaa1827007f", "value": "244118" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796894", "to_ids": true, "type": "vhash", "uuid": "36d94af1-3a3c-4a73-8b31-f504cb43223b", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796894", "to_ids": false, "type": "text", "uuid": "19ac5580-87eb-42ff-a7c8-8e705e99eb1d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859409", "uuid": "6c33447e-dc91-484b-b9b6-fec86fccff89", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859409", "to_ids": true, "type": "md5", "uuid": "45708613-5514-4cb4-a457-e89e0ac7383e", "value": "ee0d17a715ec2a7c51b720dc6fa9fd28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859409", "to_ids": true, "type": "sha1", "uuid": "25030177-dd2c-4594-91d0-8ef7a6d492a2", "value": "3c2e1847ff78d715204f3df9cac88c78ec99abcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859409", "to_ids": true, "type": "sha256", "uuid": "a77b0b40-bee6-4575-a8b3-040a660fd5ae", "value": "738aaf0a48cc61b5ee1ebc254a4625eed1fa2346d5b3fdfcfcb278442f3830bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796915", "to_ids": true, "type": "ssdeep", "uuid": "6de3c531-436b-40f3-80e4-17fe91169bc8", "value": "3072:u3wwm68N1tN4/9F2XVqjhqwRMKHcTs20fTNdSl+QWnRjpa+mdq4aJ0JW6Xedh6n5:u3wBU9YcjhTH6Cf7SvW0d1aCPAwn3DoE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796915", "to_ids": false, "type": "size-in-bytes", "uuid": "e5ab5667-ea3c-4041-9547-0e566671b3b9", "value": "243146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796915", "to_ids": true, "type": "vhash", "uuid": "a69c976c-6e87-46ca-b370-9654d2264bd8", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796915", "to_ids": false, "type": "text", "uuid": "117f9e9e-05d9-4271-b37e-c34e1199df42", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:Win32/Aicat.A!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859410", "uuid": "6b2a511c-43d3-4717-9640-ed5b3572a2a4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859410", "to_ids": true, "type": "md5", "uuid": "5626820b-05f2-4fb7-8e22-ec58e55679be", "value": "004d5f34dd077a2837ddf7d203f1b46d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859410", "to_ids": true, "type": "sha1", "uuid": "4ad4abdc-f7d3-4db2-9477-d13eedc414aa", "value": "cbca9b0b9c0e6698d8613f7b316be17fcd3f9452", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859410", "to_ids": true, "type": "sha256", "uuid": "0c5b93fd-5fad-4b7d-9f56-5758ea951681", "value": "7ace82bf6e7b2938a13b19a1a46ceed2ed4762bedef29b73d5dc518e89b4345c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796936", "to_ids": true, "type": "ssdeep", "uuid": "f7b3b4d6-3d27-4023-9aec-b85bf314fb25", "value": "3072:3ySvUvUlsSx0F6CJZtNuY4/FkT8uPx0b8K2BSFAaaC10YXkL9FsbtnDiAuAMg7qW:3ySqUBNCnutFc1xgg8FNXYYtNMrl3wd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796936", "to_ids": false, "type": "size-in-bytes", "uuid": "cdedc107-f81d-4a50-88e8-cd24c3d2511b", "value": "245570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796936", "to_ids": true, "type": "vhash", "uuid": "051367bc-5225-4e18-bd56-d32511c8d0cb", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796936", "to_ids": false, "type": "text", "uuid": "212b1bc3-aa10-42db-9427-25a293a000db", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859411", "uuid": "af3089fe-2763-483c-bdb7-1742685db1b3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859411", "to_ids": true, "type": "md5", "uuid": "a2fb6289-8cdb-414b-a7b4-09bacdff64b4", "value": "1745c63ff7a389717c70196f782dcd24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859411", "to_ids": true, "type": "sha1", "uuid": "07baac70-e429-4ef4-97c0-ceba9e471715", "value": "a55f370b17346b95cba4632c6a96eb147995568b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859411", "to_ids": true, "type": "sha256", "uuid": "27514f7a-c5fa-4579-a8a3-a8d721d59205", "value": "6aeb8a45c5173d2d9a206d2d50aaa7c7227e40016334e14b98b67cbae965e985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796958", "to_ids": true, "type": "ssdeep", "uuid": "a03ab508-94dd-49ea-82fa-bfec6f84b79e", "value": "6144:KtVMqPOqhUnLZpY3Qy12w3wK6TQHwW8FF3O4gWml3wf:KjMqPEnLZSQyAcH4W8Euf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796958", "to_ids": false, "type": "size-in-bytes", "uuid": "cc39b546-a624-46de-ae1b-3fe7004c0547", "value": "244018" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796958", "to_ids": true, "type": "vhash", "uuid": "2d4c60b9-8389-46ca-ae02-efb17aef2940", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796958", "to_ids": false, "type": "text", "uuid": "f0ce418d-3ec8-4bd3-bd52-e5488c2f91ed", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859412", "uuid": "cd1d867a-ab8e-43ab-bb18-fd2fc17324e4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859412", "to_ids": true, "type": "md5", "uuid": "5036349e-2a4f-4118-9852-b6ad78ad65bc", "value": "47463319c4e7f3fb8f4f5e642e8a4a33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859412", "to_ids": true, "type": "sha1", "uuid": "2bcb32a9-9869-4142-960d-0311be013ba4", "value": "d00cd405739905863846d3f50a380f1eb11dd95d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859412", "to_ids": true, "type": "sha256", "uuid": "9cc8e05b-13bc-4eec-8c55-99ce28e47f82", "value": "e84aae398b0ac54cf0a9125d621c546ca38d8e1bff49968f34038f565d0b244c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740796979", "to_ids": true, "type": "ssdeep", "uuid": "4c35f084-9ad3-4a8a-b0c6-9e2b9484a460", "value": "3072:m3ww87snGWDrRGKJZbantsfcdvBa6xv6qGy0wsRXoEWdEDvy9yUh5Mzo07q2z:m3wCGWDjanuWvBa6xS8xe4zZ9yUhS1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740796979", "to_ids": false, "type": "size-in-bytes", "uuid": "cd2143ef-7a8a-4ddc-9f5f-a9786662914a", "value": "243032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740796979", "to_ids": true, "type": "vhash", "uuid": "2545f382-d1cc-419c-9662-998383fa6401", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740796979", "to_ids": true, "type": "filename", "uuid": "1f3d465d-05e1-4f6d-a73d-11a6bc114234", "value": "tlC1GERClFssA0fLI" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740796979", "to_ids": false, "type": "text", "uuid": "05d0e0e8-2a86-46d0-a0f0-e5be3063e09b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859414", "uuid": "ae5fdc60-b762-4660-a02e-f3292b42fd9b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859413", "to_ids": true, "type": "md5", "uuid": "37cb32d6-f739-4512-a115-5bd80027c3f3", "value": "84c9855b070179a9b2452455ada3b3de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859413", "to_ids": true, "type": "sha1", "uuid": "f211a6de-7d06-4b3b-abd1-720296077094", "value": "2742ea663ae1e139ad15176318c1bdb4a1bce342", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859414", "to_ids": true, "type": "sha256", "uuid": "65ddd322-8769-4c96-a75f-9fa714847a25", "value": "58e8dc7cf6f8178e6b85cda98ff0f8cdfa7808c84c7cc742e45c5a39ddb274b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797000", "to_ids": true, "type": "ssdeep", "uuid": "faa18ebe-53bb-4c63-a072-0427b80919f1", "value": "6144:C3w8sK8GIp63IYcas7Ji7VTblI2rgCD3Dod:r8sKQp64x9iJTbrDzod" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797000", "to_ids": false, "type": "size-in-bytes", "uuid": "2b341b5c-a18c-4fc0-bc2b-a9f18a94c7bf", "value": "243166" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797000", "to_ids": true, "type": "vhash", "uuid": "7cf2fdcc-6b9a-4f1c-9e21-1c4a5927f74d", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797000", "to_ids": true, "type": "filename", "uuid": "6b87051b-c4c0-4f2b-b1ed-4d61f8f7e57f", "value": "hit.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797000", "to_ids": false, "type": "text", "uuid": "cf37e4a3-d989-4282-8803-4ec2e243f1a3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859415", "uuid": "28c8d80f-3c70-44b1-81a2-7aad2da1b1af", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859414", "to_ids": true, "type": "md5", "uuid": "70711dbb-c497-4f1d-b2b3-a2ba1e2ef537", "value": "bda4272a9d718a50666a23de609f4362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859415", "to_ids": true, "type": "sha1", "uuid": "9038121e-0b8a-40f5-a300-a5c8e9ee20e2", "value": "eeafcaed236a56f75aa63e209106c5268c8a51f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859415", "to_ids": true, "type": "sha256", "uuid": "2689d17f-7aaf-41bc-99f2-2d0316e6389c", "value": "f1a7e3f61e28ad72cd6d7ec32a9edcd824e87337dbd45fe87cc7828caa2a3952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797022", "to_ids": true, "type": "ssdeep", "uuid": "e9c06e0e-a723-47f2-90e5-40a35831c0bb", "value": "3072:Wz4fxyG7lqG3aSfM8dvMZJQj987RQNWRiznyPhi8UI1nTjR2d/5IYcNal7q2Kzov:WG0ka43v0qPWRikhlL1nTjyCNa+l3wp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797022", "to_ids": false, "type": "size-in-bytes", "uuid": "4fd54d0d-a825-48ce-b6ef-a47f12827452", "value": "243870" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797022", "to_ids": true, "type": "vhash", "uuid": "1ab00783-9e2b-473b-9b81-5b2e87f36efc", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797022", "to_ids": false, "type": "text", "uuid": "e9cdd044-db5b-4a93-a352-f1ab16c47190", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859416", "uuid": "392c7e49-42a7-4d6f-8bfc-0a0235992a38", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859416", "to_ids": true, "type": "md5", "uuid": "29e4ea5d-b0b2-42dd-85bc-2afd7215717a", "value": "a049b66306d30a2ebf414ddaf8f29913", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859416", "to_ids": true, "type": "sha1", "uuid": "f8d5812f-7b81-475f-a877-c287b478a1ac", "value": "e29cb6451f6d65051367f1c85702db29b3fab9d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859416", "to_ids": true, "type": "sha256", "uuid": "ce0ce6c6-a215-4355-a77b-3c3ef29b9cc6", "value": "15970a58cb25c4fdcecf908eb9051446014fd831514c17b120753cdf6c45907f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797064", "to_ids": true, "type": "ssdeep", "uuid": "7acafff4-9368-4eee-b5b3-a76a9a27e29b", "value": "3072:3i/Q3wwF3Q9h8YBra4wP4NOpLHgfIMM7XfMLBV7hOZDueciwIhw6tO0tap5P2GeR:3io3wPKr7GO4eciwuw6kb5uMrXI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797064", "to_ids": false, "type": "size-in-bytes", "uuid": "fc36b6a5-9f21-4835-b06a-12a48af27d53", "value": "243061" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797064", "to_ids": true, "type": "vhash", "uuid": "fbb02c68-6e66-4aba-a7de-d80471dae1d3", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797064", "to_ids": true, "type": "filename", "uuid": "c06f6d6d-0f6d-4a24-bd42-64f88a076f26", "value": "ltfdcD5U7ECI9H7JIRH2qwWrhehbmpGqvZT9rJV600p4JbMr7whSJA0bqN" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797064", "to_ids": false, "type": "text", "uuid": "c2489757-1c6d-4446-9276-849ce4787964", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859417", "uuid": "b6f499ce-0ce3-4196-8f68-14c19438c1a2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859417", "to_ids": true, "type": "md5", "uuid": "9bf24a82-a25a-402d-ac7d-83526384cce5", "value": "48c3b41470dd9325313c3f334230a801", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859417", "to_ids": true, "type": "sha1", "uuid": "2bbac895-d735-4257-829f-8d0d26c2d73e", "value": "d7f5effd58242607ebf73b934dccf0757d516e61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859417", "to_ids": true, "type": "sha256", "uuid": "ad363702-d005-4fc5-aa1a-594469f09460", "value": "e09b9c6c87c53b9068fde56540b08928b8bc32f93d2de9c517f64be6d17d1277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797086", "to_ids": true, "type": "ssdeep", "uuid": "dbc78590-7eb2-40b3-8c42-ef3566bcfbdb", "value": "6144:T3wV/RI0wr2Sdx0pBB2zJ24kF5+Llx2JuJFs:0E0rSn0pBB2zJ4Filx2JuHs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797086", "to_ids": false, "type": "size-in-bytes", "uuid": "e9d477a5-7ff5-4433-9171-528632adec55", "value": "243049" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797086", "to_ids": true, "type": "vhash", "uuid": "cd07a811-7711-4b76-9749-2f90dcf72063", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797086", "to_ids": true, "type": "filename", "uuid": "e7270302-e4e6-4d04-8aba-2e56e0ae8565", "value": "ltu9imiftz9VG1H4h6AkqyWoUyUUFJpT0GtkdGUqGiJSyycyW3ny35Z" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797086", "to_ids": false, "type": "text", "uuid": "6e380137-6355-4351-bf8b-8cacbf41753c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAB6\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859418", "uuid": "5ddeb542-fa91-4fa0-848e-beb2d7e2efe9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859418", "to_ids": true, "type": "md5", "uuid": "9ffdc73c-b031-4e18-b9d7-b0a6d8bd01f2", "value": "f1b9ca8020efde37ec354d7d9b3b7a0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859418", "to_ids": true, "type": "sha1", "uuid": "7c2fcee2-e628-4a92-abbd-288d2fdd9463", "value": "797034d3094e38d0a9b662c793a1ca5c94279886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859418", "to_ids": true, "type": "sha256", "uuid": "62cb1392-0ea7-41d2-8de7-74bbb65339e0", "value": "4bf0ecb5ad99d42fbcefb6472d5cd0c93b0081b9f9e5622c94e226074aac42aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797107", "to_ids": true, "type": "ssdeep", "uuid": "caed3fe1-b929-42ca-aa39-892f984bbf72", "value": "3072:J4BfVstIp+o+MIj0pe2s55TGkCSAQUZfTIy4RvP1P+fJJ7Fl7q26zoU3ww/DB:J4BGIsotNpeAvl0hP+P74l3wc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797107", "to_ids": false, "type": "size-in-bytes", "uuid": "65599fdb-13be-4026-afc1-2fd421e7925d", "value": "245526" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797107", "to_ids": true, "type": "vhash", "uuid": "44c9b372-3bf1-49e5-840b-938a17fdb4ff", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797107", "to_ids": false, "type": "text", "uuid": "93f40923-51b5-4d0b-b22b-27f49cec25f7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859419", "uuid": "76aec354-2043-42df-bbb9-fa96bdcf57b8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859419", "to_ids": true, "type": "md5", "uuid": "cc5451b2-debb-4a61-ba66-3c52b56cca55", "value": "f929b4e03ae8063d3c1f3dc8af482c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859419", "to_ids": true, "type": "sha1", "uuid": "3cd046b0-322e-4830-96c8-f8ed6de4cfc1", "value": "f81f2dc7cb0912c59c83c4631ff822b00e4bcf5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859419", "to_ids": true, "type": "sha256", "uuid": "98728efd-f939-403c-bd17-b1581b89029c", "value": "984f30760c296903be42e0244422618ca1c0cf681a6cd9cdf19668b96337501c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797128", "to_ids": true, "type": "ssdeep", "uuid": "d422d384-0715-4310-90b6-1c4adca95161", "value": "3072:gHzogURtlKA/EEtlgKEhEP/RNcMVr4ZmwhPJ1QDo2kTCSljDOR1a1FmIw7q2x3wx:gTgyMgZhY/RNbiPDQDop+Kj6HCmI23wx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797128", "to_ids": false, "type": "size-in-bytes", "uuid": "3d5d9d89-45fa-434c-a719-d0e3060b3dd4", "value": "238557" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797128", "to_ids": true, "type": "vhash", "uuid": "6cb8aa6d-fef9-47b0-9f13-6d072086fa92", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797128", "to_ids": true, "type": "filename", "uuid": "b5e64d47-28f5-4bc2-9596-ac3f1535fe03", "value": "ltOkZywtQydyjzlm9KSc6RbgquldCJYb9eTRfCxQpyJ" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797128", "to_ids": false, "type": "text", "uuid": "457a935e-a9db-4fda-bbbe-c9d3b16192db", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859420", "uuid": "b9c7fbcb-a0fd-4235-9aea-7fb995ee0d44", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859420", "to_ids": true, "type": "md5", "uuid": "50c9059f-7258-406d-94b4-f4b290e7987f", "value": "925a095b75e9a6a86c7ced6a3e5df27a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859420", "to_ids": true, "type": "sha1", "uuid": "9686e377-b193-426b-8c6b-672bbf8f3032", "value": "0e548d81f9d643c738d2268987e487e48f84310e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859420", "to_ids": true, "type": "sha256", "uuid": "f02d2864-2d4d-4c58-99c3-1c9e235d5f9a", "value": "f49c3cd60f99d175bbe82560284ca33272b4d07a2de8e178db04f7a0c0590437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797191", "to_ids": true, "type": "ssdeep", "uuid": "83aac017-1a3d-4c55-9fb6-62f1632b0558", "value": "49152:42yROoA4RxSDuFYzLehyTFafTErY00FlM2C+R:4D5A4rpFsqBr+ZE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797191", "to_ids": false, "type": "size-in-bytes", "uuid": "89ccf752-4ef0-4707-9a7b-bdafe5939540", "value": "1622361" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797191", "to_ids": true, "type": "vhash", "uuid": "ac02f678-839e-42f0-bddc-fd9b0d491271", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797191", "to_ids": true, "type": "filename", "uuid": "b54c3236-2a08-4bea-b0bd-e73ff7e1d9c0", "value": "925a095b75e9a6a86c7ced6a3e5df27a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797191", "to_ids": false, "type": "text", "uuid": "3b67797c-e992-4495-8ff9-f56a299cc4d0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859422", "uuid": "d743887a-b627-48e2-96e9-bda68be0ec40", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859421", "to_ids": true, "type": "md5", "uuid": "f84ace68-5967-4e3b-b12c-b859cb0a3695", "value": "c6c04f9d1e89f82a30ac101bbd7473cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859421", "to_ids": true, "type": "sha1", "uuid": "889cee5a-31fe-41ec-a419-144414aa8540", "value": "56ad6fe0f396aa404a12a6632e3a617258933bc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859422", "to_ids": true, "type": "sha256", "uuid": "cd7182ec-cb01-4cde-b2b1-6c4d4b71d888", "value": "0f86edc6a2306f54243f22f7b06e35bd20efc8172cdc8077496d9756161a7ae4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797213", "to_ids": true, "type": "ssdeep", "uuid": "6dca5764-9e4d-4960-a644-663b2988a201", "value": "49152:+uyROoA4RxSDuAYzLeE+7FafTErY00SvM2CtD:+r5A4rpAsqAr+2J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797213", "to_ids": false, "type": "size-in-bytes", "uuid": "e1527fea-46d0-49c0-a9ae-3ad9d0512ce0", "value": "1622361" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797213", "to_ids": true, "type": "vhash", "uuid": "de18cba4-cbc1-4265-b584-bcfb6c8cb574", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797213", "to_ids": true, "type": "filename", "uuid": "9651b46d-5006-4f44-9002-539d007ded1a", "value": "c6c04f9d1e89f82a30ac101bbd7473cf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797213", "to_ids": false, "type": "text", "uuid": "5047fb13-380a-4430-ae2f-7979eef52d6b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859423", "uuid": "8bfc5e54-5a4e-44c4-be28-e6ed92e41783", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859422", "to_ids": true, "type": "md5", "uuid": "c7830bad-0893-42ff-9edb-13f003e88435", "value": "c0875f1bf6325aaf1b7beae6d6079073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859423", "to_ids": true, "type": "sha1", "uuid": "39cdd65a-bd02-4877-bd8d-27b08dcc33b1", "value": "6f97ed9ac4a513cc336478bbd3052b2bb0ffd5f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859423", "to_ids": true, "type": "sha256", "uuid": "9aa86dfb-eacd-438b-b46d-9aa8c8ff3257", "value": "b78c9724bd8fd696f542b1896f3179d63f3dd5691bb1023afde5296b0b04a640", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797234", "to_ids": true, "type": "ssdeep", "uuid": "10f2a1b6-9586-4aac-a6d0-c8248ea94feb", "value": "6144:E5pDx18WlI3+YbwTtFY7eU19bBr8xtjrTU3wh:E5iIc+YbOFk58tRh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797234", "to_ids": false, "type": "size-in-bytes", "uuid": "6b0d31e3-b97c-4be0-8739-ef9e12583161", "value": "238580" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797234", "to_ids": true, "type": "vhash", "uuid": "dcad857e-88f5-4b68-97aa-3ff23f45f7d1", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797234", "to_ids": false, "type": "text", "uuid": "09cf042a-5f61-4b99-ae18-54f7e5f1e311", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859424", "uuid": "dc1fec28-c87d-47e9-96c8-a42bc14f96db", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859424", "to_ids": true, "type": "md5", "uuid": "a4021fe1-7ca2-4f47-be6c-afccc9c82f09", "value": "32509b6e4d7a9e2a7828699901d21b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859424", "to_ids": true, "type": "sha1", "uuid": "0cc1aabc-e862-4b85-ae25-4402463b13dc", "value": "921fbd8b97ee504d9d50a40b7647a631a5c32112", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859424", "to_ids": true, "type": "sha256", "uuid": "968800ca-e02e-4f40-b35e-b93b22db8022", "value": "8c68c33ec8ee6f09b8da97a82e7b0f6654bd59fbadd4b1bd80ab04e355b128f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797255", "to_ids": true, "type": "ssdeep", "uuid": "c8d5a0f6-3988-4984-868f-6d40cfd4074a", "value": "3072:djzor1wd3cqIInD3lPbSzpO376GIucVKbU89Tq6yfnypdw5xis7q2x3wwQ:ZMwWqdDtbUfGIBKbUgTq6iys7h3wZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797255", "to_ids": false, "type": "size-in-bytes", "uuid": "3f46f8dd-266a-440c-922e-e783034817b8", "value": "238555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797255", "to_ids": true, "type": "vhash", "uuid": "527a8711-db73-427d-82e0-c32a1e5ff8ef", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797255", "to_ids": false, "type": "text", "uuid": "205e397d-f6db-4067-8658-321376e6621a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859425", "uuid": "238294af-c6a9-4af3-9578-a153572f2aba", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859425", "to_ids": true, "type": "md5", "uuid": "9ddc000c-3a77-40be-844c-991edf5aecfd", "value": "2800f5552d6b9201a61781b8b2565d62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859425", "to_ids": true, "type": "sha1", "uuid": "9cdb8856-618a-475a-95a1-0ac16aa9fd14", "value": "5dc6e3e4800cf975f1b387d7d4e2cadd1133955f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859425", "to_ids": true, "type": "sha256", "uuid": "e9150cf5-b1ba-4f1c-b793-9bc49de6576e", "value": "a8ee5bc86779d627bb4bb07d0f49fcab7b0fc887541fad62c18fc2e0912d2a80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797277", "to_ids": true, "type": "ssdeep", "uuid": "8aaa435a-9782-4049-94d0-0cbb9e86f33c", "value": "3072:Uh3wwITHxwLQkkjmcO8/Um/pJk7w9KWNoRx+AcEZtiQ9D8bCnFtZOKfif3YGzoYU:G3wtHxwLQcmfjOHW2REA0gFHO9g+s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797277", "to_ids": false, "type": "size-in-bytes", "uuid": "1192c7c8-4cac-44b0-871f-f98973f6026a", "value": "243045" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797277", "to_ids": true, "type": "vhash", "uuid": "bad6b667-c000-4372-8edc-d29b0ea3119c", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797277", "to_ids": false, "type": "text", "uuid": "6a30cfb9-0b9c-49cb-801d-a8d748dc368e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859427", "uuid": "d636a082-2813-4c11-b7dc-5f626fb3a955", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859426", "to_ids": true, "type": "md5", "uuid": "a91cf0e6-ded9-4665-95d3-8b7260062bf7", "value": "9cbc4f7ee810ffafd905859b98a73b32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859426", "to_ids": true, "type": "sha1", "uuid": "ee841e7e-e5f4-447c-9387-5213e4b16cf8", "value": "047a86dedb4f7b8f40d9437b77240f5999ec0618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859427", "to_ids": true, "type": "sha256", "uuid": "e0ab2b99-0123-475e-90a5-5800e8a21a29", "value": "1243b6b8d8503ad116fd62caf06b9a903a586a39238ed5dd30230e6f3bed27f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797298", "to_ids": true, "type": "ssdeep", "uuid": "cef0e981-353c-4849-aff3-e45f447da5ba", "value": "6144:1ZpDx18WlI3+YbwTtFY7eU19bBr8xtjrTV3wF:1ZiIc+YbOFk58tiF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797298", "to_ids": false, "type": "size-in-bytes", "uuid": "f52d9a40-88f3-4e90-b413-487739f23ab7", "value": "238580" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797298", "to_ids": true, "type": "vhash", "uuid": "7d10401d-2ff5-45f8-beb8-ce5f32345a2e", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797298", "to_ids": false, "type": "text", "uuid": "e2032d67-e616-49aa-aa36-3f1b2a7f69d2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859428", "uuid": "2c889f99-23e4-4c1d-b208-23c18f59f0fe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859427", "to_ids": true, "type": "md5", "uuid": "5bea35e2-56b6-42f8-bc88-98875d06f6b5", "value": "b7c849ce013a9261db871d21625c7300", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859428", "to_ids": true, "type": "sha1", "uuid": "e03e3a41-40df-4f76-9419-50781f944698", "value": "4d0a86cacb7d3ca4a6cfd5afb5ab9090e39a242e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859428", "to_ids": true, "type": "sha256", "uuid": "07b430d0-38a4-44d5-8e60-0fa690a0cf4f", "value": "25c90af9fde03b393027a54df37fe71ab212aa338ba20449a37bb14c0aca2848", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797319", "to_ids": true, "type": "ssdeep", "uuid": "e1b8670a-98d1-4961-b075-994b9e282f01", "value": "6144:E3wj50Uy7C9WxLOOb0MnKxCd6mMgH/YBV0m4ctMK:9j07nxLF3eBVb41K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797319", "to_ids": false, "type": "size-in-bytes", "uuid": "7bcc8773-bcfa-4f1b-8dc3-8c87ea3d1e38", "value": "243054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797319", "to_ids": true, "type": "vhash", "uuid": "a5955560-9458-4c5a-9bd5-24ea2cb7f941", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797319", "to_ids": true, "type": "filename", "uuid": "10a50a66-215e-4b8d-9a7a-c83dd16b4c27", "value": "b7c849ce013a9261db871d21625c7300.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797319", "to_ids": false, "type": "text", "uuid": "a4f5b1bb-176b-4328-ae23-03e8300d2759", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA1F\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859429", "uuid": "4066a137-d03b-455e-a182-47161c84b2a5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859429", "to_ids": true, "type": "md5", "uuid": "0bea0aa3-6cdc-4f91-9d59-52bd127b2e1a", "value": "f684b002dce1da1b87efcce237c84da1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859429", "to_ids": true, "type": "sha1", "uuid": "8ded4b12-fa8d-4846-a5fb-304400f63715", "value": "17a8bce4443652c054d303c99c97930effd9fe65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859429", "to_ids": true, "type": "sha256", "uuid": "50e4cd08-c39a-4717-85c7-3e4b9c81b13c", "value": "74c950d6285597708c90c851503b3132f71dd3d924181b651687a77cb7fb7fa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797341", "to_ids": true, "type": "ssdeep", "uuid": "e9a7de5a-3902-48a6-a4fe-c45257c1ff19", "value": "3072:m3ww37dsYuvoFBONvao78EJo5GmCcJrlJ8AuN6Fr5btivnNzoK7q2V:m3wWdslSON/IVEpcJBuF69Opx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797341", "to_ids": false, "type": "size-in-bytes", "uuid": "031c2bc6-69d9-414b-8ff3-b6759eeb9d4c", "value": "238654" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797341", "to_ids": true, "type": "vhash", "uuid": "a3de8802-705c-4735-a1aa-d36bf2e5de58", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797341", "to_ids": false, "type": "text", "uuid": "9fb3a317-e67e-45df-9cba-470d6d644a4d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859431", "uuid": "90d6baae-8191-4e4d-96dd-8ce87ec1868f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859430", "to_ids": true, "type": "md5", "uuid": "8b0ce23e-283f-4cdf-8844-d5b58cbb711a", "value": "15bbd67abf76c1a37db8cc3f93e7d9b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859430", "to_ids": true, "type": "sha1", "uuid": "ecc86c1d-4ffd-4db8-9379-31bf23c8e8e1", "value": "c452211eb86106045cdfe0bcc275bb9ecd492a30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859431", "to_ids": true, "type": "sha256", "uuid": "fbcac131-70a7-4c2e-a549-7471b2aba764", "value": "551b1c36cd08b46eb112018286ffaa0d48038d42244e0297a50e1ac986999d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797362", "to_ids": true, "type": "ssdeep", "uuid": "9d0add58-1f24-47a8-bafa-9acab6308b21", "value": "6144:1QkRqkXlc3+YxwTtoY7eU19IBr8xtj+/p63wR:13qk1I+YxOokm8tqhzR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797362", "to_ids": false, "type": "size-in-bytes", "uuid": "49755612-bb45-4170-92f6-dc35b70dc588", "value": "238585" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797362", "to_ids": true, "type": "vhash", "uuid": "17585a63-ff24-4370-92e7-10e454c0e464", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797362", "to_ids": false, "type": "text", "uuid": "b9272b64-9094-42c3-bc60-59b62b34b012", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859432", "uuid": "fa289b16-f83f-4993-a427-ff8e2259582e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859431", "to_ids": true, "type": "md5", "uuid": "caaa5b4d-c95c-4559-8540-bc23d18b72ec", "value": "ece5f4628600bcaec8ceda8c63b03bfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859431", "to_ids": true, "type": "sha1", "uuid": "2b16cab4-2553-41ad-82ce-91967c189121", "value": "e104339eac2a930aa0a4ccf549e0f49f32779aae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859432", "to_ids": true, "type": "sha256", "uuid": "d8e4a989-89b8-4ce3-b2fa-0ce1d5c11e53", "value": "d866f152780f8ed62f3a3e2c73aabc12e726768fcdf375521586bdef37ecd6bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797384", "to_ids": true, "type": "ssdeep", "uuid": "111510ef-5f0a-44a5-966d-f8d724b03b09", "value": "3072:zozoTgEKgDY+K6X7ys/6sdNWVlvU+376GIucVKbUqWQX1NICFrjQY7q2x3ww9:sec+K3GBdGlv8GIBKbUqWQsErjd3w8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797384", "to_ids": false, "type": "size-in-bytes", "uuid": "58a33608-46d6-401e-9bf1-85c1827c3eb5", "value": "238554" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797384", "to_ids": true, "type": "vhash", "uuid": "59370be6-6392-48f3-930d-d59e756e02d6", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797384", "to_ids": false, "type": "text", "uuid": "abba032e-48b2-472a-99e4-94ca13882949", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859433", "uuid": "632a00f4-01d3-4105-8d3d-b1a09b7f3efa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859432", "to_ids": true, "type": "md5", "uuid": "69b3c725-ee52-4aea-95bc-c019f81b2273", "value": "4ed7bf4ca087458d738225f6beb8a399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859433", "to_ids": true, "type": "sha1", "uuid": "45324d7b-cdc4-4433-893c-d2a92d1698bd", "value": "024d96f53ae8ab0f88950c3a9c64a512fd9ba15f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859433", "to_ids": true, "type": "sha256", "uuid": "9911e004-020f-4822-8602-6ab71beaf73d", "value": "bfb8ee95bc9a15c9f8fe97280b67704445eb190af86cd43da87072f001e106ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797426", "to_ids": true, "type": "ssdeep", "uuid": "7107dd4d-cac1-40c5-afea-1e4db9f2e2f2", "value": "3072:AzoHuR6sLgwlEso9iBStJMckXM83Y73kD8lYcmi8Uw22RXG7cyxc7q2x3wwm:w/6yEsoZEc3B48zw22RXG7cyk3wz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797426", "to_ids": false, "type": "size-in-bytes", "uuid": "44b350a7-fb3b-4b11-ba47-caa2b651bb80", "value": "238220" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797426", "to_ids": true, "type": "vhash", "uuid": "416cb51f-f1c9-48c5-92bc-b01f251d8c75", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797426", "to_ids": true, "type": "filename", "uuid": "32029369-6fd1-4424-95d3-540cba6c06ae", "value": "4ed7bf4ca087458d738225f6beb8a399.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797426", "to_ids": false, "type": "text", "uuid": "91fc25a5-2c9f-40a4-86ef-4a5abff0008b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859434", "uuid": "c1b39b8f-db22-49b7-9367-faeedd661cc6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859434", "to_ids": true, "type": "md5", "uuid": "a04dae9a-6361-407f-8b79-d973f91f148b", "value": "c10410e8d0d262c5f50ef90d8e66dd9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859434", "to_ids": true, "type": "sha1", "uuid": "05e2e874-6134-4e13-8a64-ba5d877a2e00", "value": "3e164390e6e1ba6353c59ccf7e369a93c6d8fba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859434", "to_ids": true, "type": "sha256", "uuid": "156523ab-8851-4a7f-ac28-185d013c69ed", "value": "9c79a5ae985ff1e567694088d02307f2ad7a09c88d08cd71f1bf8454a9b06552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797447", "to_ids": true, "type": "ssdeep", "uuid": "11ab979f-e67e-4b83-b11d-4762e7ce3735", "value": "6144:CyIZBqKRbAcxzn5V6LAqylrxHB8m6B3w5:v8BWcx9pRNdTJ5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797447", "to_ids": false, "type": "size-in-bytes", "uuid": "ce2a9d14-878c-4f3c-8853-1f0adad4193e", "value": "238576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797447", "to_ids": true, "type": "vhash", "uuid": "6354a782-f411-4240-a4df-defb729e6af2", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797447", "to_ids": true, "type": "filename", "uuid": "2b8b3327-97aa-400b-913f-58c2acd0686c", "value": "c10410e8d0d262c5f50ef90d8e66dd9c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797447", "to_ids": false, "type": "text", "uuid": "d74fd075-548d-46bd-b3d5-ce2bcd315c8e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859435", "uuid": "53b07c8d-896c-4ad3-af61-c44d6fbd3134", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859435", "to_ids": true, "type": "md5", "uuid": "0feaec22-9e76-4d4a-913d-171cf7e223ef", "value": "9f27cb59d171ddb9a849e31fe960156d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859435", "to_ids": true, "type": "sha1", "uuid": "84217e74-f093-4735-9b5a-1c16c9df0c33", "value": "ecf28386567295548a521c171bd272e1462892d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859435", "to_ids": true, "type": "sha256", "uuid": "8ccecc4b-f885-4ce2-9b72-e49bf1c54c37", "value": "45d30f34ac98480f31881a451f7ad22377a3f5059c1393ab975f5fa03ef8b23c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797469", "to_ids": true, "type": "ssdeep", "uuid": "ece44932-ea21-471b-916f-755044f9ba8b", "value": "3072:dB3wwkxFOwx2ZfVucKydgZKzeZov9rrxm5Wx8vQk3ueNrxHWIdt8a/P+zoY7q2V:z3wNxyLFCZKT1m5Wx8I0ueNrxHIEPGT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797469", "to_ids": false, "type": "size-in-bytes", "uuid": "c00af0c6-74a6-46d7-8b4c-a6caf0f6c0c0", "value": "238649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797469", "to_ids": true, "type": "vhash", "uuid": "67055391-3970-49ea-bb16-a26c888343e3", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797469", "to_ids": false, "type": "text", "uuid": "4af91082-4b02-47fa-8197-3edae0c942f7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859436", "uuid": "1a73d0b5-5c47-41f7-be07-2239ae30d9ee", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859436", "to_ids": true, "type": "md5", "uuid": "efab6273-ebdf-4d1c-ae4e-a18019f6c285", "value": "162e7a7c381fd92a5c1ba4591d92113d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859436", "to_ids": true, "type": "sha1", "uuid": "747b0daa-1113-4220-8003-339a7182c73f", "value": "abaf1b3bc5124996c3e71e1ef518b180231bdaaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859436", "to_ids": true, "type": "sha256", "uuid": "214cfa66-6f26-4628-a4f6-da5cb711516c", "value": "0b6c3f8ff3d92b290dac2c76b099f0702cd4d69050ca300bcc1ba95c81480fbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797490", "to_ids": true, "type": "ssdeep", "uuid": "4da278ee-17c9-4ee7-b69c-4eef96e50eb6", "value": "3072:/4zomQHS0QC+gifk7XDqKjcvlybIrjcpZ2uN+uoBfbFZ7q2x3wwX:/YmQRZkjDqKjMQAvuo93wq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797490", "to_ids": false, "type": "size-in-bytes", "uuid": "11c0b9e8-1711-4d8e-b54e-032ce85049a1", "value": "238580" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797490", "to_ids": true, "type": "vhash", "uuid": "666ab71c-be34-4bf7-92da-8d7f9c28e398", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797490", "to_ids": false, "type": "text", "uuid": "0fa65de4-c686-471a-9dd5-4c27d3a693b6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859437", "uuid": "ecea77c0-a93b-40bd-9313-01de8ac34687", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859437", "to_ids": true, "type": "md5", "uuid": "51c366a0-b678-4853-965a-cfc3fc9fa129", "value": "741db74fb9ee1e8f55d5e05d7f44cf6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859437", "to_ids": true, "type": "sha1", "uuid": "45c89dd4-2e4e-4058-a5ac-580dd684b146", "value": "0b82a9c1fa175131769e3b04ceee24517f37df63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859437", "to_ids": true, "type": "sha256", "uuid": "3ae76834-50e6-468c-b919-8745d415feba", "value": "5a004be474b8947e5ecfffa3a2bba0bd40ed742347be2c09f2dcdf0b6ee9208f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797511", "to_ids": true, "type": "ssdeep", "uuid": "2b48e74a-0c0b-4bd8-8137-b91b1416d135", "value": "3072:l3wwlZVCrzz5Ofo98tWEC8cY3ZG5nZb0s++9UPnn/V6WTR+okYfcfzoK7q25:l3wt5iWononydeUl6WTQokFbF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797511", "to_ids": false, "type": "size-in-bytes", "uuid": "60c360af-45c9-4922-b7c1-6f4b8eb4f36f", "value": "238281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797511", "to_ids": true, "type": "vhash", "uuid": "3e0008dc-9f55-4329-a553-0b3f4e66eef8", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797511", "to_ids": false, "type": "text", "uuid": "c51fbf8f-34d2-4bc3-9d21-f5417097781e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859439", "uuid": "670625ee-3d0d-4452-a130-958f4073daa7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859438", "to_ids": true, "type": "md5", "uuid": "6015807e-7d96-416f-84e7-b0bf38912621", "value": "7f96e1db74223443e2a3983f4d1024c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859438", "to_ids": true, "type": "sha1", "uuid": "262e4895-c924-4e0c-84f8-78f17adb8e78", "value": "23c78f97d649e6a4ede3245b171fc25ead1a1919", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859439", "to_ids": true, "type": "sha256", "uuid": "04dd7394-92aa-4c91-9eef-406a61fd3c71", "value": "c386c15fee104ba17b8b02fcea9fc07abecaed121c4980f8c47829beeaf42270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797533", "to_ids": true, "type": "ssdeep", "uuid": "efe4a5d4-205e-44e7-bf8f-a84f0fcdc637", "value": "3072:xY92w3R2t+gtB02LgsWpUYxDJi+/OO+TM5KYaiX+ZEkIS3i7OYOOFE7q2qzoU3wX:MjJgtVLgsWpL/OK5WZEkISS7DFnl3wX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797533", "to_ids": false, "type": "size-in-bytes", "uuid": "418bf16a-ef57-4388-8fa9-387d46944e31", "value": "239630" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797533", "to_ids": true, "type": "vhash", "uuid": "97b911d6-b0c4-4d5b-aefd-46eae7cb81c5", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797533", "to_ids": false, "type": "text", "uuid": "1103d0d3-464b-48e2-aecf-1076e4f1b6e6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859440", "uuid": "0ef142c0-280d-43f4-bf08-39a346b611d0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859439", "to_ids": true, "type": "md5", "uuid": "a7c1d5b9-aafd-4ed0-91ef-9b18843c5e71", "value": "ad0da0398c37d20d9910b8468d06cf47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859440", "to_ids": true, "type": "sha1", "uuid": "2baea43c-4c3d-40f9-8247-7c20453e28dc", "value": "8dc1a5d02ae3a2b94d26737fda5935e8b2ea3373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859440", "to_ids": true, "type": "sha256", "uuid": "4f29e49f-8370-43ad-8c42-c83de03bcd58", "value": "66860fd5a0c4866180b56bb805235319dcb66b767cb5231b907f86cceb6d85e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797554", "to_ids": true, "type": "ssdeep", "uuid": "7b18ef59-0921-45b3-9934-d85e15dfe434", "value": "3072:ZzoOCdk/0VbSpLvYvhJQfP0Z8bQHG/8mr2FcCDB2oQfnYNMHhe7IG7q2x3ww9:t+k/E8sZSNbiG/brArBjQPYeHhe7L3wQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797554", "to_ids": false, "type": "size-in-bytes", "uuid": "b9417f31-b559-4dfe-b853-a802894fba7a", "value": "238568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797554", "to_ids": true, "type": "vhash", "uuid": "8a3c6fcb-797e-4589-bf3b-8b17d24991bc", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797554", "to_ids": false, "type": "text", "uuid": "0387d92d-7bb6-4f79-9247-953109cd23ca", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859441", "uuid": "25f01e98-7d16-42b5-add5-39790e808dd3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859441", "to_ids": true, "type": "md5", "uuid": "6235159e-87b6-464c-9d53-eda696200513", "value": "d694c0ae8c231e5678a948ee75610181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859441", "to_ids": true, "type": "sha1", "uuid": "f3477279-78d8-41a9-bf3e-4c790b3eb36b", "value": "0bbc2ddc25c3dac95910ed999409d5ef75338a0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859441", "to_ids": true, "type": "sha256", "uuid": "1d53fc38-0c54-42e3-9036-85db78a20129", "value": "61607c965ed2e5a261521c935248d91d24a25efb938928dafad2419f09e2d6d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797575", "to_ids": true, "type": "ssdeep", "uuid": "ee2e4a35-6e45-49b1-850f-5072ab41ca7c", "value": "6144:qsFyfKBsLHSdO82mcVMLJhAqnnNTU13w2:qsFyf2Rc82mnnf2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797575", "to_ids": false, "type": "size-in-bytes", "uuid": "ec94c808-5d84-439f-8573-a2c269effa0b", "value": "238566" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797575", "to_ids": true, "type": "vhash", "uuid": "7d97a535-ea69-4883-a743-d1ac8c872838", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797575", "to_ids": false, "type": "text", "uuid": "cd4edb7a-69d3-4040-bc4e-41df279053b9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA16\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859442", "uuid": "4faf3e0c-113d-441f-a790-9495a751291f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859442", "to_ids": true, "type": "md5", "uuid": "d409fe34-9108-407f-b353-805a8fc2b208", "value": "88062396fb48d13adc0f51a6bcfaca7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859442", "to_ids": true, "type": "sha1", "uuid": "7a182f51-06b5-41d7-b02e-fe9b2b8060cc", "value": "125ce4e75849fd89628b99d354f195add80fef1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859442", "to_ids": true, "type": "sha256", "uuid": "383d1825-bf31-43e3-8d93-46dea80f89fb", "value": "98a81c20dc8c418417906053f6c1f138dd04b6aa627cf1575a1b8b0eafeb6abb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797597", "to_ids": true, "type": "ssdeep", "uuid": "33f28244-6e29-47b0-86c4-279b5f42afce", "value": "3072:vA/zoGweal3PSMicIUjxIUZ0kBLHnJ4Xm5RSpSwB/R3BcAo0mpHPZYD3ai9Fn/7L:0yNhqM9mUVBMZBcAZmrgdn3w+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797597", "to_ids": false, "type": "size-in-bytes", "uuid": "9e86b09b-aa50-4ed3-8a9a-823f25418f15", "value": "242307" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797597", "to_ids": true, "type": "vhash", "uuid": "9f383b91-cc96-4c57-9ada-b14e48efc5f8", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797597", "to_ids": false, "type": "text", "uuid": "ba6471ce-c308-49ee-babe-6c42ce1d33b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859443", "uuid": "27b4bffc-0247-482c-a082-6bfca73e8329", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859443", "to_ids": true, "type": "md5", "uuid": "b50d0315-0f84-4f66-b68c-0f689e8699b3", "value": "5c33928fc093df10cb8ec117e1142304", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859443", "to_ids": true, "type": "sha1", "uuid": "1a6b10dd-1d0d-4cc4-908d-ea6ff2f78a71", "value": "18187e97027041bad10e8788a521e926c7a50d8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859443", "to_ids": true, "type": "sha256", "uuid": "ea2ffef6-0128-4750-8f5a-2a47ba8954ee", "value": "eb75dcb3adae3dd16d6516345db5e4a8c3c768edc30025e555fb85ac064c0e80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797618", "to_ids": true, "type": "ssdeep", "uuid": "2af8b317-78ee-4cd8-b587-5b994ae5c299", "value": "6144:dkukiFoGiy+UOqsOSbhcGRPYQCXtXif3wd:dDFoLUO+SbhcuAxXxd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797618", "to_ids": false, "type": "size-in-bytes", "uuid": "f2892c37-4d61-4df0-95c8-984a12a1a2a4", "value": "238212" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797618", "to_ids": true, "type": "vhash", "uuid": "17f82b1f-370b-4bb7-a334-6634b1600b29", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797618", "to_ids": true, "type": "filename", "uuid": "9e1b85e2-14fb-422b-9081-75fc3196b003", "value": "5c33928fc093df10cb8ec117e1142304.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797618", "to_ids": false, "type": "text", "uuid": "88b36e03-b451-441f-b7cf-0250857326d4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859444", "uuid": "aaf9483d-898f-4abb-8e48-dbd4699feba6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859444", "to_ids": true, "type": "md5", "uuid": "58ad1379-d536-4aa9-a59e-995a94f6f912", "value": "d9749574536c0805f16f559994059e68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859444", "to_ids": true, "type": "sha1", "uuid": "1bf19127-45f2-47c1-87c2-9ebbdd9df8e0", "value": "8dafe7dafa243cfb4e1380322117f7acfe1ea762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859444", "to_ids": true, "type": "sha256", "uuid": "e0d9ee55-c824-4ba3-83fe-ca5fa02ed68e", "value": "9414143074a918ed05de3ea6fcd8ff3dabcce7707fb32e7dd24785c44ed53265", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797640", "to_ids": true, "type": "ssdeep", "uuid": "c3512fb7-6e78-4c59-91c0-11fc8642f3e5", "value": "3072:jzzo48XzA/c1nwLRpHuypivoSoiLn8Kfaja8Ik4nwjjGXAAe6rgObzz7q2x3wwb:76A/rLP/iVoiLn8Kfahqy6cOz3wq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797640", "to_ids": false, "type": "size-in-bytes", "uuid": "15461f82-f1b0-48fa-9794-981d811a061c", "value": "238552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797640", "to_ids": true, "type": "vhash", "uuid": "e22e8faa-40b3-4620-be87-d1b962e9675b", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797640", "to_ids": false, "type": "text", "uuid": "1cce3ed1-11a0-4885-b6f3-5923cec08de0", "value": "CarbonSteal\r\nType Description: Android\nNone\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859446", "uuid": "aa86ff4d-e2de-4f68-b014-d6903f89e323", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859445", "to_ids": true, "type": "md5", "uuid": "e01fe7ee-5656-4ae6-9081-ce519b253dc3", "value": "957229e9947a067636d58fed06d23958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859445", "to_ids": true, "type": "sha1", "uuid": "8b152e5e-a3e2-434a-9429-08187911896c", "value": "cfe527d6c5334881b43aac5913a8705e5ee3e063", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859446", "to_ids": true, "type": "sha256", "uuid": "56097d50-a023-4b81-ab02-3ac4a68af1c1", "value": "8f240fb99d4eafe5892af52820440be3d851b4726ebe4498be908d0317605b86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797661", "to_ids": true, "type": "ssdeep", "uuid": "1b49f31d-5015-4d51-84b4-b8125e8de5fe", "value": "3072:szoNFf9pTFcHbXRdRUeq2Q2KsobcVxuCbGbkoEziRlAjC5jA7q2x3wwS:kif9wdRUeq2LKXbk6RlAjAS3w7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797661", "to_ids": false, "type": "size-in-bytes", "uuid": "f0111901-7ca9-4a6b-bc36-4313a25873f2", "value": "238555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797661", "to_ids": true, "type": "vhash", "uuid": "2d896829-9336-4482-ab64-a6ffa742b05f", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797661", "to_ids": false, "type": "text", "uuid": "2dbdee19-17c1-4384-a247-dc818dcdadd1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859447", "uuid": "a18f0671-dba7-43a8-a937-3f7891347402", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859446", "to_ids": true, "type": "md5", "uuid": "facd10dc-bdf8-4401-b7c9-1dc220c83688", "value": "9903adc5f3c60650c3ee76334afc6e9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859447", "to_ids": true, "type": "sha1", "uuid": "a264c970-7b9f-45ae-8eba-0e465c7f6df2", "value": "25cd850805d4046f69a655ebb4c1e402ed25d820", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859447", "to_ids": true, "type": "sha256", "uuid": "9f0dae44-f7e9-493f-acd7-76ea368f7510", "value": "4df6763be94d8432f14c5b45dec439dc9b8bfeb393893f041aa759b3b2ff68dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797682", "to_ids": true, "type": "ssdeep", "uuid": "7b49e3d0-fcce-44a1-9cb2-56ade768ea6a", "value": "3072:b8zo5TrmscojIf2Pys/6sdW+3IJPbvGFPZ+jYEfX3gR2ih7q2x3wwB:bU+rX6GBdyRvqZUYEfXQR2y3wg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797682", "to_ids": false, "type": "size-in-bytes", "uuid": "2aa49942-8396-4899-9eac-04d85d41bd1f", "value": "238556" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797682", "to_ids": true, "type": "vhash", "uuid": "8642e224-d621-4804-b9f9-dbf91a2f3603", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797682", "to_ids": true, "type": "filename", "uuid": "787632ea-7b4b-44f5-98bf-5e7943f8a8a7", "value": "9903adc5f3c60650c3ee76334afc6e9d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797682", "to_ids": false, "type": "text", "uuid": "f6fb2335-caa3-4fe7-ba55-207aac3d64fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859448", "uuid": "8f756f8d-968c-431c-8b7a-d510c3db86e7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859448", "to_ids": true, "type": "md5", "uuid": "95b84072-fa60-4902-87f5-401d096301eb", "value": "7cdcb7603a3fd7bd5f0b1268b409abfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859448", "to_ids": true, "type": "sha1", "uuid": "c54822f1-1e34-4170-abe0-8538079c0f69", "value": "2a7e4de77e689e5f9eb46085845e3b97fa987b7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859448", "to_ids": true, "type": "sha256", "uuid": "9ab2a4c9-b7f7-48a3-b280-945448cc92f2", "value": "80cc63a82fe6916e623e1f0a6919434e78e81e13534c7ad2796ccd3dd9ff681d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797704", "to_ids": true, "type": "ssdeep", "uuid": "c02b0b9f-856a-47bf-9c44-fa96dfca52b3", "value": "6144:FtxqCFa4OIDEoMc15V6LAqylrxHB8m623wq:Ftx9aSQDcrpRNdTsq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797704", "to_ids": false, "type": "size-in-bytes", "uuid": "b1e0d5f4-2c6b-48b4-a1e7-a99613321db8", "value": "238578" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797704", "to_ids": true, "type": "vhash", "uuid": "9928c9ea-bb97-462a-bbdf-bde19d17816e", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797704", "to_ids": false, "type": "text", "uuid": "99cc3557-f186-42fb-9420-710452ecdce9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAAC\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859449", "uuid": "d764c948-da13-4195-bec4-5062a5b581ea", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859449", "to_ids": true, "type": "md5", "uuid": "356936fa-c8a6-4286-b7ca-60d363d2036d", "value": "c136bf9d7d134f9796dac600a59589ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859449", "to_ids": true, "type": "sha1", "uuid": "583e5c4e-4a59-4353-ace7-558ffbd89839", "value": "75b8ac15b40e64010e89a0eda5c8d61b70955a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859449", "to_ids": true, "type": "sha256", "uuid": "721a85c3-b26b-41ca-b980-270698bf7948", "value": "8048504544bf4299b6fd78b9d82ad89ea301b5cb46a3b035d2238794358eb317", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797725", "to_ids": true, "type": "ssdeep", "uuid": "17450430-4d80-4d81-8353-21181556fa20", "value": "3072:9M3wwQJFOwx2ZfVucKydgZKzeZov9rrxm5Wx8vQk3ueNrxHWIdt8a/Pqzoc7q2m:+3wRxyLFCZKT1m5Wx8I0ueNrxHIEP6Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797725", "to_ids": false, "type": "size-in-bytes", "uuid": "d6a4bdd6-3bf5-43bf-a3b3-0a36b41aa8ba", "value": "238649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797725", "to_ids": true, "type": "vhash", "uuid": "a90647c8-4a16-4850-8345-5b79f90e04cb", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797725", "to_ids": false, "type": "text", "uuid": "d0980fe9-a157-4693-a9fb-dffe3459d5d1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA9A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859450", "uuid": "fd7e0300-bb31-4cbc-9cb8-644c2656640a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859450", "to_ids": true, "type": "md5", "uuid": "aad4dad1-4550-4254-acb9-a5b2b0ea41a6", "value": "84ab2be138e8942aa87b16c1d15cd5b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859450", "to_ids": true, "type": "sha1", "uuid": "15a9e5d8-491a-4125-a982-2e513a4ef8cc", "value": "f7314f7f5b45275376e78ca3703fea7576f33c85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859450", "to_ids": true, "type": "sha256", "uuid": "d7162046-7b2f-454c-ac0b-d35bdc1d8aea", "value": "665aa54f86760b47619d889559a2b394634f685bcfc6b0aa5625f18ddf4e738f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797746", "to_ids": true, "type": "ssdeep", "uuid": "46aecae2-9857-405a-8a0a-cbd1beead7d2", "value": "49152:0gV09HjuDhOoMUP08uqpjJz9WfLlfkQMuQ:8DujMetpjnALlf7MuQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797746", "to_ids": false, "type": "size-in-bytes", "uuid": "4028dcce-c2fa-4c79-8b09-1e8d126b7529", "value": "2157522" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797746", "to_ids": true, "type": "vhash", "uuid": "d89d7fe0-8e58-4e93-a22f-221cfeecdb17", "value": "e7ca60a2ef00af5ed0ebe2457c008e82" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797746", "to_ids": true, "type": "filename", "uuid": "1b0f1960-e117-4d46-9148-b378e79049ea", "value": "f7314f7f5b45275376e78ca3703fea7576f33c85_com.android.system.manager_VPN.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797746", "to_ids": false, "type": "text", "uuid": "afeabd2d-b3c2-4614-9c79-5bf0cc36bdb1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859451", "uuid": "d02a6f36-5495-4e07-a678-2b07c5c3b620", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859451", "to_ids": true, "type": "md5", "uuid": "7b56779e-fed8-426f-b2e4-8e22156c420c", "value": "74021cec4b8728fec450f947f574dd7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859451", "to_ids": true, "type": "sha1", "uuid": "2ef1af00-1abc-42c2-95d3-9fcde4cb93b3", "value": "f14275d6997727a5d12b0bf5679822e9d00663be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859451", "to_ids": true, "type": "sha256", "uuid": "66ad7352-fc14-49d7-8351-f23caee83a1e", "value": "6f06309ad1c3693102220f49e238ef5688ae62386f1c0cd59bc0230bd7ebd8f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797768", "to_ids": true, "type": "ssdeep", "uuid": "1deacb3c-fb15-44f1-ae31-bb180d8a8fdc", "value": "3072:ET3wwy9K6ls5mAS806Jn+ta1CeVFAGh0ZrziGhr1eG9Wt/GijfqrFIzo47q2v:ET3wNfOJX1CecO0ZowIp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797768", "to_ids": false, "type": "size-in-bytes", "uuid": "e4c495ce-0d80-4656-9b8f-18870d4eb589", "value": "238284" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797768", "to_ids": true, "type": "vhash", "uuid": "98d6f267-8962-446c-9c32-a854e4af9c45", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797768", "to_ids": false, "type": "text", "uuid": "065464a0-6ba4-4982-8597-a4daad0bf25b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AACB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859453", "uuid": "74219e5c-19a4-445f-ba02-d324e2e53b51", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859452", "to_ids": true, "type": "md5", "uuid": "4c77aa7e-7178-48a9-899d-9516bef21460", "value": "b71065faec4c9da323c22182a2b9d589", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859452", "to_ids": true, "type": "sha1", "uuid": "fbc23a4f-6a0b-4545-833a-7a99b4be77f4", "value": "e935800fe076e4d9f5a82e4931ffeb39e35d1048", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859453", "to_ids": true, "type": "sha256", "uuid": "90202de8-0551-4231-a9d4-640d7fd02d4c", "value": "a786a9b04bd16d9c7c780e999b0b04e30226fcc07f2189a9b0cac497fea77b0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797789", "to_ids": true, "type": "ssdeep", "uuid": "f95fcdd1-27d4-4852-8c5e-e41ca07a151b", "value": "49152:6qyROoA4RxSDuCYzLe02jFafTErY00ivM2CN2:635A4rpCsq4r+eU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797789", "to_ids": false, "type": "size-in-bytes", "uuid": "df5d2e4f-dafc-4fd6-af13-9a7938daab72", "value": "1622360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797789", "to_ids": true, "type": "vhash", "uuid": "ce29b56e-5d41-4327-abea-93c5542e3870", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797789", "to_ids": true, "type": "filename", "uuid": "85bc620f-c203-4973-afdd-460e813b4ff8", "value": "b71065faec4c9da323c22182a2b9d589.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797789", "to_ids": false, "type": "text", "uuid": "08a8b82e-e492-414a-b4b0-334761de8272", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859454", "uuid": "e58efd05-ddc7-474b-aee2-ae4e9d3a8407", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859453", "to_ids": true, "type": "md5", "uuid": "fb5abc9c-7eb8-4c6b-99ce-3d1657630884", "value": "ea25c953ef8bbe61d42c26870f264cae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859454", "to_ids": true, "type": "sha1", "uuid": "4f70a3a3-885a-4b85-b767-e7e0426a6c63", "value": "baa91c6598f4cf23552b0e71c7a68fdd22c6a41e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859454", "to_ids": true, "type": "sha256", "uuid": "86de2e3f-04ce-4416-b645-c3c69ee2af65", "value": "b6bc320399c31cfda25faef120f733d47a1766d91bc82b752d167242cd6a474a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797811", "to_ids": true, "type": "ssdeep", "uuid": "69aa77ea-796b-4b2b-ac9b-46df97fe8513", "value": "49152:vSWPW60KxQIjQpH/EC0jkqGc8OTaTKfB5VgjqSgV061Y:vSxKxQIjwH/EC0jAcBB3oa1Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797811", "to_ids": false, "type": "size-in-bytes", "uuid": "e8a4433b-3cd1-4639-8887-4fa96f5f8439", "value": "2107025" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797811", "to_ids": true, "type": "vhash", "uuid": "4e71dc5c-c13d-4cf4-a2f1-7dce0d63a05b", "value": "e7ca60a2ef00af5ed0ebe2457c008e82" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797811", "to_ids": false, "type": "text", "uuid": "6027f674-de9c-4dae-8b34-cf43e085d47d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859455", "uuid": "e3b9a31b-c96f-4683-a7b7-e615647c16bf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859455", "to_ids": true, "type": "md5", "uuid": "159b6a8c-ec62-41a8-9911-e339667151cc", "value": "dd2a6a0acc02c9948d765d53804e2854", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859455", "to_ids": true, "type": "sha1", "uuid": "4213b37b-a749-4f28-acab-2a15ca8b8cc5", "value": "b9fb09c14458eaf3820196e26500f3e99b21b8cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859455", "to_ids": true, "type": "sha256", "uuid": "3b4a41cf-6b8c-4605-8d9f-55e49863d321", "value": "33a051427354534a87f831a4abe2387ff8de7ab53181fdf7d842333ededa1fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797832", "to_ids": true, "type": "ssdeep", "uuid": "0fdbe7f9-fb48-4f8b-bf48-5b73471e85c3", "value": "3072:I3wwFYlguXpPJzFYZzw1VfQ640s7L6jqBWnQfoi0cS+x340lFa4og9sJd+K3Q5zK:I3w1gmpRIziVVpzCksn5+0XsJdR3QNK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797832", "to_ids": false, "type": "size-in-bytes", "uuid": "f5332083-f8c6-4dc5-a2d6-9f99e1d2b934", "value": "238656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797832", "to_ids": true, "type": "vhash", "uuid": "a9baad0a-e2b0-40da-bdbc-ca14ad4ebe56", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797832", "to_ids": true, "type": "filename", "uuid": "bbc13992-c2e5-4fda-a669-93d606a6bf80", "value": "dd2a6a0acc02c9948d765d53804e2854.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797832", "to_ids": false, "type": "text", "uuid": "407f9eba-c5bd-4133-a472-e19963864b43", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:32/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859456", "uuid": "38a552ed-c354-4a15-bce7-c161fd3ebf08", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859456", "to_ids": true, "type": "md5", "uuid": "f83c5762-d5e7-4033-b077-7449122cc73a", "value": "7500f32a5717af4cd8d186378c441518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859456", "to_ids": true, "type": "sha1", "uuid": "3cd5c685-76e3-4be3-b4c7-11de70906794", "value": "a1f7e8964f326582997c9d3f7f6a78506103e89c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859456", "to_ids": true, "type": "sha256", "uuid": "5398c044-921b-4c13-826e-e46c5b9e6bde", "value": "f6efa32783621466762c86a4d5d5d440641eea586065396114fa7de65742b7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797853", "to_ids": true, "type": "ssdeep", "uuid": "295d1976-df8f-450d-8d91-eb516786b05f", "value": "196608:MPVIFbR4/TFZ2V27+Ps5/RpjLnO0CDk9s8e2CFwNtjIVpYtgp:AVIF14/x865T/Boz81DDjIcI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797853", "to_ids": false, "type": "size-in-bytes", "uuid": "68afff1c-183c-4729-9d8e-8611e78a517a", "value": "9262128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797853", "to_ids": true, "type": "vhash", "uuid": "52ff8864-c5a0-4374-aaf5-d0e5ee67440d", "value": "1f34f51eedf17994e4f26ce125c65bdc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797853", "to_ids": false, "type": "text", "uuid": "b6f8a40f-ee45-4933-87ef-5e8103ca3590", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859457", "uuid": "846de3d2-70bb-4a25-86f4-a2409a0d457b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859457", "to_ids": true, "type": "md5", "uuid": "1236615a-e9cd-41c6-88a8-655cb8fdb7f3", "value": "93605f21ce3583c0e013696919de81c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859457", "to_ids": true, "type": "sha1", "uuid": "b90ba668-bd52-40ef-881c-adb773eef379", "value": "8de0e7c3593470e58bb86f496f99c3d2a66cffd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859457", "to_ids": true, "type": "sha256", "uuid": "9072544f-763c-4a77-b507-7ec16c1ceaba", "value": "2f7213db5439e6dd3db7b8a50d646aade0bbf3b50017c6dff548cfc78dea555c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797875", "to_ids": true, "type": "ssdeep", "uuid": "9c7cd2a9-fd84-4290-8eec-0ff24764f794", "value": "49152:zoU7c+KtjXna6T71q1BJhKwGuWMmfTF7ixAzG1FYhL6TisgV01Xb:zoUY+6XnrRqDJ4uqViaz2EuTvXb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797875", "to_ids": false, "type": "size-in-bytes", "uuid": "dec1984b-2a30-46dc-87d9-6f12c27756eb", "value": "2106970" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797875", "to_ids": true, "type": "vhash", "uuid": "e86c0c65-b2c5-44f2-8682-d02fb8d420b4", "value": "e7ca60a2ef00af5ed0ebe2457c008e82" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797875", "to_ids": true, "type": "filename", "uuid": "fe930920-63cf-45d3-8338-4b875dedf844", "value": "com.android.system.manager.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797875", "to_ids": false, "type": "text", "uuid": "e4000f98-a038-4354-92c1-c6298645b2da", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859458", "uuid": "70f5ae35-d275-44f9-8a6f-3cffb6408a5a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859458", "to_ids": true, "type": "md5", "uuid": "d24e2bc6-965d-455c-ae41-1e6ca4505acd", "value": "44f2e38d9b8553b9628f1a322fe514da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859458", "to_ids": true, "type": "sha1", "uuid": "94d94edd-2437-4e2c-8b64-a251d6144bcb", "value": "1e6a8534ff7268565ab7060489c2615028dd8dac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859458", "to_ids": true, "type": "sha256", "uuid": "fbb96822-08eb-492e-bfd4-31966336f5c9", "value": "4e8f3c9b67fc2c91c2eb2c23febe09f45025f0eb0309c99d42006dccc7780e84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797896", "to_ids": true, "type": "ssdeep", "uuid": "9ade8199-d69f-4687-8396-00a90cc9dd22", "value": "3072:FZ3ww3FFOwx2ZfVucKydgZKzeZov9rrxm5Wx8vQk3ueNrxHWIdt8a/PAzoa7q2M:L3wMxyLFCZKT1m5Wx8I0ueNrxHIEPwo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797896", "to_ids": false, "type": "size-in-bytes", "uuid": "6128d5b5-c714-4f97-aed8-4270438c9422", "value": "238649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797896", "to_ids": true, "type": "vhash", "uuid": "a37fc15a-9672-4033-a7d4-f4236e641a0b", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797896", "to_ids": false, "type": "text", "uuid": "b5bd957a-6c5d-452a-a4e2-a365a24fec01", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859459", "uuid": "8e2b1bdc-4b60-471f-8008-b8ecc0bc9adf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859459", "to_ids": true, "type": "md5", "uuid": "cacd7f7d-6451-4630-9ec3-5521a0b48fe1", "value": "b3dcb8b2c93e5a9d9e4fd16aace3c08b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859459", "to_ids": true, "type": "sha1", "uuid": "b66ee70c-6bcd-41c8-9a2f-5b7304220b07", "value": "4b14342c3615fb9c87e67c690d379fa1c4a50627", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859459", "to_ids": true, "type": "sha256", "uuid": "8c8e0377-02f3-456d-8a56-cb988c3a21ba", "value": "22778e4f945df2342c1e68720acb83bd63b44de7fb35314dd691480ccacc44c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797917", "to_ids": true, "type": "ssdeep", "uuid": "a15a8de8-68c6-49d0-a675-2b5567f81eb8", "value": "49152:hNyROoA4RxSDuGYzLeMmzFafTErY00SPM2Cd+:h45A4rpGsqor++g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797917", "to_ids": false, "type": "size-in-bytes", "uuid": "157584c8-2ff2-4d22-b70e-1d3e60fa480e", "value": "1622361" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797917", "to_ids": true, "type": "vhash", "uuid": "4d8448ae-dd9a-40eb-9238-be2c78916c98", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797917", "to_ids": true, "type": "filename", "uuid": "1c77139d-cbd2-4288-822d-f8bc6c9249ec", "value": "b3dcb8b2c93e5a9d9e4fd16aace3c08b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797917", "to_ids": false, "type": "text", "uuid": "aecc6d50-1c9d-46d8-997b-e4ec69db3909", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859460", "uuid": "654f93cd-6f9f-4079-a870-00f856c60c23", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859460", "to_ids": true, "type": "md5", "uuid": "3cfb7cb5-9b37-4647-bf03-51b625a17d62", "value": "8bb365402372778e42914f4d13c3ce61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859460", "to_ids": true, "type": "sha1", "uuid": "388ba313-d647-4eda-9456-712aee5807f2", "value": "112384a853044d02898366c6c85367ccb7d3aba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859460", "to_ids": true, "type": "sha256", "uuid": "c20bca1f-8611-4eae-8728-0eb8728fff5b", "value": "387809e9b03247d47ab2b475bc92e89893bfaeb65c5d16232fe2f1130926b0a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797938", "to_ids": true, "type": "ssdeep", "uuid": "7e4ff536-11f0-4c27-b47d-f4ef1e17296d", "value": "12288:P0R+U/zWlf4lkB5GPZRfnhH6zK0llYYx3E8:P0oU/zUPcCdlmSj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797938", "to_ids": false, "type": "size-in-bytes", "uuid": "76458053-443f-4b5a-a431-5593201c4b7a", "value": "426614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797938", "to_ids": true, "type": "vhash", "uuid": "4b9d1e4b-b3f3-4c89-bf41-e880f56e8a9a", "value": "46c9ece46931b72d4b48150957fe0a45" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797938", "to_ids": true, "type": "filename", "uuid": "11338179-777e-4e75-8eef-419961c23b22", "value": "8bb365402372778e42914f4d13c3ce61.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797938", "to_ids": false, "type": "text", "uuid": "e85ce928-bd0d-4048-87d7-4e5570bce004", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859462", "uuid": "a101e776-a950-4d0e-ad98-dcb27f25a912", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859461", "to_ids": true, "type": "md5", "uuid": "328e32fe-471a-4935-8a4b-6cd3dd2e6985", "value": "165f0208834d776e17c3422917487e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859462", "to_ids": true, "type": "sha1", "uuid": "8d55da85-ec53-4f6d-b5d7-09086d509e26", "value": "b33b6594f26a3714a456db835f1fc7a11a76841d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859462", "to_ids": true, "type": "sha256", "uuid": "f2f1628b-c6bf-429f-b447-3c5433f877f5", "value": "3bad74bf38c401b1e239f067715e8e08260b15821c1c018c62004ac101ede7be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797960", "to_ids": true, "type": "ssdeep", "uuid": "81b8a874-c905-497d-b213-fe4728c03cab", "value": "6144:PpZUQeAtxBgEkOPEb+sMSfs6pTkVLRMV7oACcLh/rlnz/:PpZUQeAtwEr8sc0LSVLCMhRz/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797960", "to_ids": false, "type": "size-in-bytes", "uuid": "9b440bb8-b027-4bc9-b516-827f758a97b0", "value": "253462" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797960", "to_ids": true, "type": "vhash", "uuid": "8a6916d6-7dfc-4a35-bac9-f8e6fb14ed00", "value": "18d72edf629d205b5e6f05850b9e7d10" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797960", "to_ids": false, "type": "text", "uuid": "56ce7ad4-09a3-4186-b32f-661f197a4a76", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859463", "uuid": "31588640-e08c-4811-b2d5-bd247007fa10", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859462", "to_ids": true, "type": "md5", "uuid": "81faf8b8-8313-4876-b353-fba460ebbf05", "value": "82a189f05cf0225256d54d0f34e9c3c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859463", "to_ids": true, "type": "sha1", "uuid": "19c30776-09ca-49ea-8a21-7d5511aa7055", "value": "d7b679b16f4ca0c4b9028d05c280f1d9c9ba0936", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859463", "to_ids": true, "type": "sha256", "uuid": "c14397ff-e8a0-4393-880a-ba08e63eef5f", "value": "52fb13dd6ec596b0e62fe19d64f77213dcc1d55b8e1f319f5c841890d7262346", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740797981", "to_ids": true, "type": "ssdeep", "uuid": "3d17f606-7158-443a-9089-d146fb521f6b", "value": "49152:SGyROoA4RxSDuyYzLe8OfFafTErY00WrM2CdS:Sz5A4rpysqUr+Wg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740797981", "to_ids": false, "type": "size-in-bytes", "uuid": "295a0bf4-1137-43fc-a42f-a2d7678970dd", "value": "1622360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740797981", "to_ids": true, "type": "vhash", "uuid": "cb30cc49-c482-48db-9e6a-b4eb421a2f90", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740797981", "to_ids": true, "type": "filename", "uuid": "e1fe6832-3e74-44d1-8abc-20f804e09779", "value": "82a189f05cf0225256d54d0f34e9c3c9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740797981", "to_ids": false, "type": "text", "uuid": "c4ac5b1a-9146-473a-9364-4610fb102903", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859464", "uuid": "c9a55f8f-7036-4488-8477-bd048cf2f4ec", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859464", "to_ids": true, "type": "md5", "uuid": "23882c59-62d1-47dc-83a5-bc66cd594897", "value": "bcc3cbb3b12aee45698641b5bfc6b2ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859464", "to_ids": true, "type": "sha1", "uuid": "4b74e9d0-1523-42ad-b2fe-2d106f0faaf6", "value": "6b7557b4f9f70741da96cee66a26dd3d84564cf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859464", "to_ids": true, "type": "sha256", "uuid": "e47895c4-8fac-4af3-9727-e233206f57af", "value": "3669df6ef764aafbc4d18e5529fbfad933924fe7e970f25e747d165f33ef21bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798002", "to_ids": true, "type": "ssdeep", "uuid": "e108d139-5082-45eb-9a82-af8ba0f39689", "value": "49152:FtyROoA4RxSDubYzLef6jFafTErY00TNM2CEa:FY5A4rpbsq/r+jh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798002", "to_ids": false, "type": "size-in-bytes", "uuid": "0f8671f8-6cbc-478d-bba0-989c6a761cb3", "value": "1622359" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798002", "to_ids": true, "type": "vhash", "uuid": "de9cbca5-16c7-4af0-93ae-f471b9dd81ac", "value": "e6ac2e4660a301ab31a78e40984dc510" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798002", "to_ids": true, "type": "filename", "uuid": "9d0a18d9-edcc-44d5-9b70-0a6663628b17", "value": "bcc3cbb3b12aee45698641b5bfc6b2ef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798002", "to_ids": false, "type": "text", "uuid": "1b2a7d52-2881-444d-9356-89c2c3e1d8a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859465", "uuid": "37bbb54c-40cc-415a-838b-079d70d2c9ab", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859465", "to_ids": true, "type": "md5", "uuid": "f006ca09-6b01-4302-9766-4d336d422f60", "value": "d6bcac0147bf7c780d122fc38893c1de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859465", "to_ids": true, "type": "sha1", "uuid": "283e4f16-6595-44e8-a6f6-76301f577ac7", "value": "6861526b0227fea0c81a8083d7fb3d7b03b5e3c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859465", "to_ids": true, "type": "sha256", "uuid": "445ac5ff-60d1-41dc-a6b5-50b12dec7b66", "value": "364817b4c95ce324f2fba90bfbc44b735f270d204f76a7778625a11c63905e03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798026", "to_ids": true, "type": "ssdeep", "uuid": "79786781-fcc8-4d99-8a98-a7e118afe1dd", "value": "6144:Q3wwp7dWG0ugNmOSLHb7/wl1XAKJqnkWY+sVG4Mk6UVPx9nke7XELlB:xsj0hN/SLPYl1XZJ1bVGHkppLULlB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798026", "to_ids": false, "type": "size-in-bytes", "uuid": "51a2d3c8-6399-429e-98d2-cde2780470ab", "value": "383518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798026", "to_ids": true, "type": "vhash", "uuid": "48ac1cdb-47ba-4b28-8672-d64032445d5e", "value": "d2cf591e6c10821944aa228ba7488e70" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798026", "to_ids": false, "type": "text", "uuid": "2d22d608-aa19-42e3-885e-732043ecfb97", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA24\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859466", "uuid": "8fe42cd3-aa5f-4a0a-b1df-bcb7c0db2e09", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859466", "to_ids": true, "type": "md5", "uuid": "d58e2adb-c9e8-4f47-8ebf-9583537eeb01", "value": "6afd8f61dc61271200b61a661b13af91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859466", "to_ids": true, "type": "sha1", "uuid": "7c9c38e4-4a09-43b4-a5e7-5abfcac23969", "value": "555ff1569ec8ae7a7d337f0c4b152f4461f40151", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859466", "to_ids": true, "type": "sha256", "uuid": "ddf1d4f2-32ef-4b74-9621-1b41da1a1da5", "value": "2bf4498076d8385b5513a75268cfaa149a8edb8e723f9397f39cd08663a0b21f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798047", "to_ids": true, "type": "ssdeep", "uuid": "7348740e-5cc8-4207-983b-ae7c4d522586", "value": "49152:cLyROoA4RxSDuyYzLe6+HFafTErY00UTM2C7i:cm5A4rpysqKr+4C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798047", "to_ids": false, "type": "size-in-bytes", "uuid": "b14b6a93-9f5f-4cb2-b8d7-94c39da3e810", "value": "1622360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798047", "to_ids": true, "type": "vhash", "uuid": "e9deb939-b7a4-4e47-b355-e10c6e7bd30c", "value": "659142d6b463796d4f75050d3dca3c7a" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798047", "to_ids": false, "type": "text", "uuid": "b5937913-708d-46e2-8a5e-79b33d655da8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859467", "uuid": "30f3104c-9d97-4aeb-aaaa-38ed2e2b4c60", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859467", "to_ids": true, "type": "md5", "uuid": "29a2475b-7703-43ab-a162-92a192a659a4", "value": "f5c230e2141548e1dcff7c9de05c1102", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859467", "to_ids": true, "type": "sha1", "uuid": "d3c524ce-4187-45ab-9149-5df0c7301f77", "value": "85da33fb9a885ff3a21678a649ff9f342a1ea0f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859467", "to_ids": true, "type": "sha256", "uuid": "6c9567e3-8491-45cc-96e6-10e6188ba91c", "value": "e2b3dd6927975a8f9e81a898057829589fe23e9939cf0c3b47708eacb728a16e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798069", "to_ids": true, "type": "ssdeep", "uuid": "584ca9fe-cb12-432e-ad04-1b7fd9ef41f2", "value": "196608:jK1QpLIFAk4XnLV27+Ps5oRpj4LO0CDk918e2CFwNdjIVpYDy:jK1mXnL65SSBo+81DfjIc2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798069", "to_ids": false, "type": "size-in-bytes", "uuid": "fb7f1ccf-b800-4b90-9020-be9d0e240c9e", "value": "9331455" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798069", "to_ids": true, "type": "vhash", "uuid": "97f91101-31e0-486c-a0f0-48daad391fd8", "value": "b094f57896a6709dc64b6eba0db9dd2f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798069", "to_ids": false, "type": "text", "uuid": "f75cd052-9626-4171-9dd8-4ee965b0e49f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/CarbonSteal.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859469", "uuid": "5d518311-7254-4489-a22b-70bdf7c80763", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859468", "to_ids": true, "type": "md5", "uuid": "7cad1704-9071-4c9e-b248-1f91d04cfae7", "value": "b566948ee6ccf53608b1eb97771c8d3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859468", "to_ids": true, "type": "sha1", "uuid": "c9162c26-8752-4cb0-bbbc-cc34d748e587", "value": "036cceba8cc2a3af153cf0b64318e11d00fda1fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859469", "to_ids": true, "type": "sha256", "uuid": "111400cd-ce18-427d-bab0-a36e551495b0", "value": "c3ad577361a45e21b4fab52ce24d104a1b7a4bda0fa68d3e90406c566609eb2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798090", "to_ids": true, "type": "ssdeep", "uuid": "2b184996-4f33-4778-9e03-f30761d723f4", "value": "196608:RsV27+Ps5CsO0CDk9FjIVpY98e2CFwN42ldRpjTnnkw1cP1:Rs65CsBoQjIc981DK2fHn1G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798090", "to_ids": false, "type": "size-in-bytes", "uuid": "e9ca2747-e707-42a9-9f4b-a06021ffa14c", "value": "9361169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798090", "to_ids": true, "type": "vhash", "uuid": "00eb818a-06f4-4100-9c43-dbbf712da946", "value": "b094f57896a6709dc64b6eba0db9dd2f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798090", "to_ids": true, "type": "filename", "uuid": "e0bca050-549f-4cd1-b758-7d4341bca06f", "value": "b566948ee6ccf53608b1eb97771c8d3d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798090", "to_ids": false, "type": "text", "uuid": "5a4e0c08-2967-4249-882d-a7bc140b9d8c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859470", "uuid": "332552de-8174-42ff-9bb6-80ed03344147", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859469", "to_ids": true, "type": "md5", "uuid": "48d332e4-59a5-450e-933a-1af3cf1142a6", "value": "6ff0eeb5bebe716e23aa55be17579cb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859470", "to_ids": true, "type": "sha1", "uuid": "b700ae62-2a0b-4b2a-863c-1456a094c16a", "value": "8b2df91a33166f6b92e33b229d05e11ba4da240d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859470", "to_ids": true, "type": "sha256", "uuid": "b252e2a7-4536-4b42-aa5b-74fa13700492", "value": "31cd98038a78b54616b50f648c654babe0f50e3b7bb08c9895cd50034f8b336e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798111", "to_ids": true, "type": "ssdeep", "uuid": "cab357ce-2ef2-49f8-b3ff-5984702c04c6", "value": "24576:kCuny/5xJMtM2dcnfMmqwaV5fxdw6jIyDKWYQCafDJZEaHmTGgzOzaMI0L7tM2Cj:kRyKtMVnvkfxdwOzGFafTErY00XtM2Cj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798112", "to_ids": false, "type": "size-in-bytes", "uuid": "3552607c-b950-4f78-a999-34d15936f52a", "value": "1596202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798112", "to_ids": true, "type": "vhash", "uuid": "6182c4cc-eab7-4879-8003-4c94b4534919", "value": "39cb9d5d3515869749b7fa88d5a0ea66" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798112", "to_ids": false, "type": "text", "uuid": "578d7943-bd41-4e2b-96aa-1b3659093cd8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859471", "uuid": "c68198f4-1bc3-4a32-ae93-855ba39f805f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859471", "to_ids": true, "type": "md5", "uuid": "259105a4-dd94-410e-b011-53ee1cbc963c", "value": "666ce9a1fec4cc3da69103748ce59f21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859471", "to_ids": true, "type": "sha1", "uuid": "7cf24da3-7282-45bd-ac5a-0becbf10c36a", "value": "23d03c2fa5ee3675ce4b9d50cff956e9125c45ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859471", "to_ids": true, "type": "sha256", "uuid": "11172ce0-2e2a-44de-95a4-59a2ff2ad6b7", "value": "3ef99a48f3e573a783ccd5ef314ff991eb353a9b54b94b42751241bb02249694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798133", "to_ids": true, "type": "ssdeep", "uuid": "f913d30b-4d0d-46fc-9314-9c35fa94993e", "value": "49152:we01cyg5jWA/IKLh3GFafTErY00XtM2Cf:j0yL9WSIc3Rr+Xj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798133", "to_ids": false, "type": "size-in-bytes", "uuid": "f2580949-4f47-4764-9201-a9379547c053", "value": "1597934" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798133", "to_ids": true, "type": "vhash", "uuid": "5c1fc5d2-9ba1-4183-b0c1-f80b7483416a", "value": "39cb9d5d3515869749b7fa88d5a0ea66" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798133", "to_ids": false, "type": "text", "uuid": "0a252a3f-105e-4b24-b070-cc1cd5e7c6b9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859472", "uuid": "69c339cd-aa21-4311-be71-6124567105af", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859472", "to_ids": true, "type": "md5", "uuid": "29e4e083-b03e-42e3-a2b6-dbab013c49e4", "value": "b3576191ef3e04f827621cdaca31f5ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859472", "to_ids": true, "type": "sha1", "uuid": "22167e18-0695-441d-80d7-60448f59c970", "value": "cb1f29c3b47a18e5dbc970f2111a8ceb04d2629b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859472", "to_ids": true, "type": "sha256", "uuid": "38dc38ef-bf7d-4aa6-a93e-a2fb9a292b25", "value": "b4c548554073b02216d2a6e0bab7e58d29ce5aa6fdff2b8d148c3f44b4ad49ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798154", "to_ids": true, "type": "ssdeep", "uuid": "9295c069-e83e-43e7-81d5-ca26b739702d", "value": "49152:Lif1ix/bngjAUjIj5XoGCAKaeJ6cFdn3C7csJggV0eNu:LmcxTTUGXfCAveccFd/UNu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798154", "to_ids": false, "type": "size-in-bytes", "uuid": "e9bfcf23-bace-4b69-9918-ca0e33ef24ce", "value": "2057000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798154", "to_ids": true, "type": "vhash", "uuid": "6ef297f0-2d2b-4285-a508-a2cb153579b7", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798154", "to_ids": false, "type": "text", "uuid": "f8f97b75-4049-4540-b096-e60e7c0f18ba", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859473", "uuid": "0ed4ba89-4fd1-4b91-9461-2c047acd2235", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859473", "to_ids": true, "type": "md5", "uuid": "c1365643-e187-4a4d-ba61-dccb48920479", "value": "f7084f74eaafa544e80886d33245dbb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859473", "to_ids": true, "type": "sha1", "uuid": "3e9800c7-fec9-42f9-a7e9-6874a242ca39", "value": "afdd9ca1cc49a058e5dd703989a7cc613b565e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859473", "to_ids": true, "type": "sha256", "uuid": "6614f83d-4808-4a3b-8520-47b7b012855f", "value": "0be5e7e76242dd596e44ac176cfab527d5198fbc96f53e9f811860be1f0634c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798176", "to_ids": true, "type": "ssdeep", "uuid": "2ecdcdd8-b4d2-46c0-8137-2d799ffaace7", "value": "24576:KgHcINHMCDhzd7+PS3aHURFUEDxZxtipHEi4uGASTMM2CfWYQCafDJZEaHmTGgzM:K+Z1Aw8er/xk9tIAxM2CfFafTErY00T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798176", "to_ids": false, "type": "size-in-bytes", "uuid": "41ed08ac-b49d-4177-bcc7-d32ec84dfda3", "value": "1862156" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798176", "to_ids": true, "type": "vhash", "uuid": "39e9e575-b18d-46c1-b217-22283d21c454", "value": "39cb9d5d3515869749b7fa88d5a0ea66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798176", "to_ids": true, "type": "filename", "uuid": "b3d75e7c-5048-4646-9a8d-ff4026f7d47c", "value": "1024-afdd9ca1cc49a058e5dd703989a7cc613b565e30" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798176", "to_ids": false, "type": "text", "uuid": "36cc1426-1247-4e27-b647-010f8001d16c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859474", "uuid": "78945d65-eeaa-4ab6-905e-07e0936e694b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859474", "to_ids": true, "type": "md5", "uuid": "3343b95d-9631-4da3-badb-27bd33148cfe", "value": "a5ba3ed502713c6971a2c44b5c43cc28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859474", "to_ids": true, "type": "sha1", "uuid": "c9d10896-3030-4224-8ffc-916fd516038e", "value": "6f604d0623f02e7756cb40a75f1a126f68217ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859474", "to_ids": true, "type": "sha256", "uuid": "dc13774a-d5af-4f14-88e0-d5dd731bad24", "value": "5e1d12579044cb94e1f6fe2d8bf36cd4c4f94be7ef4a4e24a0f2489289d46e1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798197", "to_ids": true, "type": "ssdeep", "uuid": "ca86dc68-38b1-4949-8765-3a73bbf1a8e8", "value": "12288:rPZLUjOO7vAoO3qG37ymu6x9sP0p6P2p/nlVdjebVwUuzo33H:r1ULLY3q87ylonYP4nJjGieH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798197", "to_ids": false, "type": "size-in-bytes", "uuid": "a1828fcb-1a17-4ecb-a78d-dd87534cfc99", "value": "604564" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798197", "to_ids": true, "type": "vhash", "uuid": "ee00b650-a3f7-470b-921e-f3a5b8a1b063", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798197", "to_ids": true, "type": "filename", "uuid": "9ff13e36-cbf7-4b6e-8951-8d4cb2de330a", "value": "1024-6f604d0623f02e7756cb40a75f1a126f68217ae3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798197", "to_ids": false, "type": "text", "uuid": "281458d5-08ce-4ec9-b4fa-c0396046593f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859475", "uuid": "b677648b-edcd-4787-bef7-490044209d75", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859475", "to_ids": true, "type": "md5", "uuid": "bf50ddf3-3590-41db-8eeb-37e73a0fc031", "value": "bfc19e993e286567dae9df38eb4def34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859475", "to_ids": true, "type": "sha1", "uuid": "b779d7a4-43d5-46a4-b8ba-3ae8becc73b2", "value": "e7402a223c1850f24a548c58cb64312039c84181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859475", "to_ids": true, "type": "sha256", "uuid": "cd5c036b-4953-4431-a6ea-2a4a87f10476", "value": "cdd6b005e21c89a0c1604e2530f493c4119207f8e88141ca55f46e6f03b677c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798219", "to_ids": true, "type": "ssdeep", "uuid": "84af1626-0c8c-4d07-ad33-01c6749d1a71", "value": "24576:4wL2kfFySy609KkWRRNZq3QJAawIQ9Qd4YMlNYKokHkDAyd9f+smGrzJjNjy4voJ:4aAJVWRHJAaia1QNZuPj+sTJjcE+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798219", "to_ids": false, "type": "size-in-bytes", "uuid": "36b29082-3f4c-48d4-ad0d-911b610283aa", "value": "1715911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798219", "to_ids": true, "type": "vhash", "uuid": "e9fd079e-b0ce-4c8e-9e85-05214907ad52", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798219", "to_ids": false, "type": "text", "uuid": "be3cf46a-9a24-4854-bb58-0356dcf941dd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859477", "uuid": "a427ce6f-f78b-4f8c-9a3a-c27ddca5e60d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859476", "to_ids": true, "type": "md5", "uuid": "cf0447c2-2534-44e6-9033-b7626879b43c", "value": "e80803e0dde74bf059cb82a85b60b38d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859476", "to_ids": true, "type": "sha1", "uuid": "4d6e97a2-7855-4adb-b97e-923bdad8371e", "value": "cfb6e691db3b1bdf312083de1d43c1ae328368e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859477", "to_ids": true, "type": "sha256", "uuid": "b3efbe1b-dd4f-41c5-9885-248dd8503b33", "value": "9b93d7867b69ca4d34096467b8a34fcd0a33dc9560de18c219d34322fbee8c11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798240", "to_ids": true, "type": "ssdeep", "uuid": "ec4220e6-8a26-4399-a99e-579fb9e5a02b", "value": "196608:GLZ5fqm8WYMV27+Ps5fRpj/VO0CDk918e2CFwNljIVpYFM:GLZ5fCNM65zhBog81DvjIcK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798240", "to_ids": false, "type": "size-in-bytes", "uuid": "733f6d80-a307-4320-b071-56a1ea42feb9", "value": "9282039" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798240", "to_ids": true, "type": "vhash", "uuid": "a99dfbfc-a142-413e-9075-e4e01455c227", "value": "1f34f51eedf17994e4f26ce125c65bdc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798240", "to_ids": false, "type": "text", "uuid": "493f9666-edad-4ad5-afbf-997f3349b8a2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859478", "uuid": "798c336d-4594-4723-ac64-7e20501d1714", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859477", "to_ids": true, "type": "md5", "uuid": "02cfd249-597e-4e93-825b-1be78b788c66", "value": "0c78a8f037fe205b7006718a6b6f8b69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859478", "to_ids": true, "type": "sha1", "uuid": "95e40d06-0dfe-4906-93e1-d96072d61970", "value": "2ff068afdef4eaed0435328bd0b835648d21a703", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859478", "to_ids": true, "type": "sha256", "uuid": "287775b9-23b3-4a9d-bf20-c0d26891258a", "value": "6124504e5328a1d007948f0f703ea1d57693135b934dfff0787a88e46c723b9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798261", "to_ids": true, "type": "ssdeep", "uuid": "be9e4c0b-8d48-4dc3-b007-13bc4be8198b", "value": "24576:lmz8Lz+IMB+m3dwnc8hZerOwIWi08G+N+dNk6KGP/8:s0JW+m+LgrOQi08oKG8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798261", "to_ids": false, "type": "size-in-bytes", "uuid": "71436370-39a1-49a9-8183-2c62277c220e", "value": "864946" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798261", "to_ids": true, "type": "vhash", "uuid": "2b3be13c-5d16-4fad-ad5f-29f02a42ac3f", "value": "0d48c342f80d273ca1a03e26f4c70980" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798261", "to_ids": false, "type": "text", "uuid": "4f8ba29c-d4c3-478f-81a1-bfd9a0bf40bb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859479", "uuid": "ab4bd6d1-fbab-4084-858d-ed9ab7728d6f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859479", "to_ids": true, "type": "md5", "uuid": "2a6f0358-e394-4c8c-a7da-40a335d86d89", "value": "451c77b614aec2a33223aa2f77e02a00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859479", "to_ids": true, "type": "sha1", "uuid": "6dba12cf-42ad-450d-b23d-58358ce12b5a", "value": "d317dae23a958cfeeac80fdc8d8587fd07f1e190", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859479", "to_ids": true, "type": "sha256", "uuid": "1dde18b8-4b4e-40cc-8551-b8367e98c619", "value": "10428b26959b769b4b96e9f5728ee2ce8a9eecfcb3d17ae7e315d232e56574f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798283", "to_ids": true, "type": "ssdeep", "uuid": "e11508b8-03fa-4864-aca4-fdc4fc4d93d1", "value": "24576:q6oSwQsb6YEKBjS8p47FSzW7KYwIf9uT4YnD:qJb6YEymg47FeW7ZfuT4ED" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798283", "to_ids": false, "type": "size-in-bytes", "uuid": "c1897b4e-9494-43a4-9be0-c48fa8f3148c", "value": "866221" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798283", "to_ids": true, "type": "vhash", "uuid": "428f9904-5eb2-4234-9006-d7dd3f36e6de", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798283", "to_ids": false, "type": "text", "uuid": "1dbad043-fa01-4ebb-a9c3-2e22a315bc9f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859480", "uuid": "4aed506d-abfa-4fdb-862d-0bcda124c95a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859480", "to_ids": true, "type": "md5", "uuid": "e63bedcc-b1d5-48e0-b5ec-6e5609d358e1", "value": "44683d702ed3c446b5f63fee129b2c49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859480", "to_ids": true, "type": "sha1", "uuid": "97eefa31-07ed-40ed-be94-46722013c5de", "value": "7303c87a81c02007d524d471f45575580c26d946", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859480", "to_ids": true, "type": "sha256", "uuid": "34cf2aea-d27c-429e-9789-93ff31179e1e", "value": "059b9c05627f7c437e4aff88cec47d2c2077c8a3c2b2bbb385cf6e4c8a262316", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798304", "to_ids": true, "type": "ssdeep", "uuid": "247f5b20-00f3-45ea-979a-83bda2c6ad96", "value": "12288:yRs0wQzXF10Vu/e/GKUF5sgd3D/H3Dt3E0iK5qbiLjwsM5KvFN23/4:d0wQjT/eeKUF5ss/3Dt0S0bKU7IvFw4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798304", "to_ids": false, "type": "size-in-bytes", "uuid": "f75f5932-c5a6-4c58-9b0c-cc6d4ce36b10", "value": "665957" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798304", "to_ids": true, "type": "vhash", "uuid": "6c7dc389-b5fe-4247-b7c5-7d6276cf1379", "value": "05e0c2a018a3fcf7cdcd839fd51cc127" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798304", "to_ids": false, "type": "text", "uuid": "543ed88a-af12-4224-995b-2a98fbff3e4f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859481", "uuid": "3fc3f409-b961-4524-8bfe-7562de7837b3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859481", "to_ids": true, "type": "md5", "uuid": "dc0fd8dc-59ed-4ccf-b16e-8f5aa69f2b98", "value": "3f4334c94fc534a840c6ecdb18ba86a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859481", "to_ids": true, "type": "sha1", "uuid": "36bf5876-c918-4394-a25f-ffe38200c67f", "value": "da7891b4929d4584e0a23aa7db348717d1676de2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859481", "to_ids": true, "type": "sha256", "uuid": "91eeb3c9-02f2-43d5-9e28-fe7755439d3c", "value": "d7fa7518387f381f4edb6df5a63f3eab4402df7d087708e041e3c6b1b0510f50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798388", "to_ids": true, "type": "ssdeep", "uuid": "c4c5dfa2-3f0f-4dc9-9f34-20a35ca3b81d", "value": "12288:68ZIYqqtxrt7y9oUMfmSpk6ln/OuOXFNLAsh5K+M/eRW+tA/o1ZdXiP0rrc3Gy+X:6f2HyjMXpkQ/fyywI7eRW+e/8H/w3Qcm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798388", "to_ids": false, "type": "size-in-bytes", "uuid": "a94132ca-a311-414c-b803-c42e2155f2df", "value": "846570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798388", "to_ids": true, "type": "vhash", "uuid": "8fe2b1ef-1e6f-488a-9db9-b266e1fbc0e9", "value": "0d48c342f80d273ca1a03e26f4c70980" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798388", "to_ids": true, "type": "filename", "uuid": "57936a3d-12a6-4fe9-bcbb-41f94488cf29", "value": "3f4334c94fc534a840c6ecdb18ba86a5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798388", "to_ids": false, "type": "text", "uuid": "22450d6d-8592-456a-905b-fecaa2b7b549", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859482", "uuid": "b2776800-bffe-4dc6-80a5-2864d25321ae", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859482", "to_ids": true, "type": "md5", "uuid": "31aa4eb9-e761-4070-b286-86aafa346169", "value": "7dd9adb4894b3b7598293389eaf5ec4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859482", "to_ids": true, "type": "sha1", "uuid": "4351f972-4967-46e2-b5f0-917bad0bc987", "value": "f97aaa8aed12a8c7dcc03820bc5a4aa3627c5fc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859482", "to_ids": true, "type": "sha256", "uuid": "55e02fd8-c964-4c18-8e6a-1bb75c2bc23c", "value": "b70cfea5306c6276ad086bb6acb40e474c25e3dd572c5fda9d1da655d45ea167", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798409", "to_ids": true, "type": "ssdeep", "uuid": "773faba0-96b9-4267-98f4-32898d518e09", "value": "12288:38ZIYqwrt7y9oUMfmSpk6ln/OuOXFNLbsM5KOt5OPKMdcGBljz:3feyjMXpkQ/fyF7IOBM2mN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798409", "to_ids": false, "type": "size-in-bytes", "uuid": "2d52d30a-099f-4f57-9d72-9a606e8ff20e", "value": "664458" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798409", "to_ids": true, "type": "vhash", "uuid": "3af69783-c6d5-402b-b681-16f2ef0ac1b8", "value": "5120e023345294429b31939e43bd9f47" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798409", "to_ids": true, "type": "filename", "uuid": "e7c8c4ff-0f63-46f0-8621-efde0b03acfc", "value": "7dd9adb4894b3b7598293389eaf5ec4e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798409", "to_ids": false, "type": "text", "uuid": "5d53eb69-1f2f-44ce-924d-01dab11413a6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859483", "uuid": "be301f29-1c93-4e1b-a5f1-838d4f904e70", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859483", "to_ids": true, "type": "md5", "uuid": "c123ab48-f008-4d0a-83c7-f139e9940de5", "value": "ec7a571628ebab1a51605f1e17a4def8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859483", "to_ids": true, "type": "sha1", "uuid": "e33142b2-cfbf-46d7-95a5-f1a14eb61ab2", "value": "13283513e0f878c2917f35b60eacffbe1ba642b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859483", "to_ids": true, "type": "sha256", "uuid": "df66dcad-7663-4018-b4c3-39d1acf2fa00", "value": "091285d091a60df2a69da70e4132dbac758e78055a41cb41bbbc2dbfc2f09400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798431", "to_ids": true, "type": "ssdeep", "uuid": "ad95b2ef-52c8-4388-a24e-925b51e1bc1c", "value": "49152:8nJyArGo/HvM/xWD8wEPj8LFafTErY006LM2C5X:8nRrG6HvMJWD+jbr+6t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798431", "to_ids": false, "type": "size-in-bytes", "uuid": "5078bede-8d77-478a-9f81-f29d390e7302", "value": "2090492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798431", "to_ids": true, "type": "vhash", "uuid": "2bbfdfd8-4c14-4669-9440-731cec8acdb5", "value": "0b2908efeaecb129eb8dc1ea99c32a4c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798431", "to_ids": true, "type": "filename", "uuid": "fa502177-9427-485f-9a2b-ba3aad640fa7", "value": "ec7a571628ebab1a51605f1e17a4def8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798431", "to_ids": false, "type": "text", "uuid": "b8d7602a-66b4-46d5-9857-e07fd741f76b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859485", "uuid": "9ef6bb0e-1365-4c0c-bcae-2fb1922d6419", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859484", "to_ids": true, "type": "md5", "uuid": "ccb36143-54fc-4c69-81e3-27a6e4950599", "value": "a0d1f7cae7b4d211f50093d64528124f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859484", "to_ids": true, "type": "sha1", "uuid": "c430eaa0-a7de-4952-a952-fd10fcfa00fe", "value": "baaf2d9bf2aa0ec1a054debe6a7dcff08c84c806", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859485", "to_ids": true, "type": "sha256", "uuid": "b416f873-1e67-49b4-b7fb-e655578cbbf8", "value": "8fdb7c939dc22961335ba7776759d23f3fb3df985bcff27dcdc858f90b0a06ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798452", "to_ids": true, "type": "ssdeep", "uuid": "a810391c-3357-43f2-b774-eacbdd7b560e", "value": "12288:pwGXbSophOalMZSSnQJccBS7tKdXfsh5K5tBymPD+19wAqQqdGJKI4HD2uITEW/7:pRNZq3QJAawI7BZ7CeIiD2FogN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798452", "to_ids": false, "type": "size-in-bytes", "uuid": "79a07f12-78a5-4d61-b7c2-47cf22d6bf24", "value": "877769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798453", "to_ids": true, "type": "vhash", "uuid": "eec488bd-c5cc-48b7-b309-965f8cf8c339", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798453", "to_ids": true, "type": "filename", "uuid": "bd660417-9ffb-4d88-a86d-77ee574363f8", "value": "a0d1f7cae7b4d211f50093d64528124f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798453", "to_ids": false, "type": "text", "uuid": "447e8e09-8497-48c3-ba2b-1b673157df4b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859486", "uuid": "21b4f4e0-9d75-4372-b23f-d4d5a1ddc937", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859485", "to_ids": true, "type": "md5", "uuid": "a5e2b648-ac7c-438a-827b-d1323908101e", "value": "ac070e3bc46bd39d2c2184214faca841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859486", "to_ids": true, "type": "sha1", "uuid": "af1cfb85-fa54-4a47-9e29-a63fc58f2440", "value": "ad7ed76b9ef57c5652aae1768411f7526bd8a4dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859486", "to_ids": true, "type": "sha256", "uuid": "b33e8912-051e-4dfa-83a5-486465b2fd25", "value": "88c6502bf315fee251df1ecf12ed5e0b398aadb33c871ae08c318aa6c6670164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798474", "to_ids": true, "type": "ssdeep", "uuid": "83973ba7-daa7-4ac8-a1fd-6a898ee8dcc4", "value": "24576:tRNZq3QJALaofo4EKDE3RDog9/ussdQ0hLpgguYmi6Z:tHJALdp7DEBWssrLpKYJ6Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798474", "to_ids": false, "type": "size-in-bytes", "uuid": "250c3dec-a07b-4387-a06f-168e5bcbedd7", "value": "1247106" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798474", "to_ids": true, "type": "vhash", "uuid": "113d8ae8-372b-4cc6-a4a1-c82275899c5c", "value": "917dcc513235a29812506f6e375ad686" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798474", "to_ids": true, "type": "filename", "uuid": "1f47b3c9-761a-4c83-81e4-594fd6e903ba", "value": "ac070e3bc46bd39d2c2184214faca841.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798474", "to_ids": false, "type": "text", "uuid": "dac1655b-6628-4f73-ad4b-0eeb138850a4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859487", "uuid": "6963a874-9ba6-457a-8f20-51d616b58e8b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859487", "to_ids": true, "type": "md5", "uuid": "2fd2ae3c-d079-4f11-bbe9-e0dface90217", "value": "7936acad3b2865bade482c7610413b5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859487", "to_ids": true, "type": "sha1", "uuid": "38cfe96b-0ae9-4b62-9568-817552e620a8", "value": "ef188556c8bef4d57a780531ad8c8acce06aa152", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859487", "to_ids": true, "type": "sha256", "uuid": "67d9f77a-d1bd-4317-a4b4-997a933261a9", "value": "f42ff9403651bce31fb200f495cbea39f78e63251af311bb4d319ffac549136e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798495", "to_ids": true, "type": "ssdeep", "uuid": "bf90a524-1e10-49fc-9d45-2b39c364aea8", "value": "49152:aUyArmo/HvMZxWD8wEAeFafTErY00LGM2CLrQ:Lrm6HvMfWDfpr+sLQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798495", "to_ids": false, "type": "size-in-bytes", "uuid": "35e7f31e-5545-450b-a131-739297177d7e", "value": "2082724" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798495", "to_ids": true, "type": "vhash", "uuid": "24b8ea15-ac61-42d2-96e9-51027ca946d8", "value": "1f3adb9beada5780737c8e28b15eedc6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798495", "to_ids": true, "type": "filename", "uuid": "ca92bb81-7512-4666-8b8b-e2d54ff23678", "value": "7936acad3b2865bade482c7610413b5d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798495", "to_ids": false, "type": "text", "uuid": "8a4290f1-0dbf-4975-b092-faf377f13ad5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859488", "uuid": "26ee6635-5cb9-4d82-a1a3-210afd78bb5f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859488", "to_ids": true, "type": "md5", "uuid": "5aa0c255-4bd5-4b0a-846d-281339eb6c58", "value": "d17d3e2b37f513fbac74b913cea59dba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859488", "to_ids": true, "type": "sha1", "uuid": "db8d7091-e140-4443-a879-afe9e9b67b1f", "value": "5bb57b72cca53ac426c05c65c05e7494f11861a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859488", "to_ids": true, "type": "sha256", "uuid": "e9ed1569-24a9-4dbc-bf80-5b307bdbcf02", "value": "9d3f41ccc821301d53c3d98234e1119c60e6cc067656908dde2df1c2078b8d32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798516", "to_ids": true, "type": "ssdeep", "uuid": "1636ce67-7aeb-42e1-ba89-124454c90fc7", "value": "12288:jIuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1IsynSvL5Ks:eISo0ah2NRUpNjODgGbSvLIs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798516", "to_ids": false, "type": "size-in-bytes", "uuid": "aeb55be5-e275-47fe-843b-8c2e2578f142", "value": "666763" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798516", "to_ids": true, "type": "vhash", "uuid": "7b757437-ab33-4a77-bd84-10bb16420d8e", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798516", "to_ids": true, "type": "filename", "uuid": "8578d61c-03a0-4db8-b798-049de49a7e92", "value": "d17d3e2b37f513fbac74b913cea59dba.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798516", "to_ids": false, "type": "text", "uuid": "74676c6c-e066-42f8-b6a4-f98fe09979cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859489", "uuid": "9ec32ab6-1fcd-4888-a151-2e2172c33a88", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859489", "to_ids": true, "type": "md5", "uuid": "618b115f-39dc-4ac3-b877-7d13ef4131ed", "value": "2b39376a488bf39e859041f884ac1105", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859489", "to_ids": true, "type": "sha1", "uuid": "3ba97f04-8df6-4e7e-8488-f2734b57c2fd", "value": "77c76297455ab30316cd73050c6a0b34d9bfb908", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859489", "to_ids": true, "type": "sha256", "uuid": "83f1fd68-04f5-4d92-8912-671e282a48f4", "value": "2552f69fae454279398ac1391716891a56c487fca04cdaefb39a1741134eb842", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798538", "to_ids": true, "type": "ssdeep", "uuid": "cd8ae979-3f99-4a97-88c1-c7fa88f12c50", "value": "12288:QTuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw14sknSvr5KE:IISo0ah2NRUpNjODge9SvrIE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798538", "to_ids": false, "type": "size-in-bytes", "uuid": "3f4fe772-fa47-4158-9933-bc6d8382f304", "value": "666763" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798538", "to_ids": true, "type": "vhash", "uuid": "d7211fa7-9d27-4e68-b0e6-9665c7fde86e", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798538", "to_ids": true, "type": "filename", "uuid": "3a5112c9-a2f0-464a-8d94-bdb2b3a87ae5", "value": "2b39376a488bf39e859041f884ac1105.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798538", "to_ids": false, "type": "text", "uuid": "43ddd274-c8bb-4cfe-ba3d-e07f183027b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859490", "uuid": "eae79a5f-82b4-4a27-b007-16b089ce480c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859490", "to_ids": true, "type": "md5", "uuid": "0ead37e3-97b7-4bb6-ba7d-dbd00251826f", "value": "570d4dced71a60f52a416ea8a868910a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859490", "to_ids": true, "type": "sha1", "uuid": "d307b388-b34d-478e-ae43-117e881bd78f", "value": "ac7c7a79e3e3542a83653f666ea9a1d051a61e3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859490", "to_ids": true, "type": "sha256", "uuid": "376e8811-67b3-4506-a2d8-7b738a906720", "value": "aa39d852a51bcbb68b1382a7950e84b970d83c3f7f3b8d7381103f447c2dd10d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798559", "to_ids": true, "type": "ssdeep", "uuid": "505ff812-c44a-4216-b08a-0f93d05ca7f6", "value": "12288:xNuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1QsAnSvI5KsT:TISo0ah2NRUpNjODgClSvIIM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798559", "to_ids": false, "type": "size-in-bytes", "uuid": "c15a3b13-7a15-43af-b153-c40087e3e406", "value": "666787" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798559", "to_ids": true, "type": "vhash", "uuid": "ca741e3f-0777-44ae-9108-122f263c2d2d", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798559", "to_ids": true, "type": "filename", "uuid": "3af49dc4-2914-4b6a-aa43-f36edf7c53fe", "value": "570d4dced71a60f52a416ea8a868910a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798559", "to_ids": false, "type": "text", "uuid": "d13c884a-b03b-450a-a731-3a4c2af26e8d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859492", "uuid": "5096b66b-d24f-40aa-8295-5595592a4289", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859491", "to_ids": true, "type": "md5", "uuid": "544629c2-9f34-42fb-84c2-1a0804449c88", "value": "5920e8f8be4b47496ba83ef42ed96116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859491", "to_ids": true, "type": "sha1", "uuid": "2201510f-1471-4950-b91a-41131a2475b7", "value": "51516de8b4fc06c0b5962bd0df8feb21049bcf2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859492", "to_ids": true, "type": "sha256", "uuid": "d64695b1-7650-4d9c-a89b-b4cdfb21fb4b", "value": "1c6f83c3becac5214d54b0a1bf634f672d765c9582c69f2b429aea1682b7537f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798581", "to_ids": true, "type": "ssdeep", "uuid": "981a5438-75e2-4284-8fe0-ee28f481e554", "value": "49152:KSyArGo/HvM/xWD8wEMfFafTErY00BKM2CX/F:DrG6HvMJWD1sr+uzF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798581", "to_ids": false, "type": "size-in-bytes", "uuid": "dce36887-e9cb-4dca-b656-19a2b7770201", "value": "2082610" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798581", "to_ids": true, "type": "vhash", "uuid": "fb4dc602-7050-4d63-ba47-0a11f450303d", "value": "1f3adb9beada5780737c8e28b15eedc6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798581", "to_ids": true, "type": "filename", "uuid": "f5cb00e5-0e4c-478a-a437-66f1e7e67420", "value": "5920e8f8be4b47496ba83ef42ed96116.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798581", "to_ids": false, "type": "text", "uuid": "45275826-653b-42c5-8b83-0a01bae98125", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859493", "uuid": "606482ce-301e-4f98-bbec-f764d8c4508a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859492", "to_ids": true, "type": "md5", "uuid": "85536bd4-3b71-4c0c-b150-966aec9415e2", "value": "259ab73cc60b21fada99df19fe93ece0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859493", "to_ids": true, "type": "sha1", "uuid": "28aa5006-3bb5-4443-b6ca-395ea862744c", "value": "a683095322d9bcf0a53ba0897a70680a1922aeb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859493", "to_ids": true, "type": "sha256", "uuid": "8832208f-e882-4ff2-82e6-4aaa795aa7af", "value": "88209f396c5471d84146fcfef188e0208422ad95952b779b7acedaa1345b2b54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798602", "to_ids": true, "type": "ssdeep", "uuid": "2be42092-bf61-4b96-b8fb-f6c618ae0c73", "value": "49152:KxyArGo/HvM/xWD8wEteFafTErY00LGM2CLzT:urG6HvMJWDOpr+sTT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798602", "to_ids": false, "type": "size-in-bytes", "uuid": "78beda50-93e3-4f53-9c5b-dd4c9d2b414f", "value": "2082721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798602", "to_ids": true, "type": "vhash", "uuid": "8f48388e-e334-465d-8f54-31aeedabea66", "value": "1f3adb9beada5780737c8e28b15eedc6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798602", "to_ids": true, "type": "filename", "uuid": "103d2510-19d7-4641-884e-38f726948141", "value": "259ab73cc60b21fada99df19fe93ece0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798602", "to_ids": false, "type": "text", "uuid": "b86b8dcc-001d-4ea3-9ff5-e7750243bc0e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859494", "uuid": "d6a8760c-afb8-447f-8d1b-8ed9ea69abc5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859494", "to_ids": true, "type": "md5", "uuid": "302c78a9-5caa-4525-806c-b8efc37c1bfa", "value": "c4dfa79df4c64fe26e22329f315601db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859494", "to_ids": true, "type": "sha1", "uuid": "2942197b-fd86-49a1-893b-0eed34f0f77f", "value": "9651e092e97efdd569a83fd1945c82acf1ff4b7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859494", "to_ids": true, "type": "sha256", "uuid": "64660289-35cf-41d8-a5b3-c72da75345dd", "value": "5d19e6bbad33f4892e982c00f19f544eba749e86ce5d35d3e258e4ebd7c623b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798623", "to_ids": true, "type": "ssdeep", "uuid": "99b3e3fe-7eff-46d8-b4da-56363b38aa06", "value": "12288:UNN3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUo6lm5KfX88j0o5Q:UNdYVaLQj87HinJL8ZCHUoFIflK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798623", "to_ids": false, "type": "size-in-bytes", "uuid": "b89825a3-d60e-43e1-9064-b190e48e48b9", "value": "667268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798623", "to_ids": true, "type": "vhash", "uuid": "52b49248-e323-4931-9c9e-2e1aae7dfca3", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798623", "to_ids": true, "type": "filename", "uuid": "df04d98c-f7ed-4fa5-a1d6-3c2f008ec378", "value": "c4dfa79df4c64fe26e22329f315601db.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798623", "to_ids": false, "type": "text", "uuid": "8663b477-09a8-453c-ad95-23c409591d39", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859495", "uuid": "79ea8dac-925d-4b7a-a040-72933b7a5fb4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859495", "to_ids": true, "type": "md5", "uuid": "ef589c80-e43f-4112-98cb-601853fde23f", "value": "18b7926f7cce09af44ded58eec302b4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859495", "to_ids": true, "type": "sha1", "uuid": "83ad5cf5-2b67-47a5-a3d8-3311d3ee7bb7", "value": "559a0c3e3bb956c3064558e087ec45ef1d4851b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859495", "to_ids": true, "type": "sha256", "uuid": "36628e17-0d9a-4343-8711-92861edaac06", "value": "fc57553a76fb240edf7d6807e69ff7f206d34b4e8501e51aec03cc7d04307fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798645", "to_ids": true, "type": "ssdeep", "uuid": "62f95c96-ff7c-4ba3-81c9-435f9142d715", "value": "49152:WDyArmo/HvMZxWD8wEAfFafTErY00BKM2CXzB:2rm6HvMfWDPsr+uHB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798645", "to_ids": false, "type": "size-in-bytes", "uuid": "d8987d49-1807-45db-b3df-c39d3b2a998e", "value": "2082612" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798645", "to_ids": true, "type": "vhash", "uuid": "3da2d02e-f170-4196-8b52-dbc8665eab97", "value": "1f3adb9beada5780737c8e28b15eedc6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798645", "to_ids": true, "type": "filename", "uuid": "7ef8f6fd-fef4-425a-9864-47e57c19a135", "value": "18b7926f7cce09af44ded58eec302b4c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798645", "to_ids": false, "type": "text", "uuid": "b08d294c-0afa-4240-8c05-58b6e551b3f8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859496", "uuid": "7e6da528-6e5d-4a08-a185-0711f34aac0a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859496", "to_ids": true, "type": "md5", "uuid": "6dcdb1ae-3864-487f-997e-fb3a267f9a93", "value": "5a3fae1e650483feaf91e8059d04fbee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859496", "to_ids": true, "type": "sha1", "uuid": "e05440b6-8e79-4233-850e-1c17a4859fc5", "value": "caabc9337548d077850dd7d56c89bcc09b4fd7c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859496", "to_ids": true, "type": "sha256", "uuid": "d275a446-faa2-46d1-990d-f7119f9ca066", "value": "05304262793c000799d6d3fd23664eb93efc367587d619b7f3ccb3c7d301ccb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798666", "to_ids": true, "type": "ssdeep", "uuid": "a98954ca-5495-41e9-a02f-e05b4dea5102", "value": "98304:dCEpp41NJddmTpsBU1QfdFGtGMNJlebYovB9B99BkdnxsOUeWcPa5r6ni:dyLJdgydzMNJa/9/OxuGaYni" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798666", "to_ids": false, "type": "size-in-bytes", "uuid": "0a069708-7142-49ad-b852-e6932cabd484", "value": "4467988" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798666", "to_ids": true, "type": "vhash", "uuid": "447f752e-c46f-48b0-8dc2-bf6b41ada42c", "value": "eeee29802edbca2604f86a55321bafa8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798666", "to_ids": true, "type": "filename", "uuid": "ac949e70-a3e1-419e-8fdc-1bf8e98903b8", "value": "5a3fae1e650483feaf91e8059d04fbee.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798666", "to_ids": false, "type": "text", "uuid": "ffa40f09-5252-48f0-af19-e3d19315b8ac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:16/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859497", "uuid": "be5f951f-9953-4f32-96c9-193b25090c29", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859497", "to_ids": true, "type": "md5", "uuid": "bf92097e-c172-408a-8ff3-d602707a4bbb", "value": "2fc13f1b4663f8f5cc279a2cc2c26a28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859497", "to_ids": true, "type": "sha1", "uuid": "05733d97-157d-404f-a649-0678bd3bb98e", "value": "8d663a5e72c6f5873eb40f35f1e37ad7ce5e7c93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859497", "to_ids": true, "type": "sha256", "uuid": "fe1461db-c860-4838-b71e-b50e9f8809c3", "value": "64bc7adee1f96773a3516bd931a1ba0dde474a288d169c2069b6179062489e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798687", "to_ids": true, "type": "ssdeep", "uuid": "602c1877-61ff-494a-85f9-828cc5895d25", "value": "98304:yYphRS+XUI7izKlCS6gijETOz1USbsRsBU/Xmm9BGQfdFi+OMDJObYkvgIn9BTtx:BVw3XgijYcsj/BdEXMDJjE/iA3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798687", "to_ids": false, "type": "size-in-bytes", "uuid": "e8721454-f8c4-4813-88e3-2d692f9d8246", "value": "6319410" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798687", "to_ids": true, "type": "vhash", "uuid": "fad29289-556d-48a3-a48a-2c511e367c01", "value": "eeee29802edbca2604f86a55321bafa8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798687", "to_ids": true, "type": "filename", "uuid": "ebe7c378-51ed-428d-a1f2-28890b573fb2", "value": "2fc13f1b4663f8f5cc279a2cc2c26a28.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798687", "to_ids": false, "type": "text", "uuid": "4314bc27-1683-4fc2-881b-d72d4014c190", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859499", "uuid": "c11fd09f-46a9-40d5-adc1-34dee6ff7b40", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859498", "to_ids": true, "type": "md5", "uuid": "2319e400-560d-4279-9731-efa887ddeca8", "value": "96e12121401bbdb0dc6e3a0e47af8c94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859498", "to_ids": true, "type": "sha1", "uuid": "5ee80223-48b6-4c06-adbe-a3eca8edfc3d", "value": "86d0272c5b4785838461d543a5be99968f73c39f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859499", "to_ids": true, "type": "sha256", "uuid": "b0f13eaf-a5cd-460d-8f89-1aabfd5dceb2", "value": "974ee77c7eb4854faef1d47577439aac0cc47d42a5f3bd9edfe699fcbec2ad59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798708", "to_ids": true, "type": "ssdeep", "uuid": "a8b975de-9221-49a2-9564-5bd53b29a6ef", "value": "49152:mXb6HyqOOjij0/6UHx7orpv5fOeRhXqfMTGAt3YdgJYGajt9tkIHJAK8jLXf:mXw7OOBCUR07WmNq4GS3/J+jr/p18/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798708", "to_ids": false, "type": "size-in-bytes", "uuid": "255d865b-6364-4557-845e-176eb96d511f", "value": "3524559" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798708", "to_ids": true, "type": "vhash", "uuid": "9c9391d7-4c3f-4ea9-83c3-63fd08f62e9d", "value": "0ee79e1857458c9a6c754ef9e6b4541a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798709", "to_ids": true, "type": "filename", "uuid": "3180fdec-c6cc-48c9-998e-e315fc82a174", "value": "96e12121401bbdb0dc6e3a0e47af8c94.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798709", "to_ids": false, "type": "text", "uuid": "b6607302-cdba-4f20-8253-a13bbc48a712", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859500", "uuid": "76b18142-0746-4b96-aed3-6e3cf3e5bf24", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859499", "to_ids": true, "type": "md5", "uuid": "b5c6360a-2c25-4dec-b3f8-8071613775f0", "value": "1cfc09db2ece8b596c7ae513f100d7a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859500", "to_ids": true, "type": "sha1", "uuid": "8f3ea2ed-4457-4b5e-9cc6-e02938694e22", "value": "e20db7481cd4b717d428ecded61cba976912e442", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859500", "to_ids": true, "type": "sha256", "uuid": "12f0eb68-4cca-480b-a7b8-ea36ff8dedd3", "value": "e5f3880b7169b19ad47ef8f39d5abe81c0ead0c01f3fa68a33626cd9095af1ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798730", "to_ids": true, "type": "ssdeep", "uuid": "b43fcde9-feea-479b-889e-55b5ba6e52c0", "value": "12288:IwGXbSophOalMZSSnQJccBS7tKdXfsh5KL6jY/PLiXYEB83hA09MD/ell1oek7SY:IRNZq3QJAawI+jnSCCMazT4dIPpp+P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798730", "to_ids": false, "type": "size-in-bytes", "uuid": "25dfbc72-382a-4fed-833a-44e047ac0308", "value": "1201758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798730", "to_ids": true, "type": "vhash", "uuid": "612007a9-0847-4e00-8537-754e0c2675c0", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798730", "to_ids": true, "type": "filename", "uuid": "0dbd693b-eef6-4f22-952a-7c7c90bf0058", "value": "1cfc09db2ece8b596c7ae513f100d7a1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798730", "to_ids": false, "type": "text", "uuid": "024aa12c-4aad-48c5-8616-edf23873e4c8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859501", "uuid": "f0ffe573-59b3-4bfd-9849-af6104e47c13", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859501", "to_ids": true, "type": "md5", "uuid": "edd188aa-ff99-4700-b586-f8c2c0b99101", "value": "8d0292f6cae38e67c7984265f5a02698", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859501", "to_ids": true, "type": "sha1", "uuid": "6191c9cc-d41d-4786-a78f-5a818dae2a86", "value": "4b7ba950b06ea3648bdd075070f2b5d2b1932d9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859501", "to_ids": true, "type": "sha256", "uuid": "011382a8-11fc-4117-898c-1b262364f9bf", "value": "4bc73ac96ea09afbd80dc128d9b3e285e4efc5223cfbd11bec0ce445fa4eea9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798751", "to_ids": true, "type": "ssdeep", "uuid": "edd2afcc-2f1b-4a96-a3ac-389937b7399f", "value": "12288:VwGXbSophOalMZSSnQJccBS7tKdXVsyZJjyecrfrkuaJ5SIbeaAhTgLc3x:VRNZq3QJAsdZJj7crfrkVA5hTkch" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798751", "to_ids": false, "type": "size-in-bytes", "uuid": "40a9b0f5-7722-43c4-a9e6-73097019937b", "value": "689653" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798751", "to_ids": true, "type": "vhash", "uuid": "3e998a3e-e49f-426e-ba1e-69bac8b33a8f", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798751", "to_ids": true, "type": "filename", "uuid": "684e7fe9-a21b-4f16-80a5-d93488ad05e3", "value": "8d0292f6cae38e67c7984265f5a02698.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798751", "to_ids": false, "type": "text", "uuid": "13f42ef7-3f7f-470c-b7e4-ee58b2392a20", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859502", "uuid": "3b54ac7b-6f59-429d-bdb4-c196c0509c07", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859502", "to_ids": true, "type": "md5", "uuid": "856bcacb-fc17-4218-b769-9e806d61e469", "value": "e0c3b1a97440a3e4b38583adb361eb54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859502", "to_ids": true, "type": "sha1", "uuid": "438258de-cf3c-4baf-9623-cb173a24421e", "value": "216be9f014648d88f2604fcfd451fdb263d13869", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859502", "to_ids": true, "type": "sha256", "uuid": "a1d1c235-e0e1-43e9-a013-8f6f1635961d", "value": "5fa2f320ae87ee0e2c28423ef30e87cd3f8807dbb1e1cd02c0285a2eee0237a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798772", "to_ids": true, "type": "ssdeep", "uuid": "f1f12efd-7734-4b76-8148-69f0d16f0d0d", "value": "12288:pwGXbSophOalMZSSnQJccBS7tKdXPs0ZJjyecrfrkuaJ5SIbeaAhTRLeKc:pRNZq3QJAmPZJj7crfrkVA5hTBet" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798772", "to_ids": false, "type": "size-in-bytes", "uuid": "cc88b0ee-c3dd-4b92-bf12-0c499bb4daae", "value": "689653" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798772", "to_ids": true, "type": "vhash", "uuid": "dd299aa3-1d03-407f-a9a6-fbeac2b363c7", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798772", "to_ids": true, "type": "filename", "uuid": "a4249fa4-e3bf-4934-88af-6f0cb5413c38", "value": "e0c3b1a97440a3e4b38583adb361eb54.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798772", "to_ids": false, "type": "text", "uuid": "a7aa7482-0654-4aa4-bf1e-b078513a1d30", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859503", "uuid": "ad830d8a-4479-4b63-b13b-20ffbef3d32d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859503", "to_ids": true, "type": "md5", "uuid": "f85d2f95-78b2-4e93-a24b-486bb47acc64", "value": "66e45c9c206fb7b3ebdefa2ac2d5561d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859503", "to_ids": true, "type": "sha1", "uuid": "526cefb7-5846-4579-916f-a37d9cc25b65", "value": "8a831cd90631218c9a228cac4f28d9782eed1ad5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859503", "to_ids": true, "type": "sha256", "uuid": "9be610d7-71bb-40e8-85f3-97b94a829064", "value": "e369af90672b4d2e420be8c381b7fd7f07fb7f32feaac1dc2655462c8107098d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798794", "to_ids": true, "type": "ssdeep", "uuid": "8e11395a-cde8-40fc-849e-9ec72be141f5", "value": "12288:RwGXbSophOalMZSSnQJccBS7tKdXoszhCGRwXLkWwSwljzvLUzp:RRNZq3QJARIRsfwJTU9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798794", "to_ids": false, "type": "size-in-bytes", "uuid": "e1533676-ecee-482d-9a43-e0cedf8d553b", "value": "689966" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798794", "to_ids": true, "type": "vhash", "uuid": "e6d4f00c-7688-400a-b8ec-64bb00df9573", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798794", "to_ids": true, "type": "filename", "uuid": "f90931a4-e816-4f25-bb5a-742427852d85", "value": "66e45c9c206fb7b3ebdefa2ac2d5561d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798794", "to_ids": false, "type": "text", "uuid": "e6d9feaa-5f23-4f8f-9233-e3550fddcdc1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859504", "uuid": "2b38b0c8-31f9-46f2-ab41-6dc7e86d2683", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859504", "to_ids": true, "type": "md5", "uuid": "744d49b5-ed42-4218-8aa5-158544986b37", "value": "e707538576f0ebe3b910317198ec4605", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859504", "to_ids": true, "type": "sha1", "uuid": "3dd633a0-3d5a-4808-98b1-9d14301a16cd", "value": "9c553a3d9a31fbb606212b45ed2b88a7ca4145f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859504", "to_ids": true, "type": "sha256", "uuid": "6f217d63-d075-4f51-9551-f60318d47fe3", "value": "fcf7a2702bc8a736c128f8efe9813439b8d4aebc9909c3c37e892fe97b5b8278", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798816", "to_ids": true, "type": "ssdeep", "uuid": "241ad724-2e4f-4cf8-a0a5-bba9758ac364", "value": "24576:rwL29YgNxhxDbJY84RNZq3QJAawImKMMYmiDqknh5W1gaUiAbGcBBE0:rt5p14HJAasJciDTnjqgXaot" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798816", "to_ids": false, "type": "size-in-bytes", "uuid": "21c141c4-7aea-48c6-afde-6890f1630bec", "value": "1715222" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798816", "to_ids": true, "type": "vhash", "uuid": "a8f9689d-354e-433d-ad28-4c2ae8176eac", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798816", "to_ids": true, "type": "filename", "uuid": "5cef8acd-73e3-4590-b369-420429fa401f", "value": "e707538576f0ebe3b910317198ec4605.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798816", "to_ids": false, "type": "text", "uuid": "dbb75bd7-aae2-4599-8f3e-ad16d6e6ca55", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859506", "uuid": "4c15859f-600c-4bdc-97f1-19f610413bf6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859505", "to_ids": true, "type": "md5", "uuid": "2f81add5-9d8c-4150-952a-214b0ac5dcab", "value": "6dedd7dfc4fec701f7e75f0f899da75c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859505", "to_ids": true, "type": "sha1", "uuid": "30525753-3b61-4b44-bdd2-d8d294374675", "value": "7c8bcb76b70ed5c1e4508d8fb3e068d7d5d954cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859506", "to_ids": true, "type": "sha256", "uuid": "14540fff-09c0-4f78-b59f-0c148c47a7d8", "value": "84223ac5ee374fc396600ddf08fdcd5d728f719ee266f0fe98e03334a3ac9824", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798837", "to_ids": true, "type": "ssdeep", "uuid": "6e5aff9a-17dd-4115-a7e6-e94a2ed185d4", "value": "24576:8EL2uavqQhoE0Cop0fIogM/CbAchTPDmpW7bH8rvIdJHVHaTC8pyb:8dhiB0GM0AcxDmpW38rAdJHVHaTC8Yb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798837", "to_ids": false, "type": "size-in-bytes", "uuid": "74349c0d-6dfe-4718-a801-f3f814746155", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798837", "to_ids": true, "type": "vhash", "uuid": "7e8a738c-7a35-48a5-9359-db3cc65d8561", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798837", "to_ids": true, "type": "filename", "uuid": "b169e821-17a7-4925-a9a6-6be8b5a552be", "value": "6dedd7dfc4fec701f7e75f0f899da75c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798837", "to_ids": false, "type": "text", "uuid": "90d79100-5516-410f-847a-43a468fd208b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859507", "uuid": "1e617ea6-956e-434f-ae08-ba4c4ab96b32", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859506", "to_ids": true, "type": "md5", "uuid": "9d820a53-2fac-4684-b0c0-33992351aec2", "value": "d79fcaac0cc6ceaa26a9b2515515b67e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859507", "to_ids": true, "type": "sha1", "uuid": "215106aa-0a94-4f67-980f-033bcccc2e31", "value": "6ca5b82ebc47c5f1e9250c13f6934349fc22d6a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859507", "to_ids": true, "type": "sha256", "uuid": "0b296761-e87f-46f6-965c-da29a2a1293e", "value": "693b0ed7fe9144420323895b2063aaea9492350950e8d4f2f466cfae9cc9dba6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798859", "to_ids": true, "type": "ssdeep", "uuid": "0d0d67c2-ac0f-4c2c-bfcb-c5a34bc9c120", "value": "24576:hwL2kfFySy609KkWRRNZq3QJAawIS/trIh0F9umFupAozzf+smGrzJjNjy4vorx:haAJVWRHJAas/tkosZ3+sTJjcEcx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798859", "to_ids": false, "type": "size-in-bytes", "uuid": "e949f5cb-d13b-4b46-a872-7f528245d93d", "value": "1715250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798859", "to_ids": true, "type": "vhash", "uuid": "1e7bae48-a4a5-4919-ab6c-edd99182d927", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798859", "to_ids": true, "type": "filename", "uuid": "9b46434b-1858-4816-9a5e-1fc216dfbace", "value": "d79fcaac0cc6ceaa26a9b2515515b67e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798859", "to_ids": false, "type": "text", "uuid": "fb659dca-7a6c-449f-b2ed-58a402a49189", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859508", "uuid": "d66f4576-5c39-4955-b483-61be0e3ce562", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859508", "to_ids": true, "type": "md5", "uuid": "c04b5c8d-b546-427a-92f7-a17fe00cd9d9", "value": "ed68544ce7ab2e2a8eb614b2aa15dcb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859508", "to_ids": true, "type": "sha1", "uuid": "b066ad4f-79f0-40ba-830b-b6210eae7e93", "value": "d4f7d9d5e23411174eab5d76b6e54ceda27a878d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859508", "to_ids": true, "type": "sha256", "uuid": "8edc8133-fc5c-4504-84ed-b8334a22ad78", "value": "e5955fb18f9a8e122db20ab13958da5feb8d85a6965c53494ddca8ea87815431", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798880", "to_ids": true, "type": "ssdeep", "uuid": "447b352b-53c5-4c88-b170-6b3456587921", "value": "24576:7EL2uavqQhoE0Cop0fIygM/CbAchTPDmpW7bH8gvIdJHVHaTC8pyb:7dhiB00M0AcxDmpW38gAdJHVHaTC8Yb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798880", "to_ids": false, "type": "size-in-bytes", "uuid": "b16aa868-f498-49b7-a354-a96a5de555e0", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798880", "to_ids": true, "type": "vhash", "uuid": "43e3d16e-1e84-4b5c-a273-df41b908de34", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798880", "to_ids": true, "type": "filename", "uuid": "affa5c6f-0e1e-41ed-8c8c-07c1200fb608", "value": "ed68544ce7ab2e2a8eb614b2aa15dcb5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798880", "to_ids": false, "type": "text", "uuid": "94532bd4-ecc8-4f33-a25b-eabab66b97bc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859509", "uuid": "be484a76-dcc5-41ca-97e1-4fe36d9ca7e5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859509", "to_ids": true, "type": "md5", "uuid": "9b95a271-15e6-4937-84c0-0e6495629f4f", "value": "00269398a7518b97e124714299323b42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859509", "to_ids": true, "type": "sha1", "uuid": "36c9825e-54f4-4e4d-a760-a2f7d5bf0be3", "value": "7c18c34e4cb334d068b2a228b429c9a24fa101e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859509", "to_ids": true, "type": "sha256", "uuid": "3c1a3e24-eda1-4c08-8546-25901f6a56aa", "value": "54a49cb768e9befef90cf5a7d0580326801992b3285248580114808cf1ca4a96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798901", "to_ids": true, "type": "ssdeep", "uuid": "927f49a6-19a2-4ee6-813f-2f587254d67a", "value": "24576:iRNZq3QJAawI9ZfkvkDQmN8W5wfpa/pbST4dIPpp+d:iHJAambXfE/dST1pI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798901", "to_ids": false, "type": "size-in-bytes", "uuid": "dccc3d5e-059d-466d-8e93-bd9d916bba37", "value": "1201756" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798901", "to_ids": true, "type": "vhash", "uuid": "c1f1a24e-8fdb-4ffe-b859-08b3ff10642b", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798901", "to_ids": true, "type": "filename", "uuid": "bc58bdc8-7f3e-4000-91d1-fc78d3fede72", "value": "00269398a7518b97e124714299323b42.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798901", "to_ids": false, "type": "text", "uuid": "70a69d41-a6fe-4012-a90d-146977e37faf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859510", "uuid": "db0662b4-0e57-44cc-bf12-0664f7afcdff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859510", "to_ids": true, "type": "md5", "uuid": "8d4c6830-9adb-4f0b-b997-e27cefe51c77", "value": "9ff2ab68ef6c496b06b08a4647a6e42a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859510", "to_ids": true, "type": "sha1", "uuid": "e08583ac-2a7b-4aea-aa6c-661cf7907b36", "value": "84c3e4dc896e5b2bf879e0e79c2de50ed874846e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859510", "to_ids": true, "type": "sha256", "uuid": "189d13ef-00a2-41d2-9935-57699e8a6b72", "value": "31987a10406d70b05bea9a050db5f1efa2d8c76df36b4f47def3a2f42bcb400d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798922", "to_ids": true, "type": "ssdeep", "uuid": "3843a1a6-390f-4780-908f-779da38eecc4", "value": "12288:pwGXbSophOalMZSSnQJccBS7tKdXfsh5K56jY/PLiXYEB83hA09MD/elo1oek7SE:pRNZq3QJAawIojnSCCMaST4dIPpp+b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798922", "to_ids": false, "type": "size-in-bytes", "uuid": "9fb18aa1-cf1d-4353-9dac-b8404557e37f", "value": "1201758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798922", "to_ids": true, "type": "vhash", "uuid": "718b028b-3cb7-46fa-b6ce-a7bfb021aae3", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798922", "to_ids": true, "type": "filename", "uuid": "83e01dff-687a-4e65-b09d-e5343f6a263b", "value": "9ff2ab68ef6c496b06b08a4647a6e42a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798922", "to_ids": false, "type": "text", "uuid": "ed6260db-2beb-4e69-9554-c0033cea2c7a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859511", "uuid": "01c88001-5e39-46ee-94ba-996a4b7794ec", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859511", "to_ids": true, "type": "md5", "uuid": "86d2aefb-0ca1-43cb-8db4-f665ad9de7ae", "value": "fe2bd43532f88cfe276ad28e4e2fa968", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859511", "to_ids": true, "type": "sha1", "uuid": "75f25c90-690f-4a9a-acc1-e546a4fd5344", "value": "bb887c4c52b0c70b64e54bd21b512b60d67dbe58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859511", "to_ids": true, "type": "sha256", "uuid": "309c5d17-dc2a-42f8-b597-a68f95d7a5a2", "value": "af19eb995446a4d434d668db1078d52fd86e05adc8e132e4d5beffcc7ec90d27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798944", "to_ids": true, "type": "ssdeep", "uuid": "f00385b6-dc00-44ad-bb77-0d846cc0dca8", "value": "24576:1EL2uavqQhoE0Cop0fIXgM/CbAchTPDmpW7bH8mvIdJHVHaTC8pyq:1dhiB0FM0AcxDmpW38mAdJHVHaTC8Yq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798944", "to_ids": false, "type": "size-in-bytes", "uuid": "f97c41ef-03c9-4177-b2b0-082ed1247e58", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798944", "to_ids": true, "type": "vhash", "uuid": "4100c910-1429-4dc7-8be2-ac22a1336c04", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798944", "to_ids": true, "type": "filename", "uuid": "e7e99bf8-e881-4bba-83f0-089f1fd31ea4", "value": "fe2bd43532f88cfe276ad28e4e2fa968.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798944", "to_ids": false, "type": "text", "uuid": "23169625-b433-4165-be3a-3cb769051274", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859513", "uuid": "24f66e76-fef4-4dab-a463-9ced88fc2555", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859512", "to_ids": true, "type": "md5", "uuid": "8be24468-db69-451b-92be-4529c0563d42", "value": "bf6bdb9b695b485e2d9ec4e1f8dbf132", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859512", "to_ids": true, "type": "sha1", "uuid": "7e6bdcca-6edd-449b-b8ba-ad405f5a72d4", "value": "94baf1c21be2fdb4b4cb67e148f5e9c1a3c78ea6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859513", "to_ids": true, "type": "sha256", "uuid": "031c90ae-2e7e-4055-84b6-6d4b52c248e3", "value": "ce5bb5f72e9bdafaf24da8f9313e02ecdbc0665f0232c9728c83082a5bf9a6b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798965", "to_ids": true, "type": "ssdeep", "uuid": "e0f0c39c-e9cc-42fa-8a64-92913af0900e", "value": "49152:+yIUNgYHJAaaJciDTnjqgbXAEdDbYMAxG:+rwXpKxXqWXAEdDnl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798965", "to_ids": false, "type": "size-in-bytes", "uuid": "f12bac38-b046-4480-9e7d-b3161e77f840", "value": "1715150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798965", "to_ids": true, "type": "vhash", "uuid": "095afa5b-9e84-4301-a572-b0f62fb035d0", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798965", "to_ids": true, "type": "filename", "uuid": "fa1df117-4c78-451e-a3ce-dafa5df49d97", "value": "bf6bdb9b695b485e2d9ec4e1f8dbf132.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798965", "to_ids": false, "type": "text", "uuid": "d17869c7-5b9d-4e39-9047-e71cc1549bc6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859514", "uuid": "e36698ed-4d16-4a34-a5c5-cb60d37e9bad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859513", "to_ids": true, "type": "md5", "uuid": "72505edc-1925-453c-9e01-38804ab02b7d", "value": "a3474bc596fa0e5905dd94061c4351f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859514", "to_ids": true, "type": "sha1", "uuid": "3b4e859b-071e-4ddb-8466-819f148a70d8", "value": "b424e5889b959808992da819ab572f59792f6565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859514", "to_ids": true, "type": "sha256", "uuid": "fd93b940-ca67-4114-8d0d-456263831666", "value": "9a9208add66e1406f9e2c5f4da3ece850ccb83320ef7d5e157152960214ed0e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740798986", "to_ids": true, "type": "ssdeep", "uuid": "e194cbe6-753c-4652-85ab-3c03f6e4aeca", "value": "24576:9EL2uavqQhoE0Cop0fIPgM/CbAchTPDmpW7bH8h:9dhiB0NM0AcxDmpW38h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740798986", "to_ids": false, "type": "size-in-bytes", "uuid": "88adf9eb-fd68-4394-b270-2516be3e6475", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740798986", "to_ids": true, "type": "vhash", "uuid": "ee8f5bd9-cf51-4111-a8a6-0c7dc001f9a4", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740798986", "to_ids": true, "type": "filename", "uuid": "60855d2a-592c-4e46-b224-3209ea0dc7ad", "value": "a3474bc596fa0e5905dd94061c4351f5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740798986", "to_ids": false, "type": "text", "uuid": "fca7c2a0-f2d7-4c7a-a22d-ab4166b06dbf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859515", "uuid": "5782f5ef-6332-4080-8f4a-516a295cac68", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859515", "to_ids": true, "type": "md5", "uuid": "ac66a7ce-e038-45f3-83a5-2b6a7a1fe797", "value": "c5852f6cc94eb9354e8235fe50744d0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859515", "to_ids": true, "type": "sha1", "uuid": "54397489-2f1a-44ab-9031-dff43d8c4d18", "value": "0722ba84781fa8bcf3a158bcfef69808cb7f5dc5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859515", "to_ids": true, "type": "sha256", "uuid": "e592dd2d-51b2-45d5-96fb-d098e6baa61a", "value": "3a46dbebc502141ff20da3278ecf0b29c114bd5b3eeafc3ce5034d784a36befa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799008", "to_ids": true, "type": "ssdeep", "uuid": "64d4026e-41f2-4f84-a6d7-b865e7b3698e", "value": "24576:qRNZq3QJAawI9KMMYmiDqknh5W1gaGT4dIPpp+3:qHJAa3JciDTnjqgVT1p4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799008", "to_ids": false, "type": "size-in-bytes", "uuid": "35328773-e3c8-4753-ac87-ebfc1d377237", "value": "1201838" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799008", "to_ids": true, "type": "vhash", "uuid": "94c32446-a3af-4cdd-8339-5f8aeea3e374", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799008", "to_ids": true, "type": "filename", "uuid": "dda3d2c7-af11-4094-abac-dfdb21a6ed15", "value": "c5852f6cc94eb9354e8235fe50744d0f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799008", "to_ids": false, "type": "text", "uuid": "8915b8ef-d0fc-4f64-8650-4e06ac3d1b68", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859516", "uuid": "f7e9d42b-027e-4ecf-b54c-07ea23437b0e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859516", "to_ids": true, "type": "md5", "uuid": "89045ee4-3cac-40bd-8e4b-46c42f8aec74", "value": "3484e235d1a38be478f46002ac08520c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859516", "to_ids": true, "type": "sha1", "uuid": "f7775250-254b-426c-9264-757129dd89b0", "value": "565055cc4c9242b937750453ab4aa05afdc05076", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859516", "to_ids": true, "type": "sha256", "uuid": "b24080a1-4850-4bb9-b7de-d4ad6e4ff46b", "value": "1712e2132632bf131ae82b662ecc10c212823c605c0acf52516135ba7d658f8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799029", "to_ids": true, "type": "ssdeep", "uuid": "3b265ac9-45d7-4379-8b29-851cfd765348", "value": "24576:iwL2kfFySy609KkWRRNZq3QJAawI4KMMYmiDqknh5W1gaR7Eoal0B6hz7zzAi:iaAJVWRHJAa6JciDTnjqgQ7EpmBK/N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799029", "to_ids": false, "type": "size-in-bytes", "uuid": "80a22d6f-48b1-4910-99ad-23154bd65746", "value": "1715269" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799029", "to_ids": true, "type": "vhash", "uuid": "2fdf8cc6-43dc-45b8-b193-29cab3529f91", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799029", "to_ids": true, "type": "filename", "uuid": "a6b6fc5f-3fe8-4d99-bc05-67dc1c8ec997", "value": "3484e235d1a38be478f46002ac08520c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799029", "to_ids": false, "type": "text", "uuid": "0a3f026f-db6f-4f5e-a63e-361daa37adc7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA77\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859517", "uuid": "a38c3492-9cef-42e1-a9d0-87c3ba27a324", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859517", "to_ids": true, "type": "md5", "uuid": "a99725aa-7442-4c03-bc9a-38970c3d3ebd", "value": "00704c6205674f797ed6e5417475f5e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859517", "to_ids": true, "type": "sha1", "uuid": "b4836e7a-9d47-4491-889e-3d7fbe208318", "value": "e1095326109c253601396e2ee69253daf67b35f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859517", "to_ids": true, "type": "sha256", "uuid": "c196d374-3a33-4002-8fcd-207029c4c74a", "value": "0fbf98fbafbe0b5385b299459d3f56622852adaf762cb208901c3a5e408dac3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799050", "to_ids": true, "type": "ssdeep", "uuid": "e78f0291-c82a-425e-b8a4-c3f9b8bed2c7", "value": "24576:5EL2uavqQhoE0Cop0fIqgM/CbAchTPDmpW7bH8mvIdJHVHaTC8py/:5dhiB08M0AcxDmpW38mAdJHVHaTC8Y/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799050", "to_ids": false, "type": "size-in-bytes", "uuid": "ab753bd4-534f-4d98-9add-98d9d879eb7b", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799050", "to_ids": true, "type": "vhash", "uuid": "215754ef-e686-4d09-a7bb-a0f44a108cde", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799050", "to_ids": true, "type": "filename", "uuid": "2c89f434-68aa-4b1f-8e52-88c82f5e0d11", "value": "00704c6205674f797ed6e5417475f5e4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799050", "to_ids": false, "type": "text", "uuid": "c437d3fa-56d8-4fb2-93f3-0518e19b9c3c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859518", "uuid": "8a83fc2e-67f6-4023-ae7f-2a7bd0dcee61", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859518", "to_ids": true, "type": "md5", "uuid": "e5977aca-0948-47fd-a85e-53b85ecc4e55", "value": "9467647f327d1cdc4f69483f89b7d7cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859518", "to_ids": true, "type": "sha1", "uuid": "a69446ea-fe08-4b9d-85dc-989f4bfa765e", "value": "8b10b32e68b007e98f370f31c9d3832021c67694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859518", "to_ids": true, "type": "sha256", "uuid": "30bc836b-c3ca-4261-b312-6de382433f76", "value": "84053811445244b23a698cfeca898f06eb88f3eec627b2c79d102b1c71c905c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799072", "to_ids": true, "type": "ssdeep", "uuid": "e2c00734-65e2-42a9-ae89-7ed8c4253148", "value": "24576:rEL2uavqQhoE0Cop0fIYgM/CbAchTPDmpW7bH88vIdJHVHaTC8pyP:rdhiB0SM0AcxDmpW388AdJHVHaTC8YP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799072", "to_ids": false, "type": "size-in-bytes", "uuid": "c98326d4-99ea-43f1-8e9b-6149ca080550", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799072", "to_ids": true, "type": "vhash", "uuid": "68a912d6-5445-4111-ab13-ec4cee74b4aa", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799072", "to_ids": true, "type": "filename", "uuid": "9ab6a130-5671-42be-a85b-2d422319b583", "value": "9467647f327d1cdc4f69483f89b7d7cc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799072", "to_ids": false, "type": "text", "uuid": "e46ef2a5-0ad1-4ee6-becc-4fea5b87152e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859520", "uuid": "223018dc-51ba-45c0-a914-784a6f0b7ea4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859519", "to_ids": true, "type": "md5", "uuid": "44d08b0e-f04c-42b0-9528-89448e353d0d", "value": "08dba8ebd687830b21bb4982eee20023", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859519", "to_ids": true, "type": "sha1", "uuid": "1194fef0-1673-4177-a5f6-bec907eb6dfa", "value": "e890c65e1a9f1e44132442b530637601c2cfedd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859520", "to_ids": true, "type": "sha256", "uuid": "a55194ed-228c-4560-8b00-78dcd7147e44", "value": "2df8236b5621a35b223cb20d4852c96bb5ebf58f01992ab090cac7fb2c10126b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799093", "to_ids": true, "type": "ssdeep", "uuid": "1f1fa31a-f4bf-42ea-a081-ab3763feb444", "value": "24576:VEL2uavqQhoE0Cop0fI3gM/CbAchTPDmpW7bH81:VdhiB0VM0AcxDmpW381" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799093", "to_ids": false, "type": "size-in-bytes", "uuid": "4f20b1e9-9b84-4c70-b2b7-479c79a4ddbc", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799093", "to_ids": true, "type": "vhash", "uuid": "0c6504dc-dfc1-4d92-ad88-cc83c4b3cbe4", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799093", "to_ids": true, "type": "filename", "uuid": "c16c619c-d5c6-4e21-a95f-d6a9316b51d4", "value": "08dba8ebd687830b21bb4982eee20023.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799093", "to_ids": false, "type": "text", "uuid": "faf4a0ea-f521-4536-b949-75ee4e7787dc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859521", "uuid": "fadb5ec8-a701-4b16-a96f-f13899984d0a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859520", "to_ids": true, "type": "md5", "uuid": "a660cb0b-fc1f-448a-ab55-47a55a57f9c6", "value": "3fde6562ed7d717efa70fa8012193943", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859521", "to_ids": true, "type": "sha1", "uuid": "33b3ac0f-df9d-465d-94ea-549dafa63659", "value": "93819cb8759df31bef7398ce9db1c64c5189c20c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859521", "to_ids": true, "type": "sha256", "uuid": "65eedaa8-abc2-4b9c-8e1b-1b2be41fbded", "value": "b5ece5401a3ea7012ba1995884dd7ba8e40e33f609e856ede9c2bb7b8ca21ede", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799114", "to_ids": true, "type": "ssdeep", "uuid": "fb254bb7-3cd2-43a5-8190-eefde7fed565", "value": "24576:9EL2NJ2Exi4gLeioIRNZq3QJAawITKMMYmiDqknh5W1gad0B4YzK4lvlWHouk:9Ub/LyIHJAaJJciDTnjqg7iY4k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799114", "to_ids": false, "type": "size-in-bytes", "uuid": "9b17ff26-2ff3-4ba8-baa7-b62590a6c647", "value": "1715149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799114", "to_ids": true, "type": "vhash", "uuid": "dcc76d8d-2eec-4cf1-a928-1efdd4eb91a0", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799114", "to_ids": true, "type": "filename", "uuid": "28546953-2d8f-49f1-b190-52a41313db9a", "value": "3fde6562ed7d717efa70fa8012193943.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799114", "to_ids": false, "type": "text", "uuid": "f5d0580e-d40b-4659-83df-f0cd29f5df7a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859522", "uuid": "f797bacc-0244-41ee-8a9a-4e5cad27e4b2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859522", "to_ids": true, "type": "md5", "uuid": "56ff07a8-87b9-48e3-a84b-75836cf4d8fc", "value": "5fc39f9fdfb5433ae7d79cd331dad2f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859522", "to_ids": true, "type": "sha1", "uuid": "bb9f5306-9d7d-4bdf-8d51-f81e6d618831", "value": "73d6d47324d5d9a58ba822221c21eb32d9b56a24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859522", "to_ids": true, "type": "sha256", "uuid": "93d5c0df-be43-4d40-b410-2926e41beb7c", "value": "13aad2328b55bf63f506d3ea510a39d9a29a9360880f0815783e034b6e093555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799136", "to_ids": true, "type": "ssdeep", "uuid": "38d31ccd-c708-4f13-b303-f5940ff4098f", "value": "24576:EEL2uavqQhoE0Cop0fIEgM/CbAchTPDmpW7bH8uvIdJHVHaTC8pyK:EdhiB0eM0AcxDmpW38uAdJHVHaTC8YK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799136", "to_ids": false, "type": "size-in-bytes", "uuid": "d2d71656-171f-4680-b38d-b0dbeed631c3", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799136", "to_ids": true, "type": "vhash", "uuid": "28245c4b-edbb-4e75-8d31-fed7c75757d0", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799136", "to_ids": true, "type": "filename", "uuid": "e3dcd90e-28bc-40bc-85ae-82e444aa2134", "value": "5fc39f9fdfb5433ae7d79cd331dad2f5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799136", "to_ids": false, "type": "text", "uuid": "7049df47-d5c1-4624-a7cf-77e51b89051e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859523", "uuid": "456df598-3412-49b1-90d5-089ae74bf2de", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859523", "to_ids": true, "type": "md5", "uuid": "ecd39357-b8d8-49b3-befc-c86fb4826ba0", "value": "a1eb67bdbbc241d1ec9ae6cb66dacd7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859523", "to_ids": true, "type": "sha1", "uuid": "c22faa06-63d5-4435-818b-29c8344f532c", "value": "956b5c8bdb7a5bc73456046b2002bc6042b94d11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859523", "to_ids": true, "type": "sha256", "uuid": "abdac336-15d1-4922-a818-9f538d65ba76", "value": "d6bef9cd71721d3b8a456fab3cd79e3d5adaef95faa2aa1df2887d8d500cc676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799157", "to_ids": true, "type": "ssdeep", "uuid": "b2ac16cc-7ccc-45cb-ade1-ddf08fa38b93", "value": "24576:2EL2uavqQhoE0Cop0fI9gM/CbAchTPDmpW7bH81vIdJHVHaTC8pyq:2dhiB0vM0AcxDmpW381AdJHVHaTC8Yq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799157", "to_ids": false, "type": "size-in-bytes", "uuid": "6411be85-6334-4404-a2d9-345b141158c9", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799157", "to_ids": true, "type": "vhash", "uuid": "de1bdbc2-2a72-43e0-b004-7c24c5779413", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799157", "to_ids": true, "type": "filename", "uuid": "a38e1a40-6ed8-498d-bbae-5a6edf7a5c7b", "value": "a1eb67bdbbc241d1ec9ae6cb66dacd7e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799157", "to_ids": false, "type": "text", "uuid": "c4044d05-7034-4c63-af1e-4de561150046", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859524", "uuid": "598bbd73-0baf-41c3-99ca-689df0ce7c7f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859524", "to_ids": true, "type": "md5", "uuid": "d0600d0c-2da8-49fc-ba0d-91b167d10946", "value": "41adc6683e4fd68109d748ed67341904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859524", "to_ids": true, "type": "sha1", "uuid": "def1b58b-cdf6-450b-8a19-a2e7a74352b1", "value": "df7008f974cc6cf91ef8774dcbfa8de09c04c157", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859524", "to_ids": true, "type": "sha256", "uuid": "50a7e4a4-78ca-43a9-9fc9-c929f801026d", "value": "7e2f8919db2abca22b9f38a874b754cf50a1acdbfef64e8dc30da292cdf00185", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799179", "to_ids": true, "type": "ssdeep", "uuid": "416118e3-68c0-497b-8c1f-d79a05d5d2ec", "value": "24576:QwL2kfFySy609KkWRRNZq3QJAawIeHQjOrf+smGrzJjNjy4voa:QaAJVWRHJAa4QKr+sTJjcET" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799179", "to_ids": false, "type": "size-in-bytes", "uuid": "bc3d79c5-412b-4054-bb94-432b32bda1b0", "value": "1523258" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799179", "to_ids": true, "type": "vhash", "uuid": "3a490f47-29cf-448d-a926-083ac7342536", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799179", "to_ids": true, "type": "filename", "uuid": "4bafb186-4a40-4ae7-a682-8857b794c85d", "value": "41adc6683e4fd68109d748ed67341904.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799179", "to_ids": false, "type": "text", "uuid": "ae37693f-face-4a09-b202-8527a1dc0850", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859525", "uuid": "ae984c35-07d7-4734-ac14-513f22c0e8da", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859525", "to_ids": true, "type": "md5", "uuid": "662f6bf3-dd84-48a4-ace9-7c07167329d7", "value": "db1cbe6ffdc11cee2c59ee989c6cae54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859525", "to_ids": true, "type": "sha1", "uuid": "6e3c119a-6c67-4af7-8a65-ba5bad919108", "value": "8065ac802407ead2d64be8910691a16f6298a61d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859525", "to_ids": true, "type": "sha256", "uuid": "1e484b73-64aa-455e-80cd-da880dcbb886", "value": "678ea7798a3579421482a090590259f511a80d73e99e90ffbd8c2ff464c85f06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799200", "to_ids": true, "type": "ssdeep", "uuid": "22780b23-3b72-45b8-a6e0-4a6d7a742948", "value": "24576:fEL2uavqQhoE0Cop0fIxgM/CbAchTPDmpW7bH81vIdJHVHaTC8pyZ:fdhiB0XM0AcxDmpW381AdJHVHaTC8YZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799200", "to_ids": false, "type": "size-in-bytes", "uuid": "342345fc-2c6c-43fc-a317-19e37ff16677", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799200", "to_ids": true, "type": "vhash", "uuid": "0e752013-c65b-440e-afdf-d5a5eab1ecac", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799200", "to_ids": true, "type": "filename", "uuid": "ebc086d2-371b-463e-a988-8c4adc0cf218", "value": "db1cbe6ffdc11cee2c59ee989c6cae54.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799200", "to_ids": false, "type": "text", "uuid": "1c466bb5-de05-46e8-8d30-2470c8ee5489", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:34/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859527", "uuid": "1893d3cf-3b2d-477d-afce-1963a1bd7935", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859526", "to_ids": true, "type": "md5", "uuid": "9264dfa9-f1dc-48c8-bcd9-a275de8f3c35", "value": "99cfd71de11627e6c612741b6a17d5d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859526", "to_ids": true, "type": "sha1", "uuid": "3f9333bd-0fdf-43a5-b050-c0f4e3af3f36", "value": "2ab4a32bcab2634d089af7f1bbb7770cc9d042b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859527", "to_ids": true, "type": "sha256", "uuid": "5f45a697-cdd3-4e8c-9e79-66fdf938f254", "value": "677631486112e15d4e6421b004f031d9dc6aff97e0dba1c58a982b202777f178", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799221", "to_ids": true, "type": "ssdeep", "uuid": "ac82e8f8-7c7c-4a61-9528-1dc28bfebb5d", "value": "24576:jwL2gEgzbLd25inVaRNZq3QJAawIKKMMYmiDqknh5W1gaSEsgiwHzo2DuF:jqTksVaHJAa4JciDTnjqg6sgXTE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799221", "to_ids": false, "type": "size-in-bytes", "uuid": "255dcdb0-add9-4bd7-a8f9-efc505433f03", "value": "1715183" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799221", "to_ids": true, "type": "vhash", "uuid": "0284947c-5d10-4a4c-9068-efd19e8992fa", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799221", "to_ids": true, "type": "filename", "uuid": "5734d5a9-c8eb-4a3e-b982-a9d967b41807", "value": "677631486112e15d4e6421b004f031d9dc6aff97e0dba1c58a982b202777f178.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799221", "to_ids": false, "type": "text", "uuid": "bcfa7d71-acf0-4ca8-b461-295803f112e1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859528", "uuid": "b0a92846-9b73-411f-9318-9f5bbdb98ede", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859527", "to_ids": true, "type": "md5", "uuid": "adb49d51-8714-460f-9dc1-14104e421b4e", "value": "c85e8ee61e0b7eed8995f253ac2162bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859528", "to_ids": true, "type": "sha1", "uuid": "73457ac1-14aa-454b-8a27-7fce0d9c0c61", "value": "7fa0f7bc7a937168cc9f59ec8928e0c1063872db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859528", "to_ids": true, "type": "sha256", "uuid": "eb1f90fc-686e-413b-80fa-dd49c9774cb5", "value": "b5dd17b1aece9cd73ad8063eb2de344955605c9f559c1eaf37a243b8edb62962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799243", "to_ids": true, "type": "ssdeep", "uuid": "6f5bf8dd-b997-4a98-9d30-8841a2a5c170", "value": "24576:MEL2NJ2Exi4gLeioIRNZq3QJAawIWBiurGv3j6pM5SpJ80B4YzK4lvlWHouD:MUb/LyIHJAa5yGPOZpviY4D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799243", "to_ids": false, "type": "size-in-bytes", "uuid": "6e21c5b2-a9ba-4e03-9061-0c1177e9664e", "value": "1714786" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799243", "to_ids": true, "type": "vhash", "uuid": "ad9f814c-b576-417e-a306-95d84f452249", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799243", "to_ids": true, "type": "filename", "uuid": "d0f72f8c-fe32-4bd3-9bcf-cac97b46093d", "value": "c85e8ee61e0b7eed8995f253ac2162bd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799243", "to_ids": false, "type": "text", "uuid": "98d368a3-5977-425b-b9f7-fa1eb2407d93", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859529", "uuid": "ae3e39eb-adec-4746-b3c7-22d6bc85b0b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859529", "to_ids": true, "type": "md5", "uuid": "3feb1e71-a600-4427-ba08-c14ba87031a3", "value": "3873932b88436f5f045577dcafbf2134", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859529", "to_ids": true, "type": "sha1", "uuid": "d05944a1-08b1-4746-a3ab-cb514b435aaa", "value": "aa08c1c64365c1e9f76aac842436c07752306009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859529", "to_ids": true, "type": "sha256", "uuid": "89e11864-d8fb-4939-8ca3-32188a956fe5", "value": "7d1e074d50a0bd13b51904c3c08acc9b7eabffaca08cbdf6aecba42da8df3a3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799264", "to_ids": true, "type": "ssdeep", "uuid": "cff59478-1159-4220-a482-871a672c0ace", "value": "12288:0wGXbSophOalMZSSnQJccBS7tKdXvDWc/N64MnfNPj5KL:0RNZq3QJAwWoN65fFIL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799264", "to_ids": false, "type": "size-in-bytes", "uuid": "0f88f2ed-e386-495e-bda3-2e3ad0a287d2", "value": "686420" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799264", "to_ids": true, "type": "vhash", "uuid": "95236fd6-18b8-4a49-801f-221c1a6567ed", "value": "214f919060e8ca5692c9a1ab54ddbb3f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799264", "to_ids": true, "type": "filename", "uuid": "e162b2e9-76b1-4929-9f9a-60c38046a462", "value": "3873932b88436f5f045577dcafbf2134.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799264", "to_ids": false, "type": "text", "uuid": "ac8c567b-4204-4cee-809f-53e3ff4006b7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859530", "uuid": "fe0c31aa-8078-44de-8297-ccaea60910da", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859530", "to_ids": true, "type": "md5", "uuid": "b7772fb0-b8a4-4d6f-beff-068366fa28e7", "value": "68642f801dfc8910356a958ab36500ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859530", "to_ids": true, "type": "sha1", "uuid": "d39ad709-dfb2-436a-b96b-f115bdd9b0a2", "value": "55a84ac6a566d2452cd64e1211f6938837c67e7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859530", "to_ids": true, "type": "sha256", "uuid": "059a4762-fed8-4ade-b50e-027f3d6767a8", "value": "d82e3c3633e2f01834b01efbbabf46fa2bcd132303b99a3442733c8f09870930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799287", "to_ids": true, "type": "ssdeep", "uuid": "a3fdf314-b2e4-44e8-8462-b79092040171", "value": "24576:KEL2uavqQhoE0Cop0fISgM/CbAchTPDmpW7bH81vIdJHVHaTC8pyp:KdhiB0EM0AcxDmpW381AdJHVHaTC8Yp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799287", "to_ids": false, "type": "size-in-bytes", "uuid": "d636c8e7-42f8-4ef0-9a8d-ec5f9db46fa1", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799287", "to_ids": true, "type": "vhash", "uuid": "e7a0f053-c0fd-4d11-a28d-8db41ebfa6df", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799287", "to_ids": true, "type": "filename", "uuid": "6603346b-0eb5-4e14-8aec-ec012787f4dd", "value": "68642f801dfc8910356a958ab36500ae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799287", "to_ids": false, "type": "text", "uuid": "481762af-1b8b-478f-af4b-eb0531bdd89d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859531", "uuid": "293254bf-ec94-4e82-9da0-1d8643b1df7e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859531", "to_ids": true, "type": "md5", "uuid": "d9913e44-8ac4-41b3-a5b1-3b97ea555a04", "value": "83984a1d6cd9e73c64c14dd11bda76ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859531", "to_ids": true, "type": "sha1", "uuid": "1d2600e5-792f-4907-84f2-507fc71c2f2b", "value": "58182aaa2ddfefce02b22bb95e61a889e87c1ff5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859531", "to_ids": true, "type": "sha256", "uuid": "c4b5eb9e-ad82-4dc7-b051-f341e2bade2c", "value": "a186aa9682774c1f2e81b8e40ce313ec19c49910cb55a0e5ca86317ca121e790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799308", "to_ids": true, "type": "ssdeep", "uuid": "a056f9fa-6fe4-441d-9a49-b63e84a2f038", "value": "24576:1SqL+pg6PGWjfTZ4bsRNZq3QJAawIdKMMYmiDqknh5W1garryHbiYQvxkrnWnWa:8+6+eGsHJAajJciDTnjqg2rEbikrI7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799308", "to_ids": false, "type": "size-in-bytes", "uuid": "50cbf04a-5991-421c-be52-552a9546c0b2", "value": "1715423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799308", "to_ids": true, "type": "vhash", "uuid": "81eb2086-3717-44da-b1b8-a8b9f2344653", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799308", "to_ids": true, "type": "filename", "uuid": "da57d2fc-f938-484b-956c-35bb8f8a94ab", "value": "83984a1d6cd9e73c64c14dd11bda76ff.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799308", "to_ids": false, "type": "text", "uuid": "716f487e-3d8b-4049-aed6-70509692a6eb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859532", "uuid": "3c28740a-bf6f-4440-b0eb-25f636c3733a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859532", "to_ids": true, "type": "md5", "uuid": "d79a55e6-45e6-413e-9cf9-96247906ab8f", "value": "4a6632daacbeaf4b3b86f2ef4aee7c58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859532", "to_ids": true, "type": "sha1", "uuid": "045342b9-0970-47ee-a580-a1fc2de5c539", "value": "b8a85fd804282f06ef3959224e3ce4c8bb82f5fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859532", "to_ids": true, "type": "sha256", "uuid": "ed8b3a5d-7628-4290-a274-1f3c3e0767b8", "value": "cf8714278b9e97e98697ff66de7d0800c1f786eb6bc6b7d1466c8deb58283f14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799330", "to_ids": true, "type": "ssdeep", "uuid": "c21162ba-ab28-4fe1-8471-153f4dc8b54f", "value": "12288:swGXbSophOalMZSSnQJccBS7tKdXfsh5K76jY/PLiXYEB83hA09MD/eln1oek7Su:sRNZq3QJAawIOjnSCCMahT4dIPpp+J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799330", "to_ids": false, "type": "size-in-bytes", "uuid": "d9b5d732-9489-4ade-995d-5751824cc69a", "value": "1201758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799330", "to_ids": true, "type": "vhash", "uuid": "027df64e-7107-4a81-b94e-71297670c966", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799330", "to_ids": true, "type": "filename", "uuid": "f23d08e1-89c2-45dd-a695-d566932ac1a5", "value": "4a6632daacbeaf4b3b86f2ef4aee7c58.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799330", "to_ids": false, "type": "text", "uuid": "4cfc382c-140e-49ae-8073-aea053ef4cc2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859534", "uuid": "773bc80b-6fd5-4034-b33e-3a4585e5e6ba", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859533", "to_ids": true, "type": "md5", "uuid": "6573a62b-7840-4063-b7c6-d7dd335a58af", "value": "41eff3b7fae4ab7cfe7df43c72dc695a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859533", "to_ids": true, "type": "sha1", "uuid": "25edfa75-8436-4723-9bf8-7f08f87ba39c", "value": "adef0426ba512b1ec5d63efce493ba68560869f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859534", "to_ids": true, "type": "sha256", "uuid": "6ecdc127-c947-4431-bd42-58ed74e2f77d", "value": "26ddb8ff1deed4358167445b462c922f2c7b60cec352f166a6a3d64af8631fa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799351", "to_ids": true, "type": "ssdeep", "uuid": "cb602648-702b-4443-ada7-b8c025ef2e7b", "value": "24576:yUzrET+hXrT75qe1RNZq3QJAawI2KMMYmiDqknh5W1gafPGaIp6F+fJI:yHsH7T1HJAaoJciDTnjqgCua7AW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799351", "to_ids": false, "type": "size-in-bytes", "uuid": "4f09d8ec-a311-48f2-a522-33ece7e9453d", "value": "1715498" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799351", "to_ids": true, "type": "vhash", "uuid": "fc5300c5-5bd6-4124-98ff-42dc79333825", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799351", "to_ids": true, "type": "filename", "uuid": "dd7a42ee-78ff-4b09-9db0-5df4ba34309a", "value": "41eff3b7fae4ab7cfe7df43c72dc695a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799351", "to_ids": false, "type": "text", "uuid": "685efcf0-603f-4d89-ad86-852571a1475d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859535", "uuid": "6024cc18-8de0-4cef-b552-082549d11223", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859534", "to_ids": true, "type": "md5", "uuid": "1c4ec8c3-8702-4c59-8fa1-25a7d95b21ab", "value": "886f64cfc6f5c41694f6fafe823cec4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859535", "to_ids": true, "type": "sha1", "uuid": "80e0a7a8-dfe7-4068-812a-6ab9d14cb86e", "value": "2e205004e054955ed3056d0675fd3c7f4c1b9065", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859535", "to_ids": true, "type": "sha256", "uuid": "44e51bcf-28f4-4cb1-a977-3903c6f2f03e", "value": "ee8e4e78b0b628620bffd510634a60c01dffcddac6294d9f5c55c09caed0c231", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799373", "to_ids": true, "type": "ssdeep", "uuid": "d108695f-c052-4240-8012-d6bcd6f26b61", "value": "12288:7wGXbSophOalMZSSnQJccBS7tKdXfsh5Ko6jY/PLiXYEB83hA09MD/ell1oek7So:7RNZq3QJAawIVjnSCCMazT4dIPpp+h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799373", "to_ids": false, "type": "size-in-bytes", "uuid": "dca0e6ec-2f1f-4ead-8828-506fec15fd42", "value": "1201755" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799373", "to_ids": true, "type": "vhash", "uuid": "27a70bd7-7d4e-4a6f-9328-5281bd892cb5", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799373", "to_ids": true, "type": "filename", "uuid": "4ee249d9-3dac-44c5-9dcf-b465bf1b50e3", "value": "886f64cfc6f5c41694f6fafe823cec4a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799373", "to_ids": false, "type": "text", "uuid": "68b3682e-1287-4e08-8150-a93ea6551237", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859536", "uuid": "7d68ba81-2a19-4e2d-aebb-461f0a4ee09a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859536", "to_ids": true, "type": "md5", "uuid": "96e63804-8325-4f08-add7-6afd883cec72", "value": "53d2a870906826f5c63fe26c2b14f238", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859536", "to_ids": true, "type": "sha1", "uuid": "be78fd8f-a63f-41ec-9785-f5e09493725f", "value": "89c5d6ad1c71fbfa502ef13332808fd99ec81ffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859536", "to_ids": true, "type": "sha256", "uuid": "a1ef2c85-b034-45c9-8a4c-86a1d001724f", "value": "819af50d594e927b8900c2964b079fb38175dd58f8c7754911240ef325b49ac1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799394", "to_ids": true, "type": "ssdeep", "uuid": "d2896ad5-72d5-4d1b-9157-1cfeb0be2a7c", "value": "24576:FwL2kfFySy609KkW4RNZq3QJAf7IeHQjOBf+smGrzJjNjy4vo6:FaAJVW4HJAfDQKJ+sTJjcEv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799394", "to_ids": false, "type": "size-in-bytes", "uuid": "795bbeeb-c4b5-4651-acdb-323f09c062a2", "value": "1523268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799394", "to_ids": true, "type": "vhash", "uuid": "37171826-2b9d-4715-b54e-8ecb7cc236b5", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799394", "to_ids": true, "type": "filename", "uuid": "df9954f7-a980-4a3a-a34c-25339b764bff", "value": "53d2a870906826f5c63fe26c2b14f238.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799394", "to_ids": false, "type": "text", "uuid": "16bfc100-56f7-4fd2-bb92-5fa3c563a481", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859537", "uuid": "8799fae8-56cd-4cb9-8026-2eeee0c88bfe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859537", "to_ids": true, "type": "md5", "uuid": "27ff3309-40e9-48bb-a507-65909dc5dbe4", "value": "d32d32a857b1dac154602687c7376839", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859537", "to_ids": true, "type": "sha1", "uuid": "77c04127-d798-4789-979e-b6b47478a738", "value": "59ddc262e0a7bc550c68bb3072aced37594f47c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859537", "to_ids": true, "type": "sha256", "uuid": "31869546-6600-47e7-9834-c89992f4d83d", "value": "e3f7b59dd3830a7da2c1fa975dce3da9ba46f2d52b70f19717755447dbf26c0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799415", "to_ids": true, "type": "ssdeep", "uuid": "b58d25cd-5000-489e-bf61-d7e8710891ee", "value": "24576:EwL2kfFySy609KkWRRNZq3QJAawIk/trIh0F9umFupAozzf+smGrzJjNjy4voyX:EaAJVWRHJAam/tkosZ3+sTJjcENX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799415", "to_ids": false, "type": "size-in-bytes", "uuid": "44bd04be-441f-49b6-8f30-8335d52b58c6", "value": "1715250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799415", "to_ids": true, "type": "vhash", "uuid": "8193eebd-0061-4010-a9d3-840b6daa6bfa", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799415", "to_ids": true, "type": "filename", "uuid": "6445665d-d55d-4cdb-b94f-169758e00241", "value": "d32d32a857b1dac154602687c7376839.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799415", "to_ids": false, "type": "text", "uuid": "2c86881e-52c1-4d47-b44b-0b9b996b14eb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859538", "uuid": "c8506759-f178-4974-be27-cddefac0992a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859538", "to_ids": true, "type": "md5", "uuid": "b1dbc348-44de-4be5-b471-fc71d441b4b6", "value": "ce418ff95aa06a99231281a3920840fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859538", "to_ids": true, "type": "sha1", "uuid": "8f7a553c-421a-4531-90a1-0f172502e2fe", "value": "627e4071647e5102f8bf0db0ad9023e93de39513", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859538", "to_ids": true, "type": "sha256", "uuid": "28c22ca9-a21b-4ff7-8c17-26b5fa0d5fce", "value": "277b821cc79a3e90578dd9a883f6f2f4073d7891591c6780afc6b66f84e26507", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799437", "to_ids": true, "type": "ssdeep", "uuid": "6c178825-b90f-44c3-a482-71719fcc8a07", "value": "24576:BEL2uavqQhoE0Cop0fI6gM/CbAchTPDmpW7bH8uvIdJHVHaTC8pyn:BdhiB0oM0AcxDmpW38uAdJHVHaTC8Yn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799437", "to_ids": false, "type": "size-in-bytes", "uuid": "86220873-b61e-4bf2-a461-fe8b876f5c66", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799437", "to_ids": true, "type": "vhash", "uuid": "8d74e50e-171a-4331-b895-c3343a4491d5", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799437", "to_ids": true, "type": "filename", "uuid": "e4436ed9-1f97-45c6-8980-769fd7115832", "value": "ce418ff95aa06a99231281a3920840fd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799437", "to_ids": false, "type": "text", "uuid": "cb35ffdc-3ffb-4597-a2cc-2652d8857241", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859539", "uuid": "e9d536de-d2a0-4d7c-ad13-cb7cc52692f3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859539", "to_ids": true, "type": "md5", "uuid": "1117f64a-f9a6-420d-bebd-20bc9f83a91d", "value": "698bdac56c17323f26713f3154a13c25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859539", "to_ids": true, "type": "sha1", "uuid": "fd7cf8bf-7f74-4640-bc46-7fd4187b0adf", "value": "db66fccb0c310c08bef2073272ba2959a870d32f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859539", "to_ids": true, "type": "sha256", "uuid": "fa3ca3da-5d9c-4a1b-b680-8f31e0db82d3", "value": "19fb6a22cee5d6136b3ac34d12936f742d3562145d1320152e19687715eeff14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799458", "to_ids": true, "type": "ssdeep", "uuid": "2f55f0df-f7df-4e2c-b51c-98010b6d3a92", "value": "24576:zEL2NJ2Exi4gLeioIRNZq3QJAawIHKMMYmiDqknh5W1gaP0B4YzK4lvlWHouQ:zUb/LyIHJAaFJciDTnjqg1iY4Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799458", "to_ids": false, "type": "size-in-bytes", "uuid": "444c9fd6-7409-4733-ae71-dfc7cf66ce3d", "value": "1715149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799458", "to_ids": true, "type": "vhash", "uuid": "21c5f043-9852-41a1-a8bf-0b48a5fdffc8", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799458", "to_ids": true, "type": "filename", "uuid": "afe61f4a-e386-47ee-87c8-ef200e055723", "value": "698bdac56c17323f26713f3154a13c25.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799458", "to_ids": false, "type": "text", "uuid": "44232825-1792-46c6-8ef9-ac7a67e3775c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859541", "uuid": "a64e7039-6377-44be-a944-ee838af2c4f1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859540", "to_ids": true, "type": "md5", "uuid": "08981b68-feb3-4f08-9c3d-99d61d1b48e0", "value": "9f244be4eae53c8986436ab19f2a87bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859540", "to_ids": true, "type": "sha1", "uuid": "5a751ab3-6eac-4855-9d45-6e0f42efa14a", "value": "d5444a9ed5fd6bb44fde63879f26731c2c9329de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859541", "to_ids": true, "type": "sha256", "uuid": "24c8dd37-17ab-4dd5-af0c-c67bc5dde483", "value": "4cac9e8a21a7fb414c679f230c2b3537856b5976f9028f975d815aafebe3156f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799480", "to_ids": true, "type": "ssdeep", "uuid": "0de936b2-b7f9-4734-b793-7943917fac85", "value": "24576:bEL2NJ2Exi4gLeioIRNZq3QJAawIaKMMYmiDqknh5W1gad0B4YzK4lvlWHoul:bUb/LyIHJAasJciDTnjqg7iY4l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799480", "to_ids": false, "type": "size-in-bytes", "uuid": "8d7636d3-2490-476b-ae5b-0cef044220da", "value": "1715149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799480", "to_ids": true, "type": "vhash", "uuid": "958b6931-6485-46a2-9b7c-33ee050e749b", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799480", "to_ids": true, "type": "filename", "uuid": "6fc116c5-b15d-4627-9c62-002b2c609e05", "value": "9f244be4eae53c8986436ab19f2a87bb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799480", "to_ids": false, "type": "text", "uuid": "32b7607f-d82a-4b94-84a5-1b14d4c7400c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859542", "uuid": "27f23076-689e-4db3-ad9e-d22103f47271", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859541", "to_ids": true, "type": "md5", "uuid": "c3e7ff4c-4c22-43ff-aa57-a5f283290942", "value": "668917816abded2ebafcddacb6f7184e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859541", "to_ids": true, "type": "sha1", "uuid": "683814f5-0ceb-48f8-8b2b-d0d5d4fc5635", "value": "dc54aa8d7c9b20910d62186f8ac93fc9717a38a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859542", "to_ids": true, "type": "sha256", "uuid": "d2cca5f0-49ca-4004-88e5-5769f8cf9f29", "value": "5749012efcf8a3d4454541f1c367115049035096bed4c3482477f6848b307552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799501", "to_ids": true, "type": "ssdeep", "uuid": "c3df444b-e51c-4587-baf9-a9007f2b83bf", "value": "24576:+EL2NJ2Exi4gLeioIRNZq3QJAawIFKMMYmiDqknh5W1ga+0B4YzK4lvlWHouk:+Ub/LyIHJAa7JciDTnjqgqiY4k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799501", "to_ids": false, "type": "size-in-bytes", "uuid": "34a69b7f-ed6e-4e49-a301-8d5a28c0b641", "value": "1715149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799501", "to_ids": true, "type": "vhash", "uuid": "af55823d-b1cb-4387-b32b-01d5567b667f", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799501", "to_ids": true, "type": "filename", "uuid": "9b5b4b08-718a-4703-9f16-b5b0399cccf1", "value": "668917816abded2ebafcddacb6f7184e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799501", "to_ids": false, "type": "text", "uuid": "9c95cb9f-9942-4374-a16c-31216c74320d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859543", "uuid": "3f610f1c-424b-4d43-8270-f3f99591dc21", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859542", "to_ids": true, "type": "md5", "uuid": "baf3e0ce-8c36-4c14-98e3-eebc1d9876bf", "value": "c9b27da95aa95185f4e442ff580acdab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859543", "to_ids": true, "type": "sha1", "uuid": "3913110e-6ab8-470b-b30c-a64fa82bec0c", "value": "64e704c32aeb22f3d53875fae697a82124c92675", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859543", "to_ids": true, "type": "sha256", "uuid": "1cb27f90-37f4-495c-8721-b423ef26f327", "value": "3611f6eb1f5ef3388a0a9f860d5a4ac02f28bd80fd88abe2ccd84ee1cdd02180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799522", "to_ids": true, "type": "ssdeep", "uuid": "0a6c3fe3-a01d-40eb-9a2c-5f55706b253f", "value": "24576:fRNZq3QJAawI7ZfkvkDQmN8W5wfpa/pbLT4dIPpp+H:fHJAasbXfE/dLT1pq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799522", "to_ids": false, "type": "size-in-bytes", "uuid": "d92c0446-1374-4ae2-8be3-034ffbb138c2", "value": "1201756" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799522", "to_ids": true, "type": "vhash", "uuid": "f49546da-3c60-4954-a224-423a3304c981", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799522", "to_ids": true, "type": "filename", "uuid": "cad851a5-df49-4932-8549-91f4b783745a", "value": "c9b27da95aa95185f4e442ff580acdab.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799522", "to_ids": false, "type": "text", "uuid": "707e116e-298f-46d7-bd1b-32db563f84e9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAAA\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859544", "uuid": "a7675547-21ec-499c-a8cf-3a7acfdb6366", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859544", "to_ids": true, "type": "md5", "uuid": "104fca48-3389-4d0d-8120-4825b4d2bfd3", "value": "99c38faa6a68d48d233922f11272d1e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859544", "to_ids": true, "type": "sha1", "uuid": "d966c3ff-3f98-4161-927d-42dfd70c049b", "value": "96b4392a7fc36f4aa0ddc766e0ba46693087cbdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859544", "to_ids": true, "type": "sha256", "uuid": "56e654b7-0c7f-46a8-b424-25f4d1fc29f9", "value": "cea7e316d02877a713b84ae6e159d3ea68ac3d0c07b3557816ad601d4ea45d5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799544", "to_ids": true, "type": "ssdeep", "uuid": "670cbf87-4fc9-40b4-8e9b-75e7a391549a", "value": "24576:cwL2kfFySy609KkWRRNZq3QJAawITKMMYmiDqknh5W1gaDf+smGrzJjNjy4voh:caAJVWRHJAatJciDTnjqga+sTJjcEq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799544", "to_ids": false, "type": "size-in-bytes", "uuid": "b2826552-2b56-4434-869a-fab6fd33fab8", "value": "1715270" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799544", "to_ids": true, "type": "vhash", "uuid": "a18a2965-316f-49e2-8294-486e4707f47d", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799544", "to_ids": true, "type": "filename", "uuid": "54573000-39dd-4ace-a3ef-8dfc66569879", "value": "99c38faa6a68d48d233922f11272d1e9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799544", "to_ids": false, "type": "text", "uuid": "a85d5b8a-fbfd-4737-9cdc-672c40057c4a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859545", "uuid": "0e095a8e-d049-4bd9-b5a1-afeacb1c3f88", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859545", "to_ids": true, "type": "md5", "uuid": "4c7bccf3-8142-465a-bc71-73e2b70a8bac", "value": "89e5da60bec5aa2d74bd71a4a1d09c18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859545", "to_ids": true, "type": "sha1", "uuid": "476495a1-3b31-4d34-ad1e-f4f97e4e43ac", "value": "4d2c94a3e133a4fc62e9192b5114d0c18af268bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859545", "to_ids": true, "type": "sha256", "uuid": "c4d388a1-fc1c-4bd1-8ddf-9511cae652df", "value": "fe4487ca8e8b523e13d12bf900b305817c69e5d68bbe79d3e13d4e255969b98f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799565", "to_ids": true, "type": "ssdeep", "uuid": "ccee0b61-9ff0-40f7-a104-8be67c74765c", "value": "24576:fEL2uavqQhoE0Cop0fIdgM/CbAchTPDmpW7bH88vIdJHVHaTC8pyg:fdhiB0TM0AcxDmpW388AdJHVHaTC8Yg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799565", "to_ids": false, "type": "size-in-bytes", "uuid": "f7f3e2dd-db3e-4939-acad-ec2c3a57a8dc", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799565", "to_ids": true, "type": "vhash", "uuid": "1d8be1b3-e839-4375-bc42-f8c674fdec0b", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799565", "to_ids": true, "type": "filename", "uuid": "fec014a4-e518-431f-a796-62930aca3008", "value": "89e5da60bec5aa2d74bd71a4a1d09c18.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799565", "to_ids": false, "type": "text", "uuid": "471a8bd8-f6d6-4889-a6cd-3b6804be4278", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859546", "uuid": "fdf2595a-97c4-4aed-b4b7-9cb87b70e106", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859546", "to_ids": true, "type": "md5", "uuid": "41d31c99-9118-49ff-8f83-6d537e734e08", "value": "cbd4ba076a84d6f107c6fe1fc4fe2c5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859546", "to_ids": true, "type": "sha1", "uuid": "50af1fc8-d1ba-4291-9b38-347ebe6fad01", "value": "f1ea22e79544b1387a80b6c01b832c76c17520b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859546", "to_ids": true, "type": "sha256", "uuid": "987ac2f8-2974-4ca2-b3fb-0e84f9aa5b61", "value": "9345015bfd3d01c7c604f46e765d124d4177d6d59d9967c3c425f6d1c799001c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799586", "to_ids": true, "type": "ssdeep", "uuid": "baa037c2-59da-47ec-8408-23d1d3441dfa", "value": "24576:mEL2uavqQhoE0Cop0fIZgM/CbAchTPDmpW7bH8pvIdJHVHaTC8pyK:mdhiB0HM0AcxDmpW38pAdJHVHaTC8YK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799586", "to_ids": false, "type": "size-in-bytes", "uuid": "3ff4123b-5c57-4dea-9c15-e0d30de539ab", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799586", "to_ids": true, "type": "vhash", "uuid": "fc7f2a1a-6a2d-4ba0-aa63-a939a1639bce", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799586", "to_ids": true, "type": "filename", "uuid": "e54d20ec-54a1-4d27-a041-5624a7813544", "value": "cbd4ba076a84d6f107c6fe1fc4fe2c5c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799586", "to_ids": false, "type": "text", "uuid": "796a4f17-e5ba-424e-a3f0-7caaba1c69e0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859547", "uuid": "000f5e22-dd50-4181-b779-8383fa326957", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859547", "to_ids": true, "type": "md5", "uuid": "fdd070d8-2afa-4836-8553-c24a19dfb4ae", "value": "b3fa8912484218a27c37fa216171c5a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859547", "to_ids": true, "type": "sha1", "uuid": "9a813fa0-922f-4768-8e80-26ca90fb05b9", "value": "53683276b45a602226937b1af279f7825830c312", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859547", "to_ids": true, "type": "sha256", "uuid": "146b017e-b637-41a3-9dbc-90ee98b9f12a", "value": "d216ea16d9521c2116060e29ed8a9bc06a971b32a56c905a1c9303ce6d2c5f6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799608", "to_ids": true, "type": "ssdeep", "uuid": "45f69ed6-25ad-41a7-9b98-08e894b74c81", "value": "24576:9EL2uavqQhoE0Cop0fIygM/CbAchTPDmpW7bH8qvIdJHVHaTC8pyk:9dhiB0MM0AcxDmpW38qAdJHVHaTC8Yk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799608", "to_ids": false, "type": "size-in-bytes", "uuid": "c7c0f0f9-4417-4ce2-ab8e-7ca4c6a47394", "value": "1339177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799608", "to_ids": true, "type": "vhash", "uuid": "b928b16c-9cb9-4f20-b11b-949bfda44537", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799608", "to_ids": true, "type": "filename", "uuid": "bf03d4d7-5afa-4766-bc62-3054fe7f96f2", "value": "b3fa8912484218a27c37fa216171c5a1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799608", "to_ids": false, "type": "text", "uuid": "f8df0975-573e-4fc4-b94e-b5f0d53e964a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859549", "uuid": "23edb82f-0e36-4da5-ac73-85a457f6dd9d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859548", "to_ids": true, "type": "md5", "uuid": "1fba2741-371f-41d2-b726-d47056bec271", "value": "edfb18d055109c78ff1d671c6908480d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859548", "to_ids": true, "type": "sha1", "uuid": "540f92ed-474a-41f5-812b-6a27e01d97a5", "value": "b30176e7d1393ee5e6c60ab1d5bf1c13f3ff8b7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859549", "to_ids": true, "type": "sha256", "uuid": "e925399e-e59d-4609-9ef6-7dc20f021397", "value": "3207f0bc934e06b22971036cbc5fe6ae01ace76521388cc13294578e8cbe28fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799629", "to_ids": true, "type": "ssdeep", "uuid": "5c0d8114-7445-4900-98c5-f9b5be80dec4", "value": "24576:vEL2uavqQhoE0Cop0fIZgM/CbAchTPDmpW7bH8t:vdhiB0vM0AcxDmpW38t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799629", "to_ids": false, "type": "size-in-bytes", "uuid": "44ac1258-206b-4fd3-9fad-b68f9fbe30f0", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799629", "to_ids": true, "type": "vhash", "uuid": "df06c630-f2a5-4589-a413-b8ea32dae6bf", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799629", "to_ids": true, "type": "filename", "uuid": "fc1a3d13-4fa9-40cc-b0de-6d611ac73c9c", "value": "edfb18d055109c78ff1d671c6908480d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799629", "to_ids": false, "type": "text", "uuid": "c0a565d8-bfba-4fc7-bb17-6e1e33df04ba", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859550", "uuid": "5badac14-30b2-496c-b0a4-420a5e9dc83b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859549", "to_ids": true, "type": "md5", "uuid": "6fc638fb-ad61-4dfa-a46b-c69176360a79", "value": "e516132efcf468dafc5f2bfa72f445c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859550", "to_ids": true, "type": "sha1", "uuid": "643cadfe-bd36-4468-b025-e0883823ea6e", "value": "0793477a2e681de9ecde4a7deec97acee2f5a381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859550", "to_ids": true, "type": "sha256", "uuid": "cc5f5ee9-9459-4654-94ae-19407dc1c705", "value": "0e90cc41f2851ec6c2c01190a466097c172ed4552425fb13122bb881367665b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799650", "to_ids": true, "type": "ssdeep", "uuid": "3605196a-3216-4ce3-8625-f941772ee768", "value": "24576:9EL2uavqQhoE0Cop0fIrgM/CbAchTPDmpW7bH88vIdJHVHaTC8pyU:9dhiB0lM0AcxDmpW388AdJHVHaTC8YU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799650", "to_ids": false, "type": "size-in-bytes", "uuid": "6e0bb44e-f70d-433d-84dd-579fb7c3b625", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799650", "to_ids": true, "type": "vhash", "uuid": "8de2afde-43f0-457a-9d75-0726d142b791", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799650", "to_ids": true, "type": "filename", "uuid": "8d95c57f-f9cf-4da4-953a-3efe8ba76d9f", "value": "e516132efcf468dafc5f2bfa72f445c8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799650", "to_ids": false, "type": "text", "uuid": "92e2faf2-ca24-476a-9082-376f53dbc46a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859551", "uuid": "ab4812e9-fde3-47b0-a5d1-9587f5b09ef0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859551", "to_ids": true, "type": "md5", "uuid": "7fafeb9d-4344-438a-ad0a-90d4a5247e4b", "value": "2c0cbf426af3f186fe765fc759a58d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859551", "to_ids": true, "type": "sha1", "uuid": "e7f87ee7-1c2c-42bb-8b7d-45f649655da0", "value": "34a4125869b2c529a3b2a2d1fdedc8b366151acf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859551", "to_ids": true, "type": "sha256", "uuid": "734c7b89-a15d-482b-aace-484b74d7fc99", "value": "effc4e6a183a3a91f6720a32da4cdab39f0a46fc1f7c1fda89ca3af16ba872de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799672", "to_ids": true, "type": "ssdeep", "uuid": "d3fd6a67-7ba6-4371-94b2-b96c2535837e", "value": "24576:iEL2uavqQhoE0Cop0fIqgM/CbAchTPDmpW7bH8uvIdJHVHaTC8pyG:idhiB0EM0AcxDmpW38uAdJHVHaTC8YG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799672", "to_ids": false, "type": "size-in-bytes", "uuid": "6efe791b-c581-4b59-8546-7913951449ed", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799672", "to_ids": true, "type": "vhash", "uuid": "342a807f-50db-4620-acb2-340337bfe721", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799672", "to_ids": true, "type": "filename", "uuid": "fe403dc0-d042-4edd-b1a5-0a95f9dae692", "value": "2c0cbf426af3f186fe765fc759a58d61.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799672", "to_ids": false, "type": "text", "uuid": "8207ddda-bb0c-421f-867a-3aa4374b8f16", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859552", "uuid": "05f69906-b7e3-4647-b76d-428994e87d42", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859552", "to_ids": true, "type": "md5", "uuid": "71527029-f544-4a63-9345-626dc6079566", "value": "57d2db70ceeaed381f88113ddba16f85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859552", "to_ids": true, "type": "sha1", "uuid": "0730595e-44f4-45a8-b9c4-e3c97ecc3fbe", "value": "2cf9bbb75daebb7bf45f3ff4eb2e070d06df7811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859552", "to_ids": true, "type": "sha256", "uuid": "4ee91d1b-6b8b-4e6d-b3d6-d6924cdc8264", "value": "3938213719e2430af2082409f3e34f01f76e0c57fdb58342cbb2d7dadd37777f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799693", "to_ids": true, "type": "ssdeep", "uuid": "48273131-8a74-4049-800d-a5bdff67a82f", "value": "49152:AASTxhA5Eitg5kHGY7V5gciR33ktiDBswT+MVGW+q9v4K3MTUcLoviKq:XSTxhA5htg5kHGY7VsR33/DBsS+rq9vM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799693", "to_ids": false, "type": "size-in-bytes", "uuid": "61027a1f-f38c-47e3-b306-5104966df609", "value": "1747527" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799693", "to_ids": true, "type": "vhash", "uuid": "6d2565ef-7a7b-4472-a072-de0c3167b685", "value": "496b4d7626663ace7d075df59eeb7ab8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799693", "to_ids": true, "type": "filename", "uuid": "bafcf7d9-630a-4fb5-bcbb-c0816f6bfcfc", "value": "57d2db70ceeaed381f88113ddba16f85.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799693", "to_ids": false, "type": "text", "uuid": "bd793a70-347e-4d86-99a3-4eb80bc2d51e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859553", "uuid": "0998ff4a-5879-4fe4-a5ad-4bee669dd554", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859553", "to_ids": true, "type": "md5", "uuid": "c4a87f41-cb8a-4915-9ad4-eeb49936d9dc", "value": "70693a0fdc86ec7664288a759c729b18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859553", "to_ids": true, "type": "sha1", "uuid": "7a09f640-6efa-450b-856c-9a925f9b2e67", "value": "9abe5260de010b033537a5b46d301f449c9f7610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859553", "to_ids": true, "type": "sha256", "uuid": "6c2dce2c-fdc3-4bba-b02e-f440da75268a", "value": "0efcf6f10bb39a9996da03e4b9d17ca203500697857ef23caffdd47786bc4432", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799714", "to_ids": true, "type": "ssdeep", "uuid": "596e079d-1fad-49cf-90f1-c1ad5e966ca3", "value": "196608:p4taxtrbGMEZBV27+Ps5hRpjCUO0CDk988e2CFwNEjIVpY4C:p4tybGBZB65RfBop81DSjIct" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799714", "to_ids": false, "type": "size-in-bytes", "uuid": "ef2d2a12-6992-4eee-8f4d-bea6a24cb874", "value": "9351183" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799714", "to_ids": true, "type": "vhash", "uuid": "c9f354a0-cca8-43ad-930c-94d97f469a6e", "value": "1f34f51eedf17994e4f26ce125c65bdc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799714", "to_ids": true, "type": "filename", "uuid": "fa12bd49-ce10-4c8c-902d-055a3febabf1", "value": "70693a0fdc86ec7664288a759c729b18.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799714", "to_ids": false, "type": "text", "uuid": "659f84a3-5867-4a66-92c0-94d8db982e68", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA4E\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859554", "uuid": "91b34c6a-90f9-4add-abb2-e5d5b3b6422b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859554", "to_ids": true, "type": "md5", "uuid": "0c1830e8-599e-4e0f-abd8-a204ab5f0db8", "value": "2cb7835e675aa6656f8ba998fb28bce6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859554", "to_ids": true, "type": "sha1", "uuid": "89ca210f-c2af-42d3-b69f-1b4b629551b8", "value": "2612d3bbe2ca2d496b64de2d35da3ecadd681b50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859554", "to_ids": true, "type": "sha256", "uuid": "e94971bb-4d23-4372-a16c-e475f5ca2536", "value": "5666e9b1d246c85e90ea50135a0923c33cb96db5dd1573cb9c08487215854f15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799736", "to_ids": true, "type": "ssdeep", "uuid": "18832296-6fb3-4c37-9343-48bbbf3705f9", "value": "24576:ZFpc/q86lgm6tDv38FQYxlYdxY0t3i9zwTPJZ0zZT4wgtqTl0aVA4C9Oz8YoLKf:pc/H2gm6tcKdO0lsstZsmcTlvbCeQY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799736", "to_ids": false, "type": "size-in-bytes", "uuid": "0ddb760f-57a8-4ad7-9236-a0d17b23e4f2", "value": "1878919" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799736", "to_ids": true, "type": "vhash", "uuid": "b5cc605d-855d-4d1d-a308-dc30df294479", "value": "0251c4e652aa27872dd6d11a72b904be" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799736", "to_ids": false, "type": "text", "uuid": "746efe4e-78dc-40da-bb5f-7ab0934f86f3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859556", "uuid": "f950c7b0-aab9-4a1f-b3c6-f165af4a32a5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859555", "to_ids": true, "type": "md5", "uuid": "eb985288-d27e-407e-8223-39b779a2b01d", "value": "bca107a77fae004026d7be46e2cb79d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859556", "to_ids": true, "type": "sha1", "uuid": "63c687f7-0a5b-4371-9769-889f557b6d40", "value": "5d12a334c3e29217d859ef485a61e6f1e8add44f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859556", "to_ids": true, "type": "sha256", "uuid": "f69dfc4f-00ac-406c-86a2-0b5764de0a4b", "value": "289b7379787ca37419b8e233e9b7e15588dd2a78e21dbcdd86ffaac094721142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799757", "to_ids": true, "type": "ssdeep", "uuid": "dc27a7df-c06a-4278-80d3-7acd3bb72848", "value": "12288:W3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUL6lN5KJX88j0o1:2YVaLQj87HinJL8ZCHULIIJl1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799757", "to_ids": false, "type": "size-in-bytes", "uuid": "08e9d687-2c0b-4433-b971-166388e43346", "value": "667282" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799757", "to_ids": true, "type": "vhash", "uuid": "55eab542-af50-426a-9c82-db68bf0c70e0", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799757", "to_ids": true, "type": "filename", "uuid": "603cd125-c515-4578-852e-c59977de0686", "value": "bca107a77fae004026d7be46e2cb79d6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799757", "to_ids": false, "type": "text", "uuid": "a68ca030-e57e-4f59-b52f-c5345a9c745d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859557", "uuid": "1db8fbf3-70b6-40de-9c4b-b6ad8ba39fe2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859557", "to_ids": true, "type": "md5", "uuid": "95100a4a-578e-4d01-b774-e3dc7f35a07b", "value": "6cd0f53bb610c433266311a9e3127092", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859557", "to_ids": true, "type": "sha1", "uuid": "658543c3-5750-4228-a9af-d0340b8e0215", "value": "d95e8cabc37e70928f7ae19a67ca43b13aa032a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859557", "to_ids": true, "type": "sha256", "uuid": "ba59cdda-103e-422d-afd0-da10a2f68508", "value": "a03d707a5b4e582308ab9b13e58d18e95971a674831057adb3c52e4a79aedbc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799778", "to_ids": true, "type": "ssdeep", "uuid": "57db0669-4616-4385-839b-0022b134f806", "value": "12288:8b/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KJFu0h/T8rJg21zXS5q:0YVaLQjs7HinJL8ZCHU0FIJvh4rR1m5q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799778", "to_ids": false, "type": "size-in-bytes", "uuid": "addaad55-8dcc-44dc-8cd5-cd118cbbeb9b", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799778", "to_ids": true, "type": "vhash", "uuid": "e162341c-cf98-40fd-b136-84bb11a63b2a", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799778", "to_ids": true, "type": "filename", "uuid": "9e36c801-121b-47f1-adfb-bc09f61d6198", "value": "6cd0f53bb610c433266311a9e3127092.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799778", "to_ids": false, "type": "text", "uuid": "c5098514-eed9-4883-8e63-8cc9ba0fc2fc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859558", "uuid": "4f5dc969-e8e8-4fdd-8308-20eab180fe2a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859558", "to_ids": true, "type": "md5", "uuid": "5f4e5907-f14e-4f24-8ab1-e17fd1487d8c", "value": "3862c85abb0e26da72291f80d4b4f369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859558", "to_ids": true, "type": "sha1", "uuid": "a69ede11-bca6-471d-b2d0-4e6a6d638d97", "value": "292481294740a62f6b03dff8f62a561d748fd703", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859558", "to_ids": true, "type": "sha256", "uuid": "236dbb2a-3174-44a9-a4a0-20682d4f79a5", "value": "5feed721a252e9a6115f725f82355897f7b5b6f21927c58fa159fab960099aed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799799", "to_ids": true, "type": "ssdeep", "uuid": "7e10ef44-af38-4a1c-8d3d-700abc639ba8", "value": "12288:Ib/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VUv6lN5KxX88j0o5j:YYVaLQjs7HinJL8ZCHUvIIxl5j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799800", "to_ids": false, "type": "size-in-bytes", "uuid": "62aca52a-8528-427c-987d-c7f136208ae4", "value": "667283" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799800", "to_ids": true, "type": "vhash", "uuid": "d66d8b3b-275b-4773-9c60-a8d8879706f6", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799800", "to_ids": true, "type": "filename", "uuid": "7ded5633-3544-4e87-8b87-b25591153858", "value": "3862c85abb0e26da72291f80d4b4f369.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799800", "to_ids": false, "type": "text", "uuid": "6e77e08e-cc36-4090-a2f6-18d0e18af449", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859559", "uuid": "26680dc4-75fe-476e-bae4-96f198dabc38", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859559", "to_ids": true, "type": "md5", "uuid": "0ed501c2-b608-4b3c-90d9-28f21100e21a", "value": "f2af19833461b7512ce8cf6e20d011f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859559", "to_ids": true, "type": "sha1", "uuid": "cb201a86-98ce-424b-8814-bc1b62b1fbbf", "value": "ce1967084161ec5de75944430005f62899393a56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859559", "to_ids": true, "type": "sha256", "uuid": "65a4a2ec-92ef-4add-bd36-1d0ada98a076", "value": "ec91a410459720d693bf4c6d257c000b894caa7fc39d73b621a4d3a4e16a45af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799821", "to_ids": true, "type": "ssdeep", "uuid": "ad01c02e-9f63-41e3-9733-bce49bd06c55", "value": "12288:O3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUo6lm5KZFu0h/T8rJg21zXS5g:eYVaLQj87HinJL8ZCHUoFIZvh4rR1m5g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799821", "to_ids": false, "type": "size-in-bytes", "uuid": "d384d0f1-3aa1-456f-8b41-8dde77b2e232", "value": "867642" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799821", "to_ids": true, "type": "vhash", "uuid": "171e9024-7009-4ca8-bc0a-3f262be0a9eb", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799821", "to_ids": true, "type": "filename", "uuid": "33e76a30-b2b0-490e-babf-0d874f56d121", "value": "f2af19833461b7512ce8cf6e20d011f1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799821", "to_ids": false, "type": "text", "uuid": "dc5e2098-633c-4c07-9790-b2e233dbb2aa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859560", "uuid": "a146b0da-e72c-410d-98c5-1c715bdf52cf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859560", "to_ids": true, "type": "md5", "uuid": "ae7ebae1-ba7c-4ade-8e38-ba692a0c287c", "value": "920119dfc1673eb6fef0e0511de880f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859560", "to_ids": true, "type": "sha1", "uuid": "c768d41b-376b-42c9-8395-52d6efaa794a", "value": "e6f6adbbdef2d7b8249c2c34550ad04522819dd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859560", "to_ids": true, "type": "sha256", "uuid": "824372a8-8e73-489f-a501-14862509f6a5", "value": "e1b5a72bf738750c0de97e3fd836ad8c2b04a563346cb91304db0457f3f7189e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799842", "to_ids": true, "type": "ssdeep", "uuid": "2d6ba4a7-2be9-433c-b0ff-0065df91a6b1", "value": "12288:tpuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1Cs4nSvE5K0:3ISo0ah2NRUpNjODg4JSvEI0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799842", "to_ids": false, "type": "size-in-bytes", "uuid": "4166d4d2-fa2c-4a92-9788-afcd7380f8f7", "value": "666762" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799842", "to_ids": true, "type": "vhash", "uuid": "7f36f213-df68-4d27-ab3e-5afc8ea9ebf4", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799842", "to_ids": true, "type": "filename", "uuid": "50f8cd1f-6707-4784-af45-6b7ce678074e", "value": "920119dfc1673eb6fef0e0511de880f9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799842", "to_ids": false, "type": "text", "uuid": "12cd6302-a922-4a7e-ab73-ae7edb39fe47", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859562", "uuid": "ce44d4c1-42b1-431b-a3e3-e33bd50c15f0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859561", "to_ids": true, "type": "md5", "uuid": "7e2057d8-7d9f-4ddb-986b-41afb5b9c169", "value": "121fff4ad9fbb1f092c1bb7ca3f6f2f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859561", "to_ids": true, "type": "sha1", "uuid": "207aa380-700e-4c5b-8c10-5653bb671b35", "value": "0a662befee849282355c6741b1dc664e55a24ea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859562", "to_ids": true, "type": "sha256", "uuid": "07f378e4-7f07-449a-8b32-e4d31de8665d", "value": "d808f7840c5b947cec29e17f634784a682431c000a7b1e5af1053a94ece0274a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799864", "to_ids": true, "type": "ssdeep", "uuid": "88a0e59e-0a74-49ad-ac51-3a12bedabe86", "value": "12288:tPuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw11sHnSvl5Kb:hISo0ah2NRUpNjODgTeSvlIb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799864", "to_ids": false, "type": "size-in-bytes", "uuid": "d1a10be9-3a48-4e1b-bfb7-c0c00f0598dd", "value": "666762" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799864", "to_ids": true, "type": "vhash", "uuid": "217091e2-fd29-418f-8201-da559184c814", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799864", "to_ids": true, "type": "filename", "uuid": "9e18899e-b8a0-4e38-85e9-04bddb8a1067", "value": "121fff4ad9fbb1f092c1bb7ca3f6f2f5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799864", "to_ids": false, "type": "text", "uuid": "d4509d1c-008c-4c94-b358-b709dd1f97a5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859563", "uuid": "d1213a87-63f2-465b-9572-329eb38ad312", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859563", "to_ids": true, "type": "md5", "uuid": "09231c2a-12a1-4f46-8d4d-4e17c7bdaf4a", "value": "b98025df811f3e3d746930cb3f45ffba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859563", "to_ids": true, "type": "sha1", "uuid": "42032d5c-7c93-452b-be9c-d7391e21f139", "value": "a01f01e1fb71eef258bb13a711f442f220c5470f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859563", "to_ids": true, "type": "sha256", "uuid": "bba72cd1-c2ec-4d8c-8639-55d576038b84", "value": "b5fc871120b583610b97977346c5d00db7d13c62d451eeed5d8654611d01af1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799885", "to_ids": true, "type": "ssdeep", "uuid": "d9939b48-3374-463c-90da-093c759e0326", "value": "12288:eb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KZFu0h/T8rJg21zXS58:aYVaLQjs7HinJL8ZCHU0FIZvh4rR1m58" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799885", "to_ids": false, "type": "size-in-bytes", "uuid": "31f4b083-002d-4466-95f3-60b8a26bf564", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799885", "to_ids": true, "type": "vhash", "uuid": "1dcf2283-6ebd-424e-af9f-8bad0d2a0d42", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799885", "to_ids": true, "type": "filename", "uuid": "5ba5a6fa-5948-41d6-b760-65ff0ad0b1ef", "value": "b98025df811f3e3d746930cb3f45ffba.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799885", "to_ids": false, "type": "text", "uuid": "243e580d-a635-4a9e-832d-7c2fe74a55d9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859564", "uuid": "76a34cfa-7bac-4e6f-a380-08e35957b6b3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859564", "to_ids": true, "type": "md5", "uuid": "76f65451-5941-4e53-8bd7-1f0bc9e1eac2", "value": "35e9704996108ed7ba8198d0f974dc44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859564", "to_ids": true, "type": "sha1", "uuid": "05acdf7f-48df-4d3b-b8b7-47ff488bce90", "value": "4d17242540ec8b3b2121b4ef9e709ee2e2705891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859564", "to_ids": true, "type": "sha256", "uuid": "492e7a50-5c5e-4095-8e7b-d58d9929fe0a", "value": "b93e6aad857860c49a9eb331581319a848c05042c873429acbd7f870f2afcfc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799906", "to_ids": true, "type": "ssdeep", "uuid": "5cb3069e-16f8-4fc0-9db6-630528369481", "value": "12288:+3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUL6lN5KhX88j0ol:OYVaLQj87HinJL8ZCHULIIhll" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799906", "to_ids": false, "type": "size-in-bytes", "uuid": "cd8ccfc7-f0c5-45c0-8f25-68c41f86254e", "value": "667282" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799906", "to_ids": true, "type": "vhash", "uuid": "d18d4a41-77bb-40cb-98ca-2c185be10a0f", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799906", "to_ids": true, "type": "filename", "uuid": "3a269ff4-ffce-409e-bc0f-aebceb3255e3", "value": "35e9704996108ed7ba8198d0f974dc44.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799906", "to_ids": false, "type": "text", "uuid": "eac5334e-5245-442a-93a8-34e62a963a3e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859565", "uuid": "36f4ec47-a89a-4ce0-aff0-b329b0d06f84", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859565", "to_ids": true, "type": "md5", "uuid": "ee5f7223-52eb-4d90-aa6f-433c22e9f9d8", "value": "83aa39986af59fa656652f6e3bb686e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859565", "to_ids": true, "type": "sha1", "uuid": "2235df02-a3de-4ceb-9af2-cc3f3909b735", "value": "b43fb877639cb9499456e75f9dbcb7b0a4737f65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859565", "to_ids": true, "type": "sha256", "uuid": "1206355e-6275-4b18-b77c-c9a476accfae", "value": "974ea5d474addc1f02834ff01395b67780a27983c4cdb032a8179f8ca23fa2fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799927", "to_ids": true, "type": "ssdeep", "uuid": "41a012a5-4c2c-4bfc-bb14-fd584b51ac30", "value": "12288:V3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUo6lm5KJX88j0oO:1YVaLQj87HinJL8ZCHUoFIJlO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799927", "to_ids": false, "type": "size-in-bytes", "uuid": "6cf6021d-b6e8-45f4-894b-2452657b5038", "value": "667273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799927", "to_ids": true, "type": "vhash", "uuid": "68925e33-27b4-44fa-9e8d-50d8912bc004", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799927", "to_ids": true, "type": "filename", "uuid": "0a2c50e7-f020-4461-87a5-717c99693dfc", "value": "83aa39986af59fa656652f6e3bb686e3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799927", "to_ids": false, "type": "text", "uuid": "3d7b24aa-b218-4b1e-89b9-cf6d459b0c09", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859566", "uuid": "9529b071-8267-495f-a5f8-2db2f0cb5186", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859566", "to_ids": true, "type": "md5", "uuid": "c82b4e89-b404-4625-b919-aaf6c008d9d4", "value": "a3a37fbc961dfe7cadeb85501d5cf0a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859566", "to_ids": true, "type": "sha1", "uuid": "2aa83e42-7a23-4e6d-b36a-9e741b8fb61e", "value": "1687562d7cabfb70c21edc6bed72dac446d30c23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859566", "to_ids": true, "type": "sha256", "uuid": "8af4b489-e5ab-442b-96d9-ec6660122142", "value": "383ad2075487d69fbcb5f82e5b6d8603260d983b83f007c05c8be29f33df57d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799949", "to_ids": true, "type": "ssdeep", "uuid": "e9790d2e-a76c-469f-9fb7-dc38afb5bc96", "value": "12288:CAuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1ps7nSvx5K5:dISo0ah2NRUpNjODgf6SvxI5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799949", "to_ids": false, "type": "size-in-bytes", "uuid": "ba83860a-7f52-42ef-94be-61d439abb90d", "value": "666764" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799949", "to_ids": true, "type": "vhash", "uuid": "f7c8e613-b35b-41d4-b0d1-934957bd9c1f", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799949", "to_ids": true, "type": "filename", "uuid": "3dc455d0-563c-465b-adc6-4ad35ec9b81b", "value": "a3a37fbc961dfe7cadeb85501d5cf0a1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799949", "to_ids": false, "type": "text", "uuid": "2f414954-8e37-4f0e-8cc5-ff48fe7635c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859568", "uuid": "935eb4c4-feba-4c3c-8457-c9a68f3b3f91", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859567", "to_ids": true, "type": "md5", "uuid": "a4e2ede1-c2d2-4e50-87f5-4e897b8cdedb", "value": "a50d1ddc3bf8b50d14abff02de066c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859568", "to_ids": true, "type": "sha1", "uuid": "eb947106-d6c9-4392-953b-84491879920e", "value": "140d0aeade124097346e742d14133e98204e013b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859568", "to_ids": true, "type": "sha256", "uuid": "128d92ad-11b1-4b54-b7c5-b4213b3a9cd4", "value": "74a7ec59a03ff6d8389b5757485abd2a63b4c0ecca6492cb35b06c899a60cbd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799970", "to_ids": true, "type": "ssdeep", "uuid": "1ea48413-c20b-4668-b738-9e6f90be9574", "value": "12288:Lb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VUv6lN5K3E4tRV:nYVaLQjs7HinJL8ZCHUvII3ptf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799970", "to_ids": false, "type": "size-in-bytes", "uuid": "6e5b890a-afea-48fb-a4ae-9d50b919c77f", "value": "667040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799970", "to_ids": true, "type": "vhash", "uuid": "9dfb7d05-2d09-4c3d-bba4-3cf4f293944c", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799970", "to_ids": true, "type": "filename", "uuid": "688796ff-2859-4266-ac37-0e7248008533", "value": "a50d1ddc3bf8b50d14abff02de066c05.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799970", "to_ids": false, "type": "text", "uuid": "4b44ece3-4b37-49f1-a25c-7ad293e421d0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859569", "uuid": "8daffa95-7dc9-4220-96b2-18e9e902dd5d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859569", "to_ids": true, "type": "md5", "uuid": "6f80257c-aafe-4f0d-812f-b5fe91a714e7", "value": "baaffeb4df2689c1f1e980fd17afc32f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859569", "to_ids": true, "type": "sha1", "uuid": "15974593-214c-4338-b68c-8a40fa357688", "value": "246b54f0c7401ceea4d3621d7a665cbb0c9ec1eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859569", "to_ids": true, "type": "sha256", "uuid": "3a0deacd-006c-4899-9555-898d37188b31", "value": "b5183660eb86f5574bc5556349901f3c23e4e483b91f6ddf5a79fad783ef3f8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740799992", "to_ids": true, "type": "ssdeep", "uuid": "8ee774b6-47fd-4f3a-9bf4-60f25af79d10", "value": "12288:Xb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KTFu0h/T8rJg21zXS5B:rYVaLQjs7HinJL8ZCHU0FITvh4rR1m5B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740799992", "to_ids": false, "type": "size-in-bytes", "uuid": "78561119-055a-4f6b-adc4-995912237edb", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740799992", "to_ids": true, "type": "vhash", "uuid": "6e80e791-583e-412e-b019-13870d93db08", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740799992", "to_ids": true, "type": "filename", "uuid": "c60e7bc5-aa4e-4b01-a0ed-aad2e7681f11", "value": "baaffeb4df2689c1f1e980fd17afc32f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740799992", "to_ids": false, "type": "text", "uuid": "06581569-ccc3-4408-9116-4f50af5d383a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859570", "uuid": "3bf54264-e25f-4b79-a3f2-45dac469d176", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859570", "to_ids": true, "type": "md5", "uuid": "0f9c89d5-a2d1-4f90-b690-b591decb71e9", "value": "9c8d9e8f7039cb9c77e5f5ad5b190391", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859570", "to_ids": true, "type": "sha1", "uuid": "3dd95835-84f6-423e-86e1-8827ba77b5e7", "value": "d46c526d3cf32cf1a137ad0e1a4dce4be32879a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859570", "to_ids": true, "type": "sha256", "uuid": "93f07191-cbd1-42f3-94ff-73364b19bf77", "value": "0bc9401e90e087f29d5794c24354fb0b2078586aaedfe49c5c9ef3829f0db1f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800013", "to_ids": true, "type": "ssdeep", "uuid": "213dae70-a234-46de-89f6-5b3a61e9ab4d", "value": "12288:P8uaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1isunSvi5Kj:WISo0ah2NRUpNjODgQXSviIj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800013", "to_ids": false, "type": "size-in-bytes", "uuid": "f6608ef3-161d-4294-b3a9-7e848f405168", "value": "666775" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800013", "to_ids": true, "type": "vhash", "uuid": "89084131-d306-4bdb-a72b-3e57fb3b4d86", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800013", "to_ids": true, "type": "filename", "uuid": "6b7d87ed-e6ea-4f78-983f-1aa7e7c37de8", "value": "9c8d9e8f7039cb9c77e5f5ad5b190391.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800013", "to_ids": false, "type": "text", "uuid": "73f0aedc-17f2-4de3-8827-94e5a7c691b0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859571", "uuid": "31cd839a-5dd0-4c98-a195-c1f588fbe8bf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859571", "to_ids": true, "type": "md5", "uuid": "6b53eb28-6733-4eb2-bf1a-253e71bd889e", "value": "6bba9ae6692f66afdd0f643c0242c630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859571", "to_ids": true, "type": "sha1", "uuid": "6e873d48-f19d-474d-b30b-abc61d84dc75", "value": "da47014c615c42089e2a802f0fedebb67f57a696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859571", "to_ids": true, "type": "sha256", "uuid": "01e26472-6ae6-4ee4-bf0f-8eacb7efdebc", "value": "bc68296e89db102cab93d337044a937ebd1dd35d421a472460b081c527654a30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800034", "to_ids": true, "type": "ssdeep", "uuid": "e03478c0-6323-4e6d-b268-64951938f4fa", "value": "12288:O3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUo6lm5KZFu0h/T8rJg21zXS5v:eYVaLQj87HinJL8ZCHUoFIZvh4rR1m5v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800034", "to_ids": false, "type": "size-in-bytes", "uuid": "659376e7-3ed8-44fd-bee4-e68f44bcf33c", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800034", "to_ids": true, "type": "vhash", "uuid": "fbabf113-a8da-4642-a066-3c797feb0897", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800034", "to_ids": true, "type": "filename", "uuid": "f5a4f0df-71a0-4247-a433-25c53bf19836", "value": "6bba9ae6692f66afdd0f643c0242c630.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800034", "to_ids": false, "type": "text", "uuid": "dbdd4ab8-3a0b-4612-a3c6-54addb49c2bc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859572", "uuid": "6b9fb023-b997-4c1f-ba92-19a175767515", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859572", "to_ids": true, "type": "md5", "uuid": "16edc65f-d150-4000-aaec-37f7c6a28322", "value": "f39c52a09d19a57fc33da8c767ae8dc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859572", "to_ids": true, "type": "sha1", "uuid": "4b9e0cfa-b0e4-432e-b41e-595286204329", "value": "af6bcbc1697008480e0fec1b33cdad45cbaff71a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859572", "to_ids": true, "type": "sha256", "uuid": "9011303d-b05e-4cd9-a66c-90fe1506cf27", "value": "e58004b7f0bdd71d77540ce4ab9192838075aff1abd1f100d1d65674501aa308", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800056", "to_ids": true, "type": "ssdeep", "uuid": "3f5c46dc-a56f-4c70-b7e1-91f1567b6ec4", "value": "12288:Ab/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KVFu0h/T8rJg21zXS56:AYVaLQjs7HinJL8ZCHU0FIVvh4rR1m56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800056", "to_ids": false, "type": "size-in-bytes", "uuid": "15093f08-a7a3-4d9f-9737-8d4a8dc900c4", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800056", "to_ids": true, "type": "vhash", "uuid": "c5b45d76-3246-4905-bbcf-6672ca3cf599", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800056", "to_ids": true, "type": "filename", "uuid": "4106bac3-15ef-4bc2-94a5-db497eccc595", "value": "f39c52a09d19a57fc33da8c767ae8dc0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800056", "to_ids": false, "type": "text", "uuid": "0391eb99-22ef-4b7b-8c72-8f477cd619fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859574", "uuid": "9d8b5151-1e8a-4126-8c1d-4f30ce09e516", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859573", "to_ids": true, "type": "md5", "uuid": "a212f8a5-e275-4ac3-91a8-5c3a6d818ae5", "value": "55b5bd7ddf6ddcc5a0bee1206c841453", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859573", "to_ids": true, "type": "sha1", "uuid": "74a2f216-6c69-4a43-9870-742f14f34bb7", "value": "cc71a0165307765daeee63591a9dbdeef6af213f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859574", "to_ids": true, "type": "sha256", "uuid": "bd47687a-fe35-404f-b441-8e966b68669b", "value": "04690a58185025b26c84a700c692ea92016d570ac3bb7538e8d9604469037bab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800078", "to_ids": true, "type": "ssdeep", "uuid": "9314c79a-5d43-4834-b2e8-9aa682d16b43", "value": "24576:IYVaLQjs7HinJL8ZCHUvIIyf2g6mU/w/2AnV:V7jsunJL87E6mUo/2AV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800078", "to_ids": false, "type": "size-in-bytes", "uuid": "f9cac43e-f476-4a88-9921-9ee8c911992e", "value": "868094" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800078", "to_ids": true, "type": "vhash", "uuid": "62ed7fc9-8e47-4648-8bc7-2f935ee3f51e", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800078", "to_ids": true, "type": "filename", "uuid": "cb2ec0dd-9c8e-4dfd-98b1-82ef6b112e76", "value": "55b5bd7ddf6ddcc5a0bee1206c841453.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800078", "to_ids": false, "type": "text", "uuid": "d213efa4-3878-44d5-b8f3-5fb538e72308", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859575", "uuid": "52f2e4fa-a160-4286-a39e-9666fce37628", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859574", "to_ids": true, "type": "md5", "uuid": "ca8dfacc-f4be-4973-bd6e-80f6ec0b9caa", "value": "a3e4d85b63f9f911ddca39fdd08cbe73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859575", "to_ids": true, "type": "sha1", "uuid": "38f54412-c34c-4be7-8756-b6b2437e3a7f", "value": "b0e05d19231fa60525abe553b2703357cb239e0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859575", "to_ids": true, "type": "sha256", "uuid": "da6b043d-40e7-47a6-a794-6ed8651b42e9", "value": "99adb6cf9748372566f6e150d808dfffc36dd0016639b53c9e2af08038794524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800099", "to_ids": true, "type": "ssdeep", "uuid": "e1a19786-bd48-4fc9-b14c-d2ea479fa31a", "value": "12288:Tb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5K3Fu0h/T8rJg21zXS5j:fYVaLQjs7HinJL8ZCHU0FI3vh4rR1m5j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800099", "to_ids": false, "type": "size-in-bytes", "uuid": "438a43fd-3ab4-420d-8d98-3b889cc0e196", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800099", "to_ids": true, "type": "vhash", "uuid": "0bf9c500-e436-4464-b762-7f6b1cd0a644", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800099", "to_ids": true, "type": "filename", "uuid": "5a498b19-1f88-45ab-b495-44467d889019", "value": "a3e4d85b63f9f911ddca39fdd08cbe73.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800099", "to_ids": false, "type": "text", "uuid": "38ea67b5-ede6-4ecc-9b6f-1f696a632c54", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859576", "uuid": "897fa554-03c6-4e1d-9d57-9ddb2a1e3371", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859576", "to_ids": true, "type": "md5", "uuid": "da502e7b-74c0-42e2-a8c9-38b2a401a5ad", "value": "2cb2c7d5c67ec05c7d0f810e9175525b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859576", "to_ids": true, "type": "sha1", "uuid": "e653cc9b-3b46-46de-9c99-dc4862b94224", "value": "20c5076642f47028e95cb8cefda0956b2f75f0a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859576", "to_ids": true, "type": "sha256", "uuid": "c9046793-6b06-455e-a96a-2e40eee55eee", "value": "e7c00b09494a182ed3ff5547ffc35269df7c3d091e6124662762a34d569c97d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800121", "to_ids": true, "type": "ssdeep", "uuid": "577029d3-27de-442e-99b4-c30c2d9847d9", "value": "12288:QNz3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUL6lN5KZX88j0oyJ:QNzYVaLQj87HinJL8ZCHULIIZlK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800121", "to_ids": false, "type": "size-in-bytes", "uuid": "e6b6eee6-7cc6-4efc-94f8-244105247f58", "value": "667279" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800121", "to_ids": true, "type": "vhash", "uuid": "a53f7467-5bcb-4201-813e-2aac3cd41c82", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800121", "to_ids": true, "type": "filename", "uuid": "c244ed76-15ee-45a5-8ca0-b51c90eb9872", "value": "2cb2c7d5c67ec05c7d0f810e9175525b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800121", "to_ids": false, "type": "text", "uuid": "0d8ffbdc-31ca-4148-ab3a-d57c2b8aff8f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859577", "uuid": "232225cd-6ab4-4285-b5be-b4386b530db4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859577", "to_ids": true, "type": "md5", "uuid": "f7e68f3c-ffbb-4009-ad0d-a9d3c540b29b", "value": "84f30f69fb86b561ec7d3b9a4a41f36d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859577", "to_ids": true, "type": "sha1", "uuid": "c766fdc8-427f-4528-805d-853a81060373", "value": "be38147ad07d92918f4b897d3c89dba06d768f18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859577", "to_ids": true, "type": "sha256", "uuid": "d4f9852b-da4f-49c6-950c-a1196f50c2c6", "value": "c38b7bb708a6b8617239fb356e18e1c4f528946a0568edf60504076643449a6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800142", "to_ids": true, "type": "ssdeep", "uuid": "a490126e-98a0-4dff-9fc0-9be1f31e81d2", "value": "12288:Pb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5K3Fu0h/T8rJg21zXS5x:TYVaLQjs7HinJL8ZCHU0FI3vh4rR1m5x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800142", "to_ids": false, "type": "size-in-bytes", "uuid": "ee0b2890-12b4-4eff-9e0d-b4c0da077f3b", "value": "867643" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800142", "to_ids": true, "type": "vhash", "uuid": "7eece255-16f7-438c-87f4-ef1f019fc6fa", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800142", "to_ids": true, "type": "filename", "uuid": "0a612771-ed07-4235-b090-56f157e6dc6a", "value": "84f30f69fb86b561ec7d3b9a4a41f36d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800142", "to_ids": false, "type": "text", "uuid": "987204d9-954e-42d7-b32b-c11f382ec494", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859578", "uuid": "26130ed8-389f-40cf-a564-d6c94832f8ad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859578", "to_ids": true, "type": "md5", "uuid": "9bb627e8-6ef3-4350-9e5e-6be23d5d2176", "value": "8783f3fc944b534b12212e582de282a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859578", "to_ids": true, "type": "sha1", "uuid": "ad93f69a-c109-4d30-a81a-93750c7f9868", "value": "6ab0db39ab402495422949243544bfa884416b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859578", "to_ids": true, "type": "sha256", "uuid": "b486849a-d931-4d9e-a664-97606702e179", "value": "1cb19ef1f92e406d6cd8ccd9bc6647ce4db7f6be772691ca8d09ad38a0007a74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800163", "to_ids": true, "type": "ssdeep", "uuid": "e2ec1e44-3f48-441a-9623-00a39a22192a", "value": "12288:d3/436iowQLQ7X8VacHAHr7sCHJLB+zfdTC5VUo6lm5KxX88j0o6:tYVaLQj87HinJL8ZCHUoFIxl6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800163", "to_ids": false, "type": "size-in-bytes", "uuid": "0c9bc385-beef-45b0-bcbe-5fd49c1ad9c9", "value": "667273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800163", "to_ids": true, "type": "vhash", "uuid": "190f225f-4e76-4dbd-9e9e-ecf5fe644e4b", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800163", "to_ids": true, "type": "filename", "uuid": "1d403c8e-aa84-4b0a-9417-b9850ecc1c22", "value": "8783f3fc944b534b12212e582de282a1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800163", "to_ids": false, "type": "text", "uuid": "01c776c0-de2f-4025-a86c-c915c99aacf6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859579", "uuid": "83d84a9b-471b-4fdd-8a59-5aa3908db012", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859579", "to_ids": true, "type": "md5", "uuid": "704769b1-ac7b-466e-91de-28cd8661e69d", "value": "ceca5bdb14634d493b1d2ba54ec1472d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859579", "to_ids": true, "type": "sha1", "uuid": "4fe19ffe-13d3-43a4-b306-973d6f7dfbd8", "value": "59e4fd71b2cfdcb8b7875afcb1493d19b31f9f11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859579", "to_ids": true, "type": "sha256", "uuid": "b9a56a25-7a83-4a16-a84f-cf8dcaaa0514", "value": "612ad869d88ae05b2708399483b9071165dc9177832bb25159fc2b1bdea0defe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800185", "to_ids": true, "type": "ssdeep", "uuid": "6656ae01-3043-45f4-bd52-4ff8b0f71ddd", "value": "768:rIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsJy:rNwEbF6zoXXYwuyJzjkW3UXwpaRGrSr7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800185", "to_ids": false, "type": "size-in-bytes", "uuid": "f18e25f0-4819-4551-9054-d6616cec9e27", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800185", "to_ids": true, "type": "vhash", "uuid": "a0cf1a0f-4a38-4276-a41f-3a2c954e6c0c", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800185", "to_ids": true, "type": "filename", "uuid": "7957110e-c1f1-4360-a686-04082afb4801", "value": "ceca5bdb14634d493b1d2ba54ec1472d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800185", "to_ids": false, "type": "text", "uuid": "5a715955-5d1a-4c36-9348-a73611868711", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859581", "uuid": "56ec389b-2d4f-481b-b153-984fa2673522", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859580", "to_ids": true, "type": "md5", "uuid": "b765f9a4-21d2-42af-81fe-5da6da556c1c", "value": "1b4ba0fb53fb76ffc2d8b805c978d72a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859580", "to_ids": true, "type": "sha1", "uuid": "69d6a1a5-b272-4fab-9b20-1477f3b51bec", "value": "30ee6055d0014f9b61b255980e34391f7a1542bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859581", "to_ids": true, "type": "sha256", "uuid": "f939e62a-78ec-4049-bcf0-8fc9c1537446", "value": "ce35ddd0908d0e1cafb4166b92ff9fd9f9a02389b621358f56e30f7977639a53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800206", "to_ids": true, "type": "ssdeep", "uuid": "479800de-f1cf-4334-94ad-1bf6d4662984", "value": "768:9It03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsh8:9NwEbF6zoXXYwuyJzjkW3UXwpaRGjSr9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800206", "to_ids": false, "type": "size-in-bytes", "uuid": "04b72e48-cebe-4f10-8393-4e13aa06dcbf", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800206", "to_ids": true, "type": "vhash", "uuid": "06a34677-75eb-4a70-a545-9afbae354290", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800206", "to_ids": true, "type": "filename", "uuid": "858e0dfe-adf1-4ce5-8a12-6562b0aa16f8", "value": "1b4ba0fb53fb76ffc2d8b805c978d72a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800206", "to_ids": false, "type": "text", "uuid": "ecb40e27-9e27-4d65-bc3d-24db573c7b13", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859582", "uuid": "196f0c7e-b175-49b4-9e4c-88e975b72b5b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859581", "to_ids": true, "type": "md5", "uuid": "a96a2f5e-09a6-4089-be32-c7d1fd2135bb", "value": "6cf59fe9a39f850a9160eff7a5e54ffa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859582", "to_ids": true, "type": "sha1", "uuid": "97c5ce99-9de5-4530-9b8d-073f3236b8dd", "value": "0b4a7658e9c6872e5136bf5fecbc3e0a74787004", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859582", "to_ids": true, "type": "sha256", "uuid": "f43564d3-d288-4b39-8900-74a4712a3cd6", "value": "f4055e5419cf7b6ba81f57f6cf86c11c9ff9cd54a81e31149b0f6054322b619f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800228", "to_ids": true, "type": "ssdeep", "uuid": "0b391e54-fbad-44fb-beac-0dac831549df", "value": "768:DIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsn7:DNwEbF6zoXXYwuyJzjkW3UXwpaRGRW6b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800228", "to_ids": false, "type": "size-in-bytes", "uuid": "0046ac49-a384-4f9c-a8bd-6a78e5a27d19", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800228", "to_ids": true, "type": "vhash", "uuid": "36f49b83-de54-45e4-ac65-acc24c5e808c", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800228", "to_ids": true, "type": "filename", "uuid": "f4b040c4-9d51-4f8b-a9bc-4eedf2cce120", "value": "6cf59fe9a39f850a9160eff7a5e54ffa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800228", "to_ids": false, "type": "text", "uuid": "2a937468-8823-419a-8bfe-a541b3679b0b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859583", "uuid": "cbc1a074-a5f0-48d6-b46d-d6b257d70f40", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859583", "to_ids": true, "type": "md5", "uuid": "7e417d7b-10a9-4962-98ef-4a6f8cb91f77", "value": "63b170cdea77b721a1fbf6d65e433038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859583", "to_ids": true, "type": "sha1", "uuid": "bc318033-51e2-495b-ba7e-52b769422081", "value": "93a05195cf1cfab0a619c0b23ead04ad4d71ca67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859583", "to_ids": true, "type": "sha256", "uuid": "131626db-0255-48b4-9aff-67edb876805e", "value": "79cfd4b5f084a40086a0cf00748f5f42d1400b514b26f45f6dda0a0178a65fcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800249", "to_ids": true, "type": "ssdeep", "uuid": "75cf6301-d1e8-4ae2-b341-0b06d484011d", "value": "768:cIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsYV:cNwEbF6zoXXYwuyJzjkW3UXwpaRGqWRK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800249", "to_ids": false, "type": "size-in-bytes", "uuid": "151ca101-6c75-4c41-be7a-a329958412a2", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800249", "to_ids": true, "type": "vhash", "uuid": "4d1cacc6-e12e-436e-8eb3-9eb50019c457", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800249", "to_ids": true, "type": "filename", "uuid": "f3109bc7-2a91-40da-87b9-cd9bb2e196cd", "value": "63b170cdea77b721a1fbf6d65e433038.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800249", "to_ids": false, "type": "text", "uuid": "28136908-92c9-4be6-9a1f-5479d59fcc35", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:17/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859584", "uuid": "0408d21a-3c9a-4f90-862e-ce6c27a22aa4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859584", "to_ids": true, "type": "md5", "uuid": "23fc4293-fb7c-42a9-b316-c7a9cdb095ae", "value": "7dfcff3ac2938291d4d50e84ef58eaaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859584", "to_ids": true, "type": "sha1", "uuid": "51c9dd4f-6608-4cfe-b462-a97c53b7da38", "value": "aa1914fbbbac325f8d1ea286f3cffdf4352be74c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859584", "to_ids": true, "type": "sha256", "uuid": "35976c04-4411-4dc5-b656-59a97a32a7bf", "value": "e084a986aedfd951e10b5900889210744fa9a59afd6e52f1c88d95351de062ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800270", "to_ids": true, "type": "ssdeep", "uuid": "2a2555b4-ee6d-4191-a2a2-33a65cf19a21", "value": "12288:Rb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VUv6lN5K4h5sCN:ZYVaLQjs7HinJL8ZCHUvIIG5pN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800270", "to_ids": false, "type": "size-in-bytes", "uuid": "30f86004-3b07-49ff-96c3-292cab8c37e3", "value": "667453" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800270", "to_ids": true, "type": "vhash", "uuid": "ee6cf563-ce06-4fee-b3df-0cd72471ed19", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800270", "to_ids": true, "type": "filename", "uuid": "af0b460a-9981-45cb-81c8-b5b6c91a2070", "value": "7dfcff3ac2938291d4d50e84ef58eaaf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800270", "to_ids": false, "type": "text", "uuid": "9a6cc105-dda1-4af0-bbdf-8ddb5c077122", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859585", "uuid": "d8feeec2-6adf-423e-87e2-ca8842e0ab21", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859585", "to_ids": true, "type": "md5", "uuid": "b4f7224a-17ef-4857-800b-fecfbcca00aa", "value": "660134678e6403a8cdd516bb55637cdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859585", "to_ids": true, "type": "sha1", "uuid": "90b6ae42-1ee1-4537-b352-498623a0b84a", "value": "8487e9ebc5895c403a90ccb3c8de74210fdd96e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859585", "to_ids": true, "type": "sha256", "uuid": "3edc7c6b-c304-46d5-be80-3e302be76fe3", "value": "4a3010b62c34a7bdb716820c039dba8f16eab1a1c0d7e543394bb662070b95af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800292", "to_ids": true, "type": "ssdeep", "uuid": "1b48a4d1-9202-48b3-bcf5-bbb35d175ed2", "value": "12288:UwMF09fVmCp6d2KFiu7eNlHfovae23Rqs8Oz+lxP13S1cfTu4xcZBsh5KEJgixDs:Mofz3Du7eVovaeTGz+lxt5qskBwIQrDs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800292", "to_ids": false, "type": "size-in-bytes", "uuid": "bcd7c4f4-d346-4351-994f-3a6dd85f5f60", "value": "666199" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800292", "to_ids": true, "type": "vhash", "uuid": "aa0eede5-7ebe-4af0-b06f-f20209599b36", "value": "05e0c2a018a3fcf7cdcd839fd51cc127" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800292", "to_ids": true, "type": "filename", "uuid": "41d0689f-6830-47d8-8971-b60d25a89d49", "value": "660134678e6403a8cdd516bb55637cdc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800292", "to_ids": false, "type": "text", "uuid": "996898d4-e30f-4d00-8ee6-a7a2cd1c1755", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859586", "uuid": "509186d8-95b8-4569-a8d2-ec35b67056fb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859586", "to_ids": true, "type": "md5", "uuid": "0df57499-8548-47ed-be68-165309421897", "value": "9489a738966fe10d66d08b8b17a832ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859586", "to_ids": true, "type": "sha1", "uuid": "423bc670-4959-46b0-b3c3-7926ff42ef03", "value": "1a27ba2cd009ec0e2d20157fd885045a7193e451", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859586", "to_ids": true, "type": "sha256", "uuid": "3054cbdd-b1cf-4f93-9198-2a80a3ea2929", "value": "9906ececcf19895e2ccd34a6ec785b019dd85b211f35ec2c2cad64e1bb9541b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800313", "to_ids": true, "type": "ssdeep", "uuid": "99b02c9d-8b9a-4c4b-b38e-6a62460ef393", "value": "12288:FuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1vsh5Kw/Xusyj+7+jQ15D/:BISo0ah2NRUpNjODg9wI0hyqe6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800313", "to_ids": false, "type": "size-in-bytes", "uuid": "64dadce3-d7e8-43b0-94aa-964132002c09", "value": "866555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800313", "to_ids": true, "type": "vhash", "uuid": "b93ae93b-7e70-49cc-88a0-ea2034a4562e", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800313", "to_ids": true, "type": "filename", "uuid": "0f699a29-e110-49e2-9e1c-aabc9aa728b9", "value": "9489a738966fe10d66d08b8b17a832ce.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800313", "to_ids": false, "type": "text", "uuid": "b8d3e9dc-3195-4254-825b-ede0ac4db5cb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859588", "uuid": "ef693806-c799-4b7a-9be6-a676b7a37aa9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859587", "to_ids": true, "type": "md5", "uuid": "90bf8d44-b332-4165-b29c-83ae5180a3d9", "value": "a38d18eeea2232508d3d03d24700e20e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859587", "to_ids": true, "type": "sha1", "uuid": "8fb2e75b-4510-4f6c-af80-8a95836e5581", "value": "b070dc1180f02d3087daa18c696f9ec5a47f4e05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859588", "to_ids": true, "type": "sha256", "uuid": "f03a5a55-69aa-4acf-8fe2-d13a3ab7def1", "value": "127f6ecba88f0ae0265f247af183b0398cda0c24fa1bb8156c4445817cf42b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800334", "to_ids": true, "type": "ssdeep", "uuid": "f3946b50-de57-40b9-b72d-9e5747b7122a", "value": "768:FIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsJU:FNwEbF6zoXXYwuyJzjkW3UXwpaRGbSrN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800334", "to_ids": false, "type": "size-in-bytes", "uuid": "d0790661-4c15-4fa7-a826-cfa516dd8a8b", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800334", "to_ids": true, "type": "vhash", "uuid": "42289ee1-b444-4611-803c-30cc79c68e1f", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800334", "to_ids": true, "type": "filename", "uuid": "d0113d81-6f1d-4e3c-9437-33e88d26ff09", "value": "a38d18eeea2232508d3d03d24700e20e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800334", "to_ids": false, "type": "text", "uuid": "a65b73b2-5d32-437f-a3b3-23c98fc9ec34", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859589", "uuid": "0796f73a-f51a-4266-90b0-ebd662898df4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859588", "to_ids": true, "type": "md5", "uuid": "152a2575-8145-4579-a33c-4db1432710c6", "value": "be6a23ddfc9fc2fa34af012ae62c7051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859589", "to_ids": true, "type": "sha1", "uuid": "894f795a-e4e3-4196-97fa-27d9cf7eb5c5", "value": "e5b0652393300931032d253ab4ef5aa5bcd9149f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859589", "to_ids": true, "type": "sha256", "uuid": "a959d78a-d135-4b6c-adc1-1534b8913fbe", "value": "ce193ce7638cffd934ef647d8a48cf2735c5ccc588e2e2116888e553b50a7e29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800356", "to_ids": true, "type": "ssdeep", "uuid": "34ede78b-d905-4640-a111-96401815df9e", "value": "24576:kofz3Du7eVovaeTGz+lxt5qskBwIqzz4tyrFURNrg+cY:z7a7LaSr3qsk4n4tOPlY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800356", "to_ids": false, "type": "size-in-bytes", "uuid": "4d01409e-3711-43f6-98fd-249a79025f26", "value": "866403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800356", "to_ids": true, "type": "vhash", "uuid": "20a905fb-0357-4da0-bc42-b476e9f8b715", "value": "0d48c342f80d273ca1a03e26f4c70980" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800356", "to_ids": true, "type": "filename", "uuid": "a8276471-ce54-4778-a82b-50de639d202a", "value": "be6a23ddfc9fc2fa34af012ae62c7051.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800356", "to_ids": false, "type": "text", "uuid": "8a5a6353-ad11-4b82-9171-64b5785cd47b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859590", "uuid": "2c280b1f-9de3-41aa-a7eb-a0ec402a7667", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859590", "to_ids": true, "type": "md5", "uuid": "68cb10ea-672b-43eb-b2ed-62027026f037", "value": "56931ff3a915d25251d2297df58fbedd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859590", "to_ids": true, "type": "sha1", "uuid": "0cc4fd61-d873-46c8-b45c-4f3a0f039406", "value": "0173c75595151fd9528c98e9b4b122417dc0be39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859590", "to_ids": true, "type": "sha256", "uuid": "f0a7dbc8-96cc-40eb-8e13-8a865cc07344", "value": "38206ec4baf47bea7b0bfcde7bc5f146bb14399783a8e2e50abcf3bfedbf7de7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800377", "to_ids": true, "type": "ssdeep", "uuid": "9ccf0be9-eff8-4403-a421-00d7726ccabf", "value": "768:hIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmshA:hNwEbF6zoXXYwuyJzjkW3UXwpaRGTSrJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800377", "to_ids": false, "type": "size-in-bytes", "uuid": "e7d2188b-0c15-4406-b124-d572a0930844", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800377", "to_ids": true, "type": "vhash", "uuid": "aa0520de-55c0-4259-9006-3a2aa4731080", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800377", "to_ids": true, "type": "filename", "uuid": "f11faf50-1dad-4b74-b07a-041292985c3d", "value": "56931ff3a915d25251d2297df58fbedd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800377", "to_ids": false, "type": "text", "uuid": "9e25cd14-eeca-408a-92ac-3e8e3425c6db", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859591", "uuid": "51df5fad-225f-4328-8333-4a25634b2cf8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859591", "to_ids": true, "type": "md5", "uuid": "85ffef43-56f8-498a-92fe-563aa3fab47a", "value": "a4afbb9aef454953c12a055ae8909180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859591", "to_ids": true, "type": "sha1", "uuid": "3b75e618-fd1a-4865-be5e-e8282c93e7d8", "value": "84d1f7209dd96407119f64959ca99aeaa31983f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859591", "to_ids": true, "type": "sha256", "uuid": "adde77db-4fb8-4dd4-ad5e-d3b5d6200fd7", "value": "d21bc77800d5d59bfd8f21e38939f8c38875eabb89a070d0052759a20206d758", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800398", "to_ids": true, "type": "ssdeep", "uuid": "ea31bb24-dc5a-4b3a-98b8-ea2d1631d1cd", "value": "12288:vzH5zUTffcSVsEq33hQwUenqmWhmK8FVbw5X6lm5KUqnku/zw3im888TZI:lUTHcSRqHhTUNhs2FICO6ic" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800398", "to_ids": false, "type": "size-in-bytes", "uuid": "6cf9cf22-ed80-454d-8d1c-65c297ced38d", "value": "666783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800398", "to_ids": true, "type": "vhash", "uuid": "2152f549-1ccd-4431-8f19-33828cea4d9e", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800398", "to_ids": true, "type": "filename", "uuid": "8e534d6d-9654-43f5-8bf2-2f55de0dcb50", "value": "a4afbb9aef454953c12a055ae8909180.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800398", "to_ids": false, "type": "text", "uuid": "fea7ae9d-6e6e-4952-93ee-0a7a88c1e7e2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859592", "uuid": "7ec2fb2c-8ed4-43bf-abf0-eddc5b41779b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859592", "to_ids": true, "type": "md5", "uuid": "15572be8-7501-4f58-8827-ad13a8e87ec9", "value": "76deb4b66b6b538c8978e703ae507f98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859592", "to_ids": true, "type": "sha1", "uuid": "e90d5791-efb5-46d1-8dc2-0c31907fcc54", "value": "60a299c52e42cd642b8d9b3d2b4002f51fc22304", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859592", "to_ids": true, "type": "sha256", "uuid": "a92a5cdb-27c4-4b3d-9687-79b4909e6aab", "value": "178ded4bcf0544a4f5d254ca39ff0f7d75742f1630250b3d5e8cdd2c4e0f92f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800419", "to_ids": true, "type": "ssdeep", "uuid": "aa0f0f05-9f8c-4b48-9f38-4efefd220a3c", "value": "768:xIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsZ4:xNwEbF6zoXXYwuyJzjkW3UXwpaRGzSrp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800419", "to_ids": false, "type": "size-in-bytes", "uuid": "55b8bb1a-3c2d-4119-bfc0-0b0ff8e9c52d", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800419", "to_ids": true, "type": "vhash", "uuid": "429175ca-d619-4160-954b-a7856489ff49", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800419", "to_ids": true, "type": "filename", "uuid": "31b64c25-88bf-4b4d-94d9-9ed0e16da7b3", "value": "76deb4b66b6b538c8978e703ae507f98.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800419", "to_ids": false, "type": "text", "uuid": "7c530843-002d-42a9-b1df-606c7cc249fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859593", "uuid": "d3b3b1be-f100-493c-a4e3-69441c39c487", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859593", "to_ids": true, "type": "md5", "uuid": "1f9a8261-6f4f-43a7-831a-5661dd2e9da1", "value": "de04b2fef80dafd90321c8ee55ce53ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859593", "to_ids": true, "type": "sha1", "uuid": "e22e09bc-85fa-47c7-8e93-396c3b52d982", "value": "e1776dd5f073448685560adfbdcc2935deca12cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859593", "to_ids": true, "type": "sha256", "uuid": "5e4de712-d567-4046-9d0c-285b617cfdcc", "value": "5b973e1929470c4fea20e0bd7e7f5501cd3832bae6fbd43c7fef425c4a3d5b35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800441", "to_ids": true, "type": "ssdeep", "uuid": "62a18115-c06a-4b63-9dee-ee54fa25b5b5", "value": "768:7It03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsp+:7NwEbF6zoXXYwuyJzjkW3UXwpaRGrSrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800441", "to_ids": false, "type": "size-in-bytes", "uuid": "c75d64c3-ad0e-45e3-8f9f-3a76cfc5fe9e", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800441", "to_ids": true, "type": "vhash", "uuid": "4556446c-c363-4efa-adb0-bdc8f4feef7f", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800441", "to_ids": true, "type": "filename", "uuid": "4ca0a17c-062f-45bd-88f9-2fcef3e53c9a", "value": "de04b2fef80dafd90321c8ee55ce53ef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800441", "to_ids": false, "type": "text", "uuid": "72347efe-0899-4268-ad2a-65f0153325e9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859594", "uuid": "d4105b6d-2c84-4b0b-9e7b-7106db9dd9ad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859594", "to_ids": true, "type": "md5", "uuid": "68954337-c1f0-4f7d-a09e-7a4eb3a61745", "value": "3357eacd081814d734387455588bf58a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859594", "to_ids": true, "type": "sha1", "uuid": "0b4047cc-b389-4a9b-a968-5abaa57ec582", "value": "ce22bbbbf456ad7bb116be413761a9861a17270b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859594", "to_ids": true, "type": "sha256", "uuid": "c2b544a5-e2ca-4071-8aa8-996dc0204086", "value": "d7d9a2dbc56a73c94b0443024434bfab73fc4b1c676acb456c3d75b5a8a18863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800462", "to_ids": true, "type": "ssdeep", "uuid": "227dab39-73f5-46c0-9485-79a75d3b1f2f", "value": "768:VIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJms1n:VNwEbF6zoXXYwuyJzjkW3UXwpaRG/WAJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800462", "to_ids": false, "type": "size-in-bytes", "uuid": "b5903b9e-0ca7-4222-9a85-e4f540045d09", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800462", "to_ids": true, "type": "vhash", "uuid": "b75a820f-58b0-4092-8838-707e9aa67775", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800462", "to_ids": true, "type": "filename", "uuid": "eec09ef9-2276-46e3-a666-67128f32d3b1", "value": "3357eacd081814d734387455588bf58a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800462", "to_ids": false, "type": "text", "uuid": "72645771-0968-427c-b2cb-468061d925e6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:25/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859596", "uuid": "dacce0e7-b89d-49e0-a9dd-2fc89e34e8e4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859595", "to_ids": true, "type": "md5", "uuid": "f20c8f9c-f3cf-4e0b-a83c-1783b6a709f7", "value": "7a998128451915141705a130c05828de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859595", "to_ids": true, "type": "sha1", "uuid": "40aecca7-399f-46fc-a298-77dc0b456811", "value": "ff24a49453984bcbe5ad21b7234f47961dd8ef79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859596", "to_ids": true, "type": "sha256", "uuid": "0a0d738b-5187-409d-919a-b95fbc374b06", "value": "d1b68d2ed4ba116bb03ce2a2fee1b42b57e2d0d96f6d1286bd457eccc26300b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800484", "to_ids": true, "type": "ssdeep", "uuid": "e0e1b79b-4335-4b38-b5bd-b077bf57a795", "value": "12288:DzH5zUTffcSVsEq33hQwUenqmWhmK8FVbw5X6lm5KdwhTOaR6YrtNQqS4MrV:JUTHcSRqHhTUNhs2FIdwkC9rdSTZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800484", "to_ids": false, "type": "size-in-bytes", "uuid": "b42e763e-e310-46f8-a27a-9e22297e7974", "value": "867676" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800484", "to_ids": true, "type": "vhash", "uuid": "671f221c-fe58-4cdf-ba46-d97452d1a693", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800484", "to_ids": true, "type": "filename", "uuid": "766ae2c1-129a-43dd-8e75-9778983607cf", "value": "7a998128451915141705a130c05828de.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800484", "to_ids": false, "type": "text", "uuid": "71ce2bcd-e3b0-4597-a6be-7073b4f127c0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859597", "uuid": "245ef632-f65c-4507-8f72-0d9d9eb0840d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859596", "to_ids": true, "type": "md5", "uuid": "5678b30d-6ffd-42a3-bf32-02fe7d93e07d", "value": "d770462e87a61d33c239f880a662eb52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859597", "to_ids": true, "type": "sha1", "uuid": "32c2c12d-e907-4d89-98f8-53e5fbfea55d", "value": "e53add8a18a1a4fa533df2b83b6d6a4792c22a3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859597", "to_ids": true, "type": "sha256", "uuid": "0e8b38a4-a808-46f4-baab-7734a306dcd9", "value": "13ca2f1c1fb1ba5753ce39451f4ae6591cf53c9c8e31b5836b27e1254c9982c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800505", "to_ids": true, "type": "ssdeep", "uuid": "ae09861e-a4ca-437d-970d-262aa90061d2", "value": "12288:npuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1lswgjrcgtK//5Kv:1ISo0ah2NRUpNjODgbzgjrcI6/Iv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800505", "to_ids": false, "type": "size-in-bytes", "uuid": "c05658e0-a62e-467e-af7e-8dc74338c242", "value": "666758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800505", "to_ids": true, "type": "vhash", "uuid": "6eb00e10-788f-49aa-bbc2-ccefea032908", "value": "283c5f9da471355cf45fdfbb1482fd49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800505", "to_ids": true, "type": "filename", "uuid": "dc3c0f95-aa6a-4c7a-8986-01fbcb904035", "value": "d770462e87a61d33c239f880a662eb52.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800505", "to_ids": false, "type": "text", "uuid": "1e4d716a-e7dc-4274-a783-e21fced22a87", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859598", "uuid": "32b5f0ef-f448-4f85-8e02-c11a206dd358", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859598", "to_ids": true, "type": "md5", "uuid": "48aa5826-3891-44c5-a895-8563512df82b", "value": "ef3cb1eb95678b393178ebfd2e901ecf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859598", "to_ids": true, "type": "sha1", "uuid": "ee5d386b-c240-49af-b036-08aa78b65463", "value": "5ec7be551e191487723882f2057c9315c30e233a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859598", "to_ids": true, "type": "sha256", "uuid": "4db70d9c-e958-4195-be60-d0782f13cdd8", "value": "640d8ec6fe63693f48cb7208350735699f1772960406372a14831b90fdd67d1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800526", "to_ids": true, "type": "ssdeep", "uuid": "974533a3-09d6-417f-b065-ac003a12ff77", "value": "12288:xuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1vsh5KY/Xusyj+7+jQ15DT:tISo0ah2NRUpNjODg9wIshyqe2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800526", "to_ids": false, "type": "size-in-bytes", "uuid": "5aa6c338-b4d5-4c22-a02c-c6fd234c13cc", "value": "866555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800526", "to_ids": true, "type": "vhash", "uuid": "40cf3b49-6a75-4130-a996-639f8174ca9e", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800526", "to_ids": true, "type": "filename", "uuid": "09917c78-6e54-40d0-bb1b-c9e41e69ae9d", "value": "ef3cb1eb95678b393178ebfd2e901ecf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800526", "to_ids": false, "type": "text", "uuid": "9d695cdc-7462-403c-b911-8de6de4bb66d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859599", "uuid": "aae7ba9c-2f5c-410c-8480-4c361224bb42", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859599", "to_ids": true, "type": "md5", "uuid": "883338e2-b172-46fd-a00c-382c5ae2e4c8", "value": "007353fdb563e4ecbd1eca2858ca46a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859599", "to_ids": true, "type": "sha1", "uuid": "3a1a8707-ced1-496e-a091-da5405e0e189", "value": "4b866ca93d780813e176591f9bb068a8a0a1be69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859599", "to_ids": true, "type": "sha256", "uuid": "f9f478a5-2dba-4553-aadd-647ba32b9b4e", "value": "42d70d6ab1c19a5f17b61f7324dc5fb2c8dc311d6b83ca677c52d2b23c7c2a8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800547", "to_ids": true, "type": "ssdeep", "uuid": "6a9d3b48-e63a-475f-8efe-f2685bea469b", "value": "768:UIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJms9b:UNwEbF6zoXXYwuyJzjkW3UXwpaRGDxJD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800547", "to_ids": false, "type": "size-in-bytes", "uuid": "0a419c0e-56fd-437d-9e77-7e1b71591144", "value": "45353" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800547", "to_ids": true, "type": "vhash", "uuid": "a97dd104-dbbf-4c6d-ba82-8510a30cbb76", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800547", "to_ids": true, "type": "filename", "uuid": "ac399eeb-4df1-4594-9de0-9004e99f2736", "value": "007353fdb563e4ecbd1eca2858ca46a6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800547", "to_ids": false, "type": "text", "uuid": "a4c06df9-9cfe-484b-91c9-7d12b77bcd5d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859600", "uuid": "5a284ca1-2c0f-4913-ba30-417d8f29b4f2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859600", "to_ids": true, "type": "md5", "uuid": "1ac59f14-4929-41e4-9510-2b2849da7185", "value": "d12c30653461107e0d12c53f52ea7ec4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859600", "to_ids": true, "type": "sha1", "uuid": "2ea90fb8-df75-43e1-a257-7c525c133ffd", "value": "f024b7f0351ed8b9c4c976789e546d0da58287a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859600", "to_ids": true, "type": "sha256", "uuid": "3c00101f-fdce-4eaf-a719-1bd931af7eae", "value": "a878bbd130b4f9dc311fb3fab71325f6f6ae45a08bc1a415a1f895aea7b4acbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800568", "to_ids": true, "type": "ssdeep", "uuid": "a6bdfd01-4291-4036-b2c3-8ca69fea785c", "value": "768:WIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmstV:WNwEbF6zoXXYwuyJzjkW3UXwpaRG/SrU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800569", "to_ids": false, "type": "size-in-bytes", "uuid": "6ecf1617-c4ab-4b9a-b98a-b383fb562bb7", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800569", "to_ids": true, "type": "vhash", "uuid": "8bc5b057-041c-4e0d-a95a-4f6cd07bf7bf", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800569", "to_ids": true, "type": "filename", "uuid": "38ec9da4-fc8d-4cff-9a9e-e10fd074f4aa", "value": "d12c30653461107e0d12c53f52ea7ec4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800569", "to_ids": false, "type": "text", "uuid": "648ffab0-9508-4381-99f9-34e581af18bd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859601", "uuid": "9b5cecdd-a88e-4e4f-87d6-aa25b5d709f4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859601", "to_ids": true, "type": "md5", "uuid": "e9ba5dda-c4a7-4b35-8e1e-44acba5c6dda", "value": "d83dd713de1f1a87f568d40226b220a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859601", "to_ids": true, "type": "sha1", "uuid": "7dcf87ab-50b4-453a-9cf0-56b4e61f7e9c", "value": "757070c70536372e6d6819e6d9dafda9fcd43541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859601", "to_ids": true, "type": "sha256", "uuid": "53362f03-a70c-4a3b-b770-81c6b4d58472", "value": "86bbbbdddba24d1208ba9e68a3faf8020b9008a9db8f157774399b5ff51143ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800590", "to_ids": true, "type": "ssdeep", "uuid": "cfbf52bd-7063-4e98-844a-586439ae7cb4", "value": "12288:yzH5zUTffcSVsEq33hQwUenqmWhmK8FVbw5K6lN5Kzqnku/zw3im888TZG:iUTHcSRqHhTUNhsJIIxO6iy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800590", "to_ids": false, "type": "size-in-bytes", "uuid": "3c93e5d1-c0c0-475a-ad28-b3eaf847666f", "value": "666794" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800590", "to_ids": true, "type": "vhash", "uuid": "4333d592-d610-4dd2-bd77-249bca82b89a", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800590", "to_ids": true, "type": "filename", "uuid": "7796fb25-91d9-4565-a696-46041e506513", "value": "d83dd713de1f1a87f568d40226b220a2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800590", "to_ids": false, "type": "text", "uuid": "5453962c-996c-48d2-a7eb-a35a89fae517", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859603", "uuid": "997ac184-66e3-4775-85ab-d234049e3d61", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859602", "to_ids": true, "type": "md5", "uuid": "699d5e18-b67c-4da0-93ef-632d9911ed45", "value": "7456e28599d81730a55d965501c332e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859602", "to_ids": true, "type": "sha1", "uuid": "8aaeda7b-14ed-40d4-a3e5-3a12abbd6937", "value": "7e9e1b4592a4b0f452756fb336970dcf3cd67b16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859603", "to_ids": true, "type": "sha256", "uuid": "c4aca5f6-e057-46a0-9402-a069d86f4cc4", "value": "7582a5171bd280c5472d3e97f2ae610634c17ed26f9db811f6a9402d41b303fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800611", "to_ids": true, "type": "ssdeep", "uuid": "4390d1d8-2b26-445f-9586-917e8e39360d", "value": "12288:qRs0wQzXF10VuWF6Y1j1V5NW5aJH5Jz6KhLRsh5K4JgixDY88B8s:F0wQjT3YFWYbhLRwI8rDc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800611", "to_ids": false, "type": "size-in-bytes", "uuid": "30665244-7e39-45a1-8260-9c6bfe71511d", "value": "666203" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800611", "to_ids": true, "type": "vhash", "uuid": "e0cfd9ed-a3d2-4ee6-9262-e83f6089310d", "value": "05e0c2a018a3fcf7cdcd839fd51cc127" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800611", "to_ids": true, "type": "filename", "uuid": "fc40960c-5e7e-44ec-a0f1-6adb54e4e704", "value": "7456e28599d81730a55d965501c332e6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800611", "to_ids": false, "type": "text", "uuid": "5fb6acd5-3844-4e8f-bb3e-72530b80eb76", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859604", "uuid": "b95ba78c-04f7-4f3f-a10c-70c8b8f67a62", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859603", "to_ids": true, "type": "md5", "uuid": "6cc80b6d-9049-4d6c-9b28-f474b2ef7eee", "value": "1c9f50a0feca06ccf968f6f91f51d0dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859604", "to_ids": true, "type": "sha1", "uuid": "0f69c35f-8be9-48bd-a416-1b0a7226e870", "value": "40051d7efcf981e2c9e4111e301c612a81d76ce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859604", "to_ids": true, "type": "sha256", "uuid": "a7ea6809-fc7c-4578-ab03-d2d2a61f3d6b", "value": "ce3c0d7ec8d3e4643a8467ec48b84e0cff0b3d34608eead74328c5c90daddbb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800632", "to_ids": true, "type": "ssdeep", "uuid": "6e76cd1e-9686-434e-9380-0dc99db5e069", "value": "768:pIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsB0:pNwEbF6zoXXYwuyJzjkW3UXwpaRGzSrR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800632", "to_ids": false, "type": "size-in-bytes", "uuid": "fa7548e1-1a62-4d71-a587-cb01ca8adfaf", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800632", "to_ids": true, "type": "vhash", "uuid": "f6dffa55-0ac8-4560-b856-aa1c46490711", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800632", "to_ids": true, "type": "filename", "uuid": "c7de34db-655f-45ce-9c7a-f8ff2f5d665c", "value": "1c9f50a0feca06ccf968f6f91f51d0dd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800632", "to_ids": false, "type": "text", "uuid": "5ad9a95d-18d1-42c0-bc50-d593e201cc3a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859606", "uuid": "62057b17-b1bf-41dd-8515-117cb5289fee", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859605", "to_ids": true, "type": "md5", "uuid": "25f0aa0c-7093-4678-81bf-de95f53b32ac", "value": "ab58b5b3c4aed67292eb79104df0b8aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859605", "to_ids": true, "type": "sha1", "uuid": "b56a2c35-b0e6-4759-a6c3-0e80d974d957", "value": "6569edb6106e24bd70cd98337ffdcf9cdd478bc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859606", "to_ids": true, "type": "sha256", "uuid": "2dd41201-2a0a-4c0f-8328-2b7188b3be47", "value": "f75a38c290fa9857741d2583be3f5417e9c2af919f76917649b518f9b1699dae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800654", "to_ids": true, "type": "ssdeep", "uuid": "a7ba1b9e-d0e8-4ab0-b765-1fe626f044e1", "value": "12288:PzH5zUTffcSVsEq33hQwUenqmWhmK8FVbw5X6lm5K8/Xusyj+7+jQ15Du:FUTHcSRqHhTUNhs2FIohyqeT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800654", "to_ids": false, "type": "size-in-bytes", "uuid": "cfb45d79-2e09-4839-8369-ce7c2b6f08cb", "value": "867068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800654", "to_ids": true, "type": "vhash", "uuid": "9bd6ec4e-01ea-40b8-bc0c-b91bad400ade", "value": "b006d9ed4db498dc831f342db3b37492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800654", "to_ids": true, "type": "filename", "uuid": "faa2d66d-a264-4f9d-8036-c6e8d8b91d70", "value": "ab58b5b3c4aed67292eb79104df0b8aa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800654", "to_ids": false, "type": "text", "uuid": "039fc083-ce67-49fd-8ea3-181f8191d8a5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859607", "uuid": "ccbea2ca-354f-452d-8f76-2fe13058dd09", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859606", "to_ids": true, "type": "md5", "uuid": "a84753df-e5f5-4498-a356-40e14898f90f", "value": "540d672258f4713a033c79e62ac4313e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859606", "to_ids": true, "type": "sha1", "uuid": "cecc04dd-c3de-425f-a218-7df5ed406bfb", "value": "fb486b21faf725293cf825822ad3985cc4794d01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859607", "to_ids": true, "type": "sha256", "uuid": "7201349a-af5d-45bd-88a4-d55a1d03f20e", "value": "3ddad5e2c314732bc69ad88ccd9f013e87b738bf5e794fa7e850054ec23116af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800675", "to_ids": true, "type": "ssdeep", "uuid": "86493ac6-829f-47d5-a6e8-8d01057757de", "value": "768:MIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsdH:MNwEbF6zoXXYwuyJzjkW3UXwpaRGHSrq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800675", "to_ids": false, "type": "size-in-bytes", "uuid": "d13eb5f8-123f-48cc-9d27-ca1036ed1777", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800675", "to_ids": true, "type": "vhash", "uuid": "42357ad7-56d4-457d-8679-d11228aab3c2", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800675", "to_ids": true, "type": "filename", "uuid": "2016b721-af9a-4c3b-bc95-71ab8a65f05d", "value": "540d672258f4713a033c79e62ac4313e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800675", "to_ids": false, "type": "text", "uuid": "b509ea2b-2d95-45d6-94fe-5451db7e27e7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859608", "uuid": "67982702-66c4-40e6-b288-fe664506b632", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859607", "to_ids": true, "type": "md5", "uuid": "4803e364-a654-412d-a0de-f6441a2cf88f", "value": "ac02a54b5004fe58a55a50f81a2b2e23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859608", "to_ids": true, "type": "sha1", "uuid": "589d3c6d-fad6-4b6a-a6f3-aad810afae0d", "value": "f18e0ff59871d0fed7bbb8fb0532299c8bb1c92f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859608", "to_ids": true, "type": "sha256", "uuid": "32b10fb0-4342-4e11-a03a-c04e0712b9e8", "value": "b2c369bf67873afa197bbfd1077bc750e55dfa13633fff4ea401a3ec23ca69a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800696", "to_ids": true, "type": "ssdeep", "uuid": "6b9b6c09-52f9-41a4-a779-42cf08d376c8", "value": "12288:Ab/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VUv6lN5KKcF8880K:AYVaLQjs7HinJL8ZCHUvIIc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800696", "to_ids": false, "type": "size-in-bytes", "uuid": "ae8ca0bb-d6a5-4e8d-a4f5-1bda56df5261", "value": "667128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800696", "to_ids": true, "type": "vhash", "uuid": "4b935898-ae16-47b9-9dd4-a01198742704", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800696", "to_ids": true, "type": "filename", "uuid": "d8906e13-b794-4525-8827-49fd0967677b", "value": "ac02a54b5004fe58a55a50f81a2b2e23.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800696", "to_ids": false, "type": "text", "uuid": "aeaba994-8ed9-4c4e-aaf2-0f32f2bb0651", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859609", "uuid": "1c138271-c850-45ec-880d-e34eacb670ac", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859609", "to_ids": true, "type": "md5", "uuid": "c5c1cbfc-1ab3-419e-a895-89f1f7150eb6", "value": "aef7f9472b941c8f805571252459c14f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859609", "to_ids": true, "type": "sha1", "uuid": "7c8eac09-1064-4418-b2c9-32200169a8a7", "value": "ef80d10a89351387c04b9da5bd3e876fb55f350e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859609", "to_ids": true, "type": "sha256", "uuid": "98deff13-32d2-46ca-ba8a-d68d97d1c8ae", "value": "3f6b159e79ac1dc7e371e881872d0bd160b1bb6c808d72853707a6e248c4c49a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800718", "to_ids": true, "type": "ssdeep", "uuid": "2d2f2e93-43d2-44b7-8381-709f069aea05", "value": "12288:HRs0wQzXF10VuWF6Y1j1V5NW5aJH5Jz6KhLXsM5KYJgixDY88B8E:20wQjT3YFWYbhLX7IcrDU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800718", "to_ids": false, "type": "size-in-bytes", "uuid": "1c6d3dda-1958-49a3-89e9-5dd2d8ca262d", "value": "666213" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800718", "to_ids": true, "type": "vhash", "uuid": "a56eb236-98d7-470c-90bf-a8a8a259fb3b", "value": "05e0c2a018a3fcf7cdcd839fd51cc127" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800718", "to_ids": true, "type": "filename", "uuid": "d37491cd-d258-4038-b4f5-71c7d72ff56f", "value": "aef7f9472b941c8f805571252459c14f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800718", "to_ids": false, "type": "text", "uuid": "53f40903-8e81-4d90-a7f0-565ebfd179ef", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859610", "uuid": "fef2dab4-8777-4dde-8298-cecc5b43ab69", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859610", "to_ids": true, "type": "md5", "uuid": "8508b0d9-2aee-40b9-9ca1-df3883bdd68e", "value": "efa3cddc8b7327cbe66cc6fcd106065e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859610", "to_ids": true, "type": "sha1", "uuid": "5ae9f2bd-febb-4ee1-8aa2-3b7ec52aa32d", "value": "234fbdc5457390202d0025ed26cd779e2c003e62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859610", "to_ids": true, "type": "sha256", "uuid": "25857ee3-38ad-4dae-a24c-4f2c85c214ec", "value": "ca910de186dae7934fd5ce7bc093848421631e3c5434ec146bfeb0ec6d8954ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800739", "to_ids": true, "type": "ssdeep", "uuid": "28cbdacc-15de-4311-a005-3c0ed19217a9", "value": "12288:wuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1vsM5KDqnku/zw3im888TZ7:yISo0ah2NRUpNjODg97IhO6if" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800739", "to_ids": false, "type": "size-in-bytes", "uuid": "f79ad8c5-ea9b-474e-b7b3-f7648985145d", "value": "666281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800739", "to_ids": true, "type": "vhash", "uuid": "fc62ce7a-afe8-4d9d-8861-f48ae248a016", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800739", "to_ids": true, "type": "filename", "uuid": "80e9dff5-259b-463d-8cf2-25987f85c65a", "value": "efa3cddc8b7327cbe66cc6fcd106065e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800739", "to_ids": false, "type": "text", "uuid": "d3e241ea-2104-4de1-a9b9-bcb34a9ec298", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859611", "uuid": "481e23ec-5ad6-4567-9fce-2dc66ad50f7b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859611", "to_ids": true, "type": "md5", "uuid": "70c6dea2-65f3-4f38-a0fc-f108d4bac43d", "value": "1929532c59908d86ecc4556f07d0eb23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859611", "to_ids": true, "type": "sha1", "uuid": "791a6800-f288-4820-a25a-5351d42142f8", "value": "7576ed2e6939c18ccebbdf40e322bff7fb15bfaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859611", "to_ids": true, "type": "sha256", "uuid": "01317484-727f-41ab-9613-aa50d4b42294", "value": "2faa7f09b58132bfe6981cd5d9230e8fd2128cf8ddbe63091bf6d00653be61ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800760", "to_ids": true, "type": "ssdeep", "uuid": "f78f89c0-4d27-4d3e-8b32-24e9a186940f", "value": "12288:eb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KSh5sCG:aYVaLQjs7HinJL8ZCHU0FII5pG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800760", "to_ids": false, "type": "size-in-bytes", "uuid": "cdf4b1c4-2a1e-4f58-a9da-bbeb658992ce", "value": "667444" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800760", "to_ids": true, "type": "vhash", "uuid": "604eea14-1a3e-4ccb-9c19-fe7cae93ca8d", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800760", "to_ids": true, "type": "filename", "uuid": "00eb2684-85fe-43ae-9078-b51bebdca0b2", "value": "1929532c59908d86ecc4556f07d0eb23.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800760", "to_ids": false, "type": "text", "uuid": "dd82d2e1-bddf-4089-bf73-44ccfa9d8387", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859612", "uuid": "00241b94-0150-4073-809f-1ed546bd6555", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859612", "to_ids": true, "type": "md5", "uuid": "438158a5-38ba-401d-b4ac-6679ae6d0c66", "value": "776dce4709940bf0012a0eaf4181ce20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859612", "to_ids": true, "type": "sha1", "uuid": "75cd2fd6-ed92-4a9b-b31f-d8d73d4e2c62", "value": "ddbd18a28712b0ec34743cc28d15f73f6765ff34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859612", "to_ids": true, "type": "sha256", "uuid": "6e4361e0-8bbb-4fba-a239-cbdfb5462388", "value": "e39dbcb2eb4e00278949a4a6a9afc3abce0b0384e4948dbf6d1a31060774aa55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800782", "to_ids": true, "type": "ssdeep", "uuid": "d5ff3f9d-a3f8-4378-b76b-52dd5894938f", "value": "12288:zb/436iowQLQ7XsVacHAHr7sCHJLB+zfdTC5VU06lm5KtX88j0o6t:/YVaLQjs7HinJL8ZCHU0FItl6t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800782", "to_ids": false, "type": "size-in-bytes", "uuid": "1b307684-c235-456b-aa7f-36fefe227996", "value": "667274" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800782", "to_ids": true, "type": "vhash", "uuid": "d475d8e3-0d2e-45a7-acb4-14f1782d693e", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800782", "to_ids": true, "type": "filename", "uuid": "249c63e1-3b7f-4de1-839a-599193146d9d", "value": "776dce4709940bf0012a0eaf4181ce20.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800782", "to_ids": false, "type": "text", "uuid": "9826f63c-01ed-46c9-98f9-82b81f6d829d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859614", "uuid": "4d17ff4a-e578-4e09-a11f-247a10f9cd53", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859613", "to_ids": true, "type": "md5", "uuid": "3aa1e0c5-0303-4334-b53a-9e364a7a62bf", "value": "a36965a39c3bdde438b66c6b03aac61b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859614", "to_ids": true, "type": "sha1", "uuid": "65bea317-eaec-4983-915a-b41abf1b3044", "value": "d6b99179db1e48953158e5f88d64685925bb1c7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859614", "to_ids": true, "type": "sha256", "uuid": "dc49be4d-d376-478f-957d-301f970ab9d2", "value": "f269d02b5416c7958c3b6e063ddc2e177d15271ba76577ee7622c35de2989320", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800803", "to_ids": true, "type": "ssdeep", "uuid": "f50c0d3c-c82a-4432-a6bc-1c628055f438", "value": "12288:VwMF09fVmCp6d2KFiu7eNlHfovae23Rqs8Oz+lxP13S1cfTu4xcZysM5KIJgixDG:Tofz3Du7eVovaeTGz+lxt5qsky7IMrDG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800803", "to_ids": false, "type": "size-in-bytes", "uuid": "03df35a8-50ec-4e08-b6bd-88d145e44477", "value": "666208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800803", "to_ids": true, "type": "vhash", "uuid": "10e6eb3e-17e3-4e58-bf66-9478aa542186", "value": "05e0c2a018a3fcf7cdcd839fd51cc127" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800803", "to_ids": true, "type": "filename", "uuid": "b9655e64-6966-42f0-827c-b677b45e497e", "value": "a36965a39c3bdde438b66c6b03aac61b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800803", "to_ids": false, "type": "text", "uuid": "4912d378-8692-4d2b-b311-32f73c74dc5b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859615", "uuid": "c2d21c4e-143d-4d22-980b-1b850b5a5fb5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859614", "to_ids": true, "type": "md5", "uuid": "d5a087d6-3773-4b5c-acf3-436c1f9a9ea1", "value": "65c386f7e5da98f4d4a370a9f043f504", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859615", "to_ids": true, "type": "sha1", "uuid": "701aa65d-cb22-48df-8052-6abfbb07dc86", "value": "570b7f3eefe96bd90216116017101a39cb1960ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859615", "to_ids": true, "type": "sha256", "uuid": "d4b01e32-b095-45dc-b74f-ce3e20bc0176", "value": "42d84abc4acb097e5c494192f1f9e07245066823f88238e82f274c98e370135e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800824", "to_ids": true, "type": "ssdeep", "uuid": "033582b7-0f22-46c5-bbc6-50cbd67d7b0a", "value": "768:7It03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsDL:7NwEbF6zoXXYwuyJzjkW3UXwpaRG5WaT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800824", "to_ids": false, "type": "size-in-bytes", "uuid": "9f0bf865-af1c-420e-aabd-f701655f83d8", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800824", "to_ids": true, "type": "vhash", "uuid": "1e7c57c2-4a93-45a7-9d3b-add81773398a", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800824", "to_ids": true, "type": "filename", "uuid": "3b436aa5-0749-4112-bfcd-cc3777f55f42", "value": "65c386f7e5da98f4d4a370a9f043f504.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800824", "to_ids": false, "type": "text", "uuid": "b11ca7a2-8d8d-4aef-998a-74f8ff60cf4c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859616", "uuid": "e554dd32-e235-4862-bc22-ac8440c14943", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859616", "to_ids": true, "type": "md5", "uuid": "3bbc4d1d-c021-4583-b6fe-99c83f91d7db", "value": "27591b14a6870a4aa014f3f4a8f9afa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859616", "to_ids": true, "type": "sha1", "uuid": "ae433e3e-b863-4164-b772-26ddf247b5e1", "value": "d8034442c03d878a4beeaeec56b3134d835a8661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859616", "to_ids": true, "type": "sha256", "uuid": "a65019d1-14ce-4430-995f-894a8df6c3af", "value": "0ee3b648e2060c5e0d7939428d160d5c8e059f233f9015bd2dd70ebbd68442e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800846", "to_ids": true, "type": "ssdeep", "uuid": "39b6449b-2a74-4342-ac14-7ba8506853e3", "value": "768:pIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsRI:pNwEbF6zoXXYwuyJzjkW3UXwpaRGTSrx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800846", "to_ids": false, "type": "size-in-bytes", "uuid": "9a587371-c7e1-4e3a-888c-d4ff8c4702fe", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800846", "to_ids": true, "type": "vhash", "uuid": "251181e0-d3d8-4cda-86bc-5ed142393d36", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800846", "to_ids": true, "type": "filename", "uuid": "0dd72f6a-ef01-41d3-9b40-1af2b38e7f81", "value": "27591b14a6870a4aa014f3f4a8f9afa6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800846", "to_ids": false, "type": "text", "uuid": "a5f2f437-c89a-4a90-9cad-f1b68622e0c5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859617", "uuid": "93f27913-318e-4236-a23a-834d0d8acb78", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859617", "to_ids": true, "type": "md5", "uuid": "b685c44e-81fa-4b11-beaf-b092d8c14dae", "value": "d526d61b0f572dda73d622ba6155f862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859617", "to_ids": true, "type": "sha1", "uuid": "babdc42c-c3de-4beb-b8e6-3739300878ef", "value": "29632ac2b1a9df3baa2a902d57f801a470d08a0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859617", "to_ids": true, "type": "sha256", "uuid": "37ffe9bf-fa65-495a-b462-1c8407c28df0", "value": "799f3eacd31c46c395ab8554a7f4a34776c7ecf4a1ae556c41f6eff8e44b2afe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800867", "to_ids": true, "type": "ssdeep", "uuid": "2a6ae895-0f01-4120-8cc1-d7520feb4f50", "value": "768:HIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsRC:HNwEbF6zoXXYwuyJzjkW3UXwpaRGjSrP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800867", "to_ids": false, "type": "size-in-bytes", "uuid": "64582b78-2c4f-461c-86db-65dc7e14ee2d", "value": "44905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800867", "to_ids": true, "type": "vhash", "uuid": "38b0ebd4-d14a-448c-8c13-e69e1a6b7972", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800867", "to_ids": true, "type": "filename", "uuid": "736e32d2-808e-4a27-8e6d-e29e8a3accb5", "value": "d526d61b0f572dda73d622ba6155f862.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800867", "to_ids": false, "type": "text", "uuid": "3d516347-711c-47dd-a7da-118a6c9c7ef5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859618", "uuid": "4f47c94a-2aad-4303-9359-d505c9c01f3a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859618", "to_ids": true, "type": "md5", "uuid": "1497eb3d-be0a-40c2-bbc7-2dcbec838f10", "value": "3d8595b635fc6adffdbd722bbbe9b4df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859618", "to_ids": true, "type": "sha1", "uuid": "8e7f181b-7d28-4269-8865-236693978ed7", "value": "5947431d3ec1034e32eb63bfa51907c6b6d6e636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859618", "to_ids": true, "type": "sha256", "uuid": "24a6f0bd-8a53-464f-83a5-32692f6e64cd", "value": "bc718e1da8bc266f05fe567705ccc00bc0767a50125edd14dbbf11168fed6fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800888", "to_ids": true, "type": "ssdeep", "uuid": "744cc1d0-d294-4d38-9313-ca1b13124230", "value": "768:9heq/EvdaPWiDCyJzjHYbxsQcZULe+vop5tLcD/JGJms4CbFuW7/Xyz6PXQ0Y6Ii:m5lETuyJzjkW3UXwpaRG3F6zoXXY6NrB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800888", "to_ids": false, "type": "size-in-bytes", "uuid": "869ca86d-fe2b-4360-bec2-72bb32d1d700", "value": "46110" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800888", "to_ids": true, "type": "vhash", "uuid": "42562cf3-bc47-4329-b784-4596c6df0bac", "value": "23870911cba445c568247c75d543f013" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800888", "to_ids": true, "type": "filename", "uuid": "78a545da-88e9-4780-8d25-f39ded874bbc", "value": "3d8595b635fc6adffdbd722bbbe9b4df.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800888", "to_ids": false, "type": "text", "uuid": "42cbe1b4-a63a-4dec-bf95-4b7d76ff686b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859619", "uuid": "ebd2d304-18ae-47ae-82e8-25d46eea49aa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859619", "to_ids": true, "type": "md5", "uuid": "2445be98-9114-419b-8695-cf27753b3503", "value": "d5ce8ddcac84bda3701d232ec6083209", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859619", "to_ids": true, "type": "sha1", "uuid": "0e630b3f-d254-4373-b616-4a2d310e4ef5", "value": "b2cbacfc4f38bc11d2b45cd5ed2773fbacd9474a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859619", "to_ids": true, "type": "sha256", "uuid": "de093792-1249-469a-ab0f-20de18cfd5bb", "value": "2eceb209511f1c7932c42219e6602d248d19246da18d934d413251a3d340add5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800910", "to_ids": true, "type": "ssdeep", "uuid": "7f209ef6-1220-4436-8e71-388ec3cbc6fd", "value": "768:KIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsmF:KNwEbF6zoXXYwuyJzjkW3UXwpaRGkWzE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800910", "to_ids": false, "type": "size-in-bytes", "uuid": "b92c55be-4dc7-40fa-8a2d-3757d3f2a2e2", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800910", "to_ids": true, "type": "vhash", "uuid": "df3949d1-687f-457a-b95a-4d571c1a1357", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800910", "to_ids": true, "type": "filename", "uuid": "bb10a4d7-e3c5-4e7e-987b-1f6f80f8fdad", "value": "d5ce8ddcac84bda3701d232ec6083209.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800910", "to_ids": false, "type": "text", "uuid": "31edac4c-058f-4c4a-9a36-3875d4e859ca", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:17/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859621", "uuid": "b9325b77-31f5-473a-af36-94b2a2a859f4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859620", "to_ids": true, "type": "md5", "uuid": "3ae86e96-b653-4835-8566-bf768885a0d6", "value": "750182ac09b82c9af7a646181135a8c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859620", "to_ids": true, "type": "sha1", "uuid": "30ecf008-2c77-43b2-94b7-edbde09a2303", "value": "51e8d35912e444f3c84765d84b87b2c95a2ae5e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859621", "to_ids": true, "type": "sha256", "uuid": "a3bea70a-d4db-4e1f-925a-40cf41edd6f7", "value": "931361c05e786f8a2724ecb36179908f2e44ca12add0587023bfc33bfbefc771", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800931", "to_ids": true, "type": "ssdeep", "uuid": "e60f2121-4615-4c97-a255-2ee1feecb8e0", "value": "768:DIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsP7:DNwEbF6zoXXYwuyJzjkW3UXwpaRGRWSH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800931", "to_ids": false, "type": "size-in-bytes", "uuid": "28786594-9e36-49ad-b414-1e93b21c496b", "value": "45299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800931", "to_ids": true, "type": "vhash", "uuid": "a631105d-52d1-4535-9e06-bbf7b25161f1", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800931", "to_ids": true, "type": "filename", "uuid": "c2e0cb77-dc62-411d-b770-ee43567e95dc", "value": "750182ac09b82c9af7a646181135a8c5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800931", "to_ids": false, "type": "text", "uuid": "ae053656-0af4-4b45-a590-03d95d281a90", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:22/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859622", "uuid": "9b4e6c19-7ba0-4d0e-9fc0-c26c7c7159a2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859621", "to_ids": true, "type": "md5", "uuid": "c35417c3-f006-4587-b0b3-5aa861aa2f19", "value": "f3faec78c8f6dbede6a1ae1028713aac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859622", "to_ids": true, "type": "sha1", "uuid": "d2c1ce01-5123-411d-a0d3-c0e470e179ef", "value": "0269381e64df80d1578d5e26cbe50eb064e05baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859622", "to_ids": true, "type": "sha256", "uuid": "76ad62ec-fb5d-4b1a-87a5-0ec5d87547b7", "value": "db4e01a256f3c705e36b56f0d116eaf4670bc0891f0ed9a5ff29e44b12f29829", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800953", "to_ids": true, "type": "ssdeep", "uuid": "c1d25ce1-c9af-4d02-99d5-b5bc1d96ebbe", "value": "12288:ZuaQFWDo0chh2YmaKUCGN09L69OXXKUkAPw1vsh5Koqnku/zw3im888TZa:FISo0ah2NRUpNjODg9wImO6iu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800953", "to_ids": false, "type": "size-in-bytes", "uuid": "d60c2b06-2895-4d14-9a98-defedb13068e", "value": "666273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800953", "to_ids": true, "type": "vhash", "uuid": "483d1430-8070-4ad6-8f97-073960507063", "value": "8296ab15d021e6008cf45defc6137dcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800953", "to_ids": true, "type": "filename", "uuid": "c5bab98a-b329-44f3-b634-16dd5be3892d", "value": "db4e01a256f3c705e36b56f0d116eaf4670bc0891f0ed9a5ff29e44b12f29829.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800953", "to_ids": false, "type": "text", "uuid": "2ad8b5ef-4315-46be-a34b-e6fe6529b970", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859623", "uuid": "b163f8cc-b8b5-4091-8702-98499ece11a6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859623", "to_ids": true, "type": "md5", "uuid": "fc319d6b-b7fa-4480-9a68-b77c42652461", "value": "b5fea23f14d6729280b7226168adabc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859623", "to_ids": true, "type": "sha1", "uuid": "52168525-5c9a-4ca1-a6ef-e44e06e13054", "value": "5e4763cdd2bc724315cda493cbec59e0a27f174f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859623", "to_ids": true, "type": "sha256", "uuid": "382d2e63-ff67-44b0-bc63-51084540e259", "value": "8c855dc12b076ed07e077e1f3a5bbec03fe1acc8724175692671d33495294467", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800974", "to_ids": true, "type": "ssdeep", "uuid": "5a5893ee-1b3a-4b69-8914-02994b87ee24", "value": "98304:WLiPZRa47a/9aT8C/5NKG0G/y6rnPL+ysBU/Xmm9BGQfdFi+OMDJObYkvgIn9BT+:WWPZR9+9agChNwG/y6rT/BdEXMDJjE/6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800974", "to_ids": false, "type": "size-in-bytes", "uuid": "c9214f4b-1ed3-4126-bede-bb299d035ea4", "value": "5898585" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800974", "to_ids": true, "type": "vhash", "uuid": "aad8a8e2-1d2a-481d-9c2c-aaa540a57816", "value": "c1021216b08699d921fd2ff1ae14a8a5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740800974", "to_ids": true, "type": "filename", "uuid": "b9a78c44-d5e6-43b9-9ac9-f0c2a86e57aa", "value": "izda.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800974", "to_ids": false, "type": "text", "uuid": "632f3d8f-5ee3-4b89-96a2-726f9024ea24", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:19/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859624", "uuid": "eb375fe2-670e-4d66-802f-41219ab1c1eb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859624", "to_ids": true, "type": "md5", "uuid": "e06652b4-2f19-49c8-992b-ecec90f6867c", "value": "02dff82c4677ef8cfcad5f2ace289d35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859624", "to_ids": true, "type": "sha1", "uuid": "18cdb6f6-45fc-4a94-bada-9b8f1fccfeb8", "value": "7ab78b309d1ff8febac01ca022a28a25405a6412", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859624", "to_ids": true, "type": "sha256", "uuid": "08527b06-dd75-4622-ad5f-70723051cba7", "value": "5a4279452550980d8e167c21647dbbba95194670f982349db5abd810ef03d1a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740800995", "to_ids": true, "type": "ssdeep", "uuid": "0cc06132-e7f8-4a6c-8e98-ec9c2808d5e2", "value": "196608:u+XWm/d6RV27+Ps5hRpju1O0CDk9E8e2CFwNUjIVpYCF:u+Xr/d6R65ROBo581DejIcU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740800995", "to_ids": false, "type": "size-in-bytes", "uuid": "9ef4825e-dc7c-4768-8f07-e6eccf438d02", "value": "9351190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740800995", "to_ids": true, "type": "vhash", "uuid": "ac7634f7-b95b-4dcf-b451-e156a153eee7", "value": "1f34f51eedf17994e4f26ce125c65bdc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740800995", "to_ids": false, "type": "text", "uuid": "2247a99d-217b-416c-8cae-2df79951715b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859625", "uuid": "d1e866ec-abd6-4290-84c9-8201733f2195", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859625", "to_ids": true, "type": "md5", "uuid": "a60402ca-8ee3-4751-996e-63dc6b1ceef5", "value": "9b1311e71f9a96eadfc4d4a21bb72732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859625", "to_ids": true, "type": "sha1", "uuid": "f5d6e709-5673-4a5c-bc98-a828e6e6a637", "value": "c1cc1ef8cd86f7d4c416ab81b8d3761b665f2634", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859625", "to_ids": true, "type": "sha256", "uuid": "a69a5463-6816-49b8-8fbf-7982b8849ab6", "value": "c223d607eb4a5f1b2f1ec674031f34f3106289e522b10031ef29175f5f1df03e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801016", "to_ids": true, "type": "ssdeep", "uuid": "40fe6d92-5e43-4ff7-ad3c-f9b44f82e3c2", "value": "12288:xZbldYaiOGI9uZ8Hcn7a5sM5KOANtW5JBNl4KOawt9LpUOa1:TQ/O1r8n7a57Ic5JBNO8wtNpU/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801016", "to_ids": false, "type": "size-in-bytes", "uuid": "48162847-b2e1-4c2f-98ab-41ef31841090", "value": "670054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801016", "to_ids": true, "type": "vhash", "uuid": "cd631030-c4a7-4f26-a923-da46a281d69b", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801016", "to_ids": false, "type": "text", "uuid": "5b9d4781-a4e7-48a8-abd6-55ff347b8d75", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:37/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859626", "uuid": "a8168dbe-b21f-4a23-a9db-1ad46de02bca", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859626", "to_ids": true, "type": "md5", "uuid": "4d3526de-ebde-4ea4-9db9-16e7ff0261d6", "value": "65512b864c977886e6b12e225b36e988", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859626", "to_ids": true, "type": "sha1", "uuid": "561bf475-87a6-4c91-a405-7a8d2b974bf1", "value": "f5df123a072a8722ad72f56d9f25424ae0996876", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859626", "to_ids": true, "type": "sha256", "uuid": "77920a7a-162e-4392-86b2-5a4e178cf264", "value": "a34b71e5a31e987b059e7dd0cd67376277fa376c8ee023c028bf0eeaed586f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801038", "to_ids": true, "type": "ssdeep", "uuid": "ca4796b1-32c0-49d3-9a3a-1af28917ee32", "value": "12288:6NlIkSQa8U2CSztIrQ/2EjPwSNuzdYsM5K0j3CTzogzPHnAwqThU2n:2xSQaICSztIrQuQPwSNAdY7I0j3CXogs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801038", "to_ids": false, "type": "size-in-bytes", "uuid": "4e232458-bb55-4ef0-9b20-aca7d26d3143", "value": "671401" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801038", "to_ids": true, "type": "vhash", "uuid": "0f09b67e-62dc-4e3e-9b6e-804a02bfe128", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801038", "to_ids": false, "type": "text", "uuid": "eb4f12f6-3952-46ee-a6b6-37558aa35e1d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859628", "uuid": "b416264e-04cc-43e2-a76b-79de928a654b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859627", "to_ids": true, "type": "md5", "uuid": "d637eb3c-8ed3-4cf8-9c13-d3ee892e412a", "value": "765073faafea7cd6584707aaf84ce33d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859627", "to_ids": true, "type": "sha1", "uuid": "d700ebc8-36c1-449e-8a0d-0743cb8ca068", "value": "b6e2bee8110b15ff97dc6574e5b83b4ed6b44380", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859628", "to_ids": true, "type": "sha256", "uuid": "4870f2e7-fa5a-4326-a6a6-52713d7b6179", "value": "c378de7c82bf01b709ad7f6954201c5018cb788830e852e582c837120222a4a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801059", "to_ids": true, "type": "ssdeep", "uuid": "90446612-6009-4a88-934b-7743422a1372", "value": "12288:DxZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5K2tC0f0NBIYGHJ9A0NVNR2YL:H7UpEb43PhLziZ3wIV8YGHJ9A0Nr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801059", "to_ids": false, "type": "size-in-bytes", "uuid": "8b48e3ad-7728-45fb-9d8c-d4f60ee8f56e", "value": "875754" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801059", "to_ids": true, "type": "vhash", "uuid": "f9da933c-1878-4227-84b7-286e97bc4a2d", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801059", "to_ids": false, "type": "text", "uuid": "606cc553-beae-4b90-9023-444236573860", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859629", "uuid": "6f4c71fb-a971-4a76-a7bd-bc42b778213d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859628", "to_ids": true, "type": "md5", "uuid": "3b9d5f52-fd39-40a4-a26f-b101dec80e9a", "value": "80293be6749544456eb06c4d5476e43f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859629", "to_ids": true, "type": "sha1", "uuid": "981a7dcd-3f51-4f20-9af3-02eabb1ebb93", "value": "640b97ba93f587934e474fcb41c8a673c957911d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859629", "to_ids": true, "type": "sha256", "uuid": "713d9c2b-41b6-4948-a2ae-5dba1d8b8fc6", "value": "87d180089ce90da284cec5133ecaae90f8521ea7cb66b91f3a17bdd60b97bfa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801080", "to_ids": true, "type": "ssdeep", "uuid": "b8857a1b-0d88-4fdc-a9e6-ef6387c97163", "value": "12288:97Zblp2Ca1pBhJREtZ45ZPhLzGZ3Z0sM5KGDr3APObwNk:/HUpEb43PhLziZ07IUn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801080", "to_ids": false, "type": "size-in-bytes", "uuid": "ab3e93c0-3357-4e62-9113-488a486c2f41", "value": "671672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801080", "to_ids": true, "type": "vhash", "uuid": "19164084-c990-47d0-acf1-eea6530884f3", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801080", "to_ids": false, "type": "text", "uuid": "8a7d5d51-eaa9-4321-b9f4-dafc0cdec730", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859630", "uuid": "66d667db-8c20-48f0-b27f-3e0bec04e32c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859630", "to_ids": true, "type": "md5", "uuid": "1df5ff1c-93f1-41e6-b654-e2513644080b", "value": "0e40b10a9dfe283063d03d18287e6dc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859630", "to_ids": true, "type": "sha1", "uuid": "21fa41b0-076b-4d9b-832c-b99dd496620f", "value": "d60192d677d1cfea79001ef3335bf6a310a7d073", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859630", "to_ids": true, "type": "sha256", "uuid": "432dd11c-97ab-463f-923f-5d2879db974c", "value": "05b6ed3c0c0bd747e65710cd2002c49f5caec9815890a2b6775287b0c5447e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801102", "to_ids": true, "type": "ssdeep", "uuid": "9b2d2246-f9cc-4549-beea-002224548876", "value": "12288:KxZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5K5rG/WAqJxKC9kgCours:A7UpEb43PhLziZ3wIQ/WAGxHCu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801102", "to_ids": false, "type": "size-in-bytes", "uuid": "6fb537b0-00ec-45e7-a5f2-40ceb7999f47", "value": "671409" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801102", "to_ids": true, "type": "vhash", "uuid": "ef6b69de-d45d-4d75-864c-91d9273406eb", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801102", "to_ids": false, "type": "text", "uuid": "5c105d8a-f348-4f6d-8fc8-18b9d84d731d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859631", "uuid": "cde6a8ad-e5f1-4539-b202-bf0997bb4653", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859631", "to_ids": true, "type": "md5", "uuid": "c0c77818-f90a-4662-b24c-e127d309f7fd", "value": "263f8ade9ae73d1f76a635726990fc84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859631", "to_ids": true, "type": "sha1", "uuid": "b39126f5-77d6-4d01-902b-44a73ce0e9cd", "value": "482810f768968e48d2b81506af12f30f07373533", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859631", "to_ids": true, "type": "sha256", "uuid": "6d5a0bf6-82f7-4e17-b3d1-ef62978d1f31", "value": "f23f2048f760068a99a5224ce31f62eceba647215fc858c24e8893e15ddf9c3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801123", "to_ids": true, "type": "ssdeep", "uuid": "1b6f75f6-7bae-4351-b7de-0a2c40791673", "value": "24576:THWIi+Q3895AVRLGnb5wITTLo2FsMa+hdULO5Phbi:oJ3e5ALSFt9ZZi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801123", "to_ids": false, "type": "size-in-bytes", "uuid": "e19a3a56-e6d9-4fac-9a64-3be97058f5c6", "value": "875918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801123", "to_ids": true, "type": "vhash", "uuid": "75d82dd0-b69e-4580-8ed2-3b92392dddc0", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801123", "to_ids": true, "type": "filename", "uuid": "2d0a78b7-d0df-4ef1-8cd3-3892e5a30354", "value": "263f8ade9ae73d1f76a635726990fc84.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801123", "to_ids": false, "type": "text", "uuid": "0b8a71d7-719f-4299-a941-7c40ebe106c3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:39/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859632", "uuid": "4eff695e-0760-438f-92de-3974ed90957e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859632", "to_ids": true, "type": "md5", "uuid": "732b6f81-7c4d-4de2-96f4-be5d248d0853", "value": "6a8c46bd31b385d29889ecf3cc59485f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859632", "to_ids": true, "type": "sha1", "uuid": "5d136e85-572f-4cdf-bbe2-79c731b46106", "value": "4fa17915a95539f5dfcc23c92a0d23e3f944f238", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859632", "to_ids": true, "type": "sha256", "uuid": "33aedda9-8ce6-43f9-925f-972bb64644a8", "value": "d71b932e0a7c251238d7b61c60e38bce8266ca9a1b6844afce82f64c57c1c2b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801145", "to_ids": true, "type": "ssdeep", "uuid": "b511d6f4-1133-488c-acaf-72c4c801f19d", "value": "12288:KNlE6g0zfmm/piaTzRY31Yt4ydqpT4S/c3sM5KSvSFaWvBntdvQiJDrk6h73Jg:GNzawqmKpT4ac37Ia6vBn7vQidxW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801145", "to_ids": false, "type": "size-in-bytes", "uuid": "56df6c15-7d26-4691-a04a-b9d840396c41", "value": "669603" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801145", "to_ids": true, "type": "vhash", "uuid": "50d6aeb1-ca39-4c9f-869b-2f6cc7473ca4", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801145", "to_ids": true, "type": "filename", "uuid": "1fb8b61f-97d2-43d6-80a1-615ef25fa4b5", "value": "6a8c46bd31b385d29889ecf3cc59485f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801145", "to_ids": false, "type": "text", "uuid": "01668e3a-0982-4b33-a974-28e7dc01b622", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859633", "uuid": "99cee775-31b5-4f2a-b98e-d05371c282ce", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859633", "to_ids": true, "type": "md5", "uuid": "bf15ec14-423f-4758-b04d-1e5be2bfeba3", "value": "5b64ed8488f302b32a19fc4635d194e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859633", "to_ids": true, "type": "sha1", "uuid": "557e8cc7-e8ab-4e56-97e4-b9291921df17", "value": "e9196aeea3c18aae07ab35404d038f9327dbb50a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859633", "to_ids": true, "type": "sha256", "uuid": "1cf7d340-1066-4cee-83d9-0e42dd144544", "value": "b799d5649f37d6d3c824774af2a8e9ae30d69aedd964800325c0482397b366ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801166", "to_ids": true, "type": "ssdeep", "uuid": "dc82b5d7-8986-4555-bbd3-62e5afac4dc7", "value": "768:+It03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsBr:+NwEbF6zoXXYwuyJzjkW3UXwpaRGQE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801166", "to_ids": false, "type": "size-in-bytes", "uuid": "5e8b55d9-d2e8-46d5-932c-6dbafc79fa0f", "value": "45417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801166", "to_ids": true, "type": "vhash", "uuid": "54c91904-1505-4a61-81f3-58dec10f2e29", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801166", "to_ids": true, "type": "filename", "uuid": "d313abad-641b-4df3-a810-2619a5791baa", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801166", "to_ids": false, "type": "text", "uuid": "5a513597-8870-4d33-aad5-354d1c1166bf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:24/57" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859635", "uuid": "a490e075-7ed4-49d6-ba26-9c6682419565", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859634", "to_ids": true, "type": "md5", "uuid": "1aa35c5f-a16e-441e-931d-e853249c8502", "value": "1b0d0e3ec0386abb0db6beda28e4d260", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859634", "to_ids": true, "type": "sha1", "uuid": "ead4e027-09d3-4498-9622-ef3bcd1c1b0d", "value": "05fc39025ea168e09ce1155d417d3ef7e19fa6ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859635", "to_ids": true, "type": "sha256", "uuid": "7c7c0b6c-1312-4deb-a4ac-5827f0efede0", "value": "cad513d22f2bec4a893bc4c495b32a126db464809e0ae08dd5e5e4c039f94bc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801187", "to_ids": true, "type": "ssdeep", "uuid": "c0db2d4b-8fb6-4115-bf82-5ae4262defac", "value": "768:7It03WP8sdaPWFbFuW7/Xyz6PXQ0YLDCyJzjHYbxsQcZULe+vop5tLcD/JGJms7i:7NWEmF6zoXXYLuyJzjkW3UXwpaRGNOo4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801187", "to_ids": false, "type": "size-in-bytes", "uuid": "e95b9780-3cd0-4305-b2ef-b68912889133", "value": "45206" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801187", "to_ids": true, "type": "vhash", "uuid": "049db4a6-d8ce-4a13-aca2-846fb6538647", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801187", "to_ids": true, "type": "filename", "uuid": "fb9c37b4-65e3-416d-bfd6-33fcdda871c4", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801187", "to_ids": false, "type": "text", "uuid": "f2a71c18-0525-44d1-a467-cf8eb77c2846", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:19/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859636", "uuid": "b61f7d06-9eaa-4257-8623-70ec4c96dce2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859635", "to_ids": true, "type": "md5", "uuid": "2baaaa04-aadd-44b5-94a6-b61c8c2c69ff", "value": "4a9e3925e0c51d1068de4e822fa63a10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859636", "to_ids": true, "type": "sha1", "uuid": "47d9bcc5-9d63-4cc5-8b69-39174cc6f605", "value": "95eb169d3db1df0e1e12eeecc6f3abce4c36c16d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859636", "to_ids": true, "type": "sha256", "uuid": "edb1dde4-a978-4142-83a0-049e9e0309db", "value": "18c9b8aaff4bb5f2c56ddd3c0c1d815f3621a4fe80f4d2fa61e7b2690e6b69d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801208", "to_ids": true, "type": "ssdeep", "uuid": "c45da989-3ac6-4033-9b73-2edf471d8d42", "value": "24576:QEBRNZq3QJAawI31cyRZmZQY4rFG/Y9X1IerO3WolPR8p+P:nBHJAat1cyRECAY9X1Ij3nEs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801208", "to_ids": false, "type": "size-in-bytes", "uuid": "54699adf-9d3c-4878-ab2a-eaa0f4d16c0d", "value": "1212078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801208", "to_ids": true, "type": "vhash", "uuid": "6d82dbbc-5345-45e5-a23c-9777f3bce67c", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801209", "to_ids": false, "type": "text", "uuid": "ac8539fa-d0fc-4c51-b4a2-5dde790fbe60", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:35/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859637", "uuid": "08e53a0f-b9ee-41f0-8e27-7aead39d7667", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859637", "to_ids": true, "type": "md5", "uuid": "ebc1bac0-fce2-4e99-840f-0306e0e7e833", "value": "cb4df29e12f731c9a924623b7a2d5b56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859637", "to_ids": true, "type": "sha1", "uuid": "04630b37-132b-4354-a5d2-9da27c9157f8", "value": "e931cae0e9a1e5eb45f0bb13c9a1f99cbd630e2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859637", "to_ids": true, "type": "sha256", "uuid": "33210000-3fda-484e-acbd-91e36c1b2c95", "value": "e54aa15a5ca7857e7c031f41de1e0c2de0300c32c5908a72a62878ec90a31f0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801230", "to_ids": true, "type": "ssdeep", "uuid": "d55be863-a0e2-4dc5-8b1a-1a5127a6d309", "value": "24576:vwL2kfFySy609KkWRRNZq3QJAawINqJ6/4TYtczzsxxAqMQ+X1gy7Gf+smGrzJjC:vaAJVWRHJAarGG4YqgcRvlgr+sTJjcE6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801230", "to_ids": false, "type": "size-in-bytes", "uuid": "b44f69fb-33f9-4cad-91d0-38a4c942e48f", "value": "1715726" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801230", "to_ids": true, "type": "vhash", "uuid": "c4399219-e4df-4ff6-8b0f-d34db1a5b6ca", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801230", "to_ids": false, "type": "text", "uuid": "8268680a-187e-4340-bc32-2fcd0641eb2b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859638", "uuid": "6b0d8562-6dfc-479a-bd52-e8f9353f9e74", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859638", "to_ids": true, "type": "md5", "uuid": "fcff84ac-6926-432c-948b-fa9377eb500d", "value": "d1490941baa378717f2fb2b40c1972c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859638", "to_ids": true, "type": "sha1", "uuid": "c8bd851a-9937-44bd-96c2-9498113d77c7", "value": "ee6a2fd62a4af5d639235835e2076b7b873e8c79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859638", "to_ids": true, "type": "sha256", "uuid": "2f24ff27-7ef3-40bd-8526-f6c55b56cf06", "value": "8ccd6daec19581aa2ca4fccbbf1f680c6f99c046c5cb43df3558ec9587a449ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801251", "to_ids": true, "type": "ssdeep", "uuid": "ea438b5f-2b0b-4c57-9db7-108f0f8fadca", "value": "24576:NeSQaICSztIrQuQPwSNAdHwIrBZP+aYBR0F+sS:4ShSztIRQP6dHjZP+90F+sS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801251", "to_ids": false, "type": "size-in-bytes", "uuid": "7d82a441-074a-4d64-acdd-8de5cca1de8e", "value": "867930" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801251", "to_ids": true, "type": "vhash", "uuid": "3814066b-8d50-4aed-a6f1-0fe5c984b141", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801251", "to_ids": false, "type": "text", "uuid": "8bfa9dac-4440-4990-949c-9e26052ec0f6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859639", "uuid": "75c86c07-1086-4dff-b2fd-dc1db109b7e2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859639", "to_ids": true, "type": "md5", "uuid": "a5090629-5d5e-4b59-9a05-360b7ad8bfbb", "value": "ad570f72db3b34c61142613d4c470b66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859639", "to_ids": true, "type": "sha1", "uuid": "20b5a2ad-c9e7-4418-bc57-8bfad3b00d03", "value": "8d1444fb219b95d43682a97a19398e760e9ca1e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859639", "to_ids": true, "type": "sha256", "uuid": "122c17fa-94a3-4a3a-89bc-4d899fd302bb", "value": "687d6212246026bdd816e3f871d9d3cccbffd765952aa557230473d7f9fba740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801272", "to_ids": true, "type": "ssdeep", "uuid": "9e30be3d-8f8e-40dc-a25a-812869818896", "value": "24576:sEBRNZq3QJAawIT1cyRZmZQY4rRG/Y9X1IerO3WolPR8p+L:LBHJAa11cyRECMY9X1Ij3nE4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801272", "to_ids": false, "type": "size-in-bytes", "uuid": "566c23ac-c10a-4014-a83b-e5fec16a734f", "value": "1212078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801272", "to_ids": true, "type": "vhash", "uuid": "7e76c498-571f-4f7f-af3f-fae66cb1cd80", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801272", "to_ids": false, "type": "text", "uuid": "e49e3ed0-e795-4026-a940-d65a46a02791", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:34/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859640", "uuid": "1393d462-e709-4350-acd0-b06a9556fe2b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859640", "to_ids": true, "type": "md5", "uuid": "84d76c98-c2fb-4b0a-b2fd-da9983fb31d1", "value": "4abc82695e3a413d8a42b1cd92ceaeaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859640", "to_ids": true, "type": "sha1", "uuid": "7968b92f-1afe-434d-ad7b-b083e3d70384", "value": "d2bb4e76346ada3fccf97bc04c48fd4b5dc2e8db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859640", "to_ids": true, "type": "sha256", "uuid": "19efde3b-3e63-4bc7-97db-10e113a24040", "value": "353dcdcfe75b05fda472063f83b9e2e0dd935874cfcf820022b635f268dd8f3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801294", "to_ids": true, "type": "ssdeep", "uuid": "a66ba302-87b2-4c41-9b63-2f584f7115b0", "value": "12288:VNlE6g0zfmm/piaTzRY31Yt4ydqpT4S/cish5KHvSFaWvBntdvQiJDrk6h73U4:3NzawqmKpT4aciwIP6vBn7vQidxf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801294", "to_ids": false, "type": "size-in-bytes", "uuid": "673204e9-b86a-4d02-b131-85dfb9bfb02d", "value": "669606" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801294", "to_ids": true, "type": "vhash", "uuid": "1bd72d9b-7ec0-4c74-8054-4bb88488f847", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801294", "to_ids": false, "type": "text", "uuid": "61b98912-5013-4f04-8905-e96c845df1cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859642", "uuid": "6c456045-b368-44ae-8d49-d19b31ce37c9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859641", "to_ids": true, "type": "md5", "uuid": "9e06e5fc-f653-4db1-b0d8-4301c8bc5c5a", "value": "5322a24c41c3cdafed4e35c5dd31e76c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859641", "to_ids": true, "type": "sha1", "uuid": "e7dc8bb6-4da3-4c03-b6e8-61dad0394c3d", "value": "ea675f3e7f70157cc3b022c691a074ebf7e8ee37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859642", "to_ids": true, "type": "sha256", "uuid": "55e5cb92-d607-4a15-b8f4-f08ccd46eb9b", "value": "53935fa7c1d497368ab9493b05d0a4c65a93c759f2957076e87eeda2847aa79d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801315", "to_ids": true, "type": "ssdeep", "uuid": "b6f99358-f486-4842-b62a-89d7533cf257", "value": "12288:BEZblN2Ca1pBhJREtZ45ZPhLzGZ3ZcsM5K+MLwsW+gN7b9v3Fr6yJrbI:K7UpEb43PhLziZc7I+4gN794" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801315", "to_ids": false, "type": "size-in-bytes", "uuid": "9f6f2d2a-59cb-4cb0-853b-0105e9693a09", "value": "671183" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801315", "to_ids": true, "type": "vhash", "uuid": "c4c5153e-16cc-46a9-8689-238bd43deaa2", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801315", "to_ids": false, "type": "text", "uuid": "9d392ca8-9db1-4434-872a-e52a0c62fdaf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859643", "uuid": "6de978e2-9763-4f6a-b6b0-019df385bfe8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859642", "to_ids": true, "type": "md5", "uuid": "f2d1787b-ecb8-4585-adcf-269ae5fc1997", "value": "c578c110da0353022b74051c50ca55f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859643", "to_ids": true, "type": "sha1", "uuid": "6b6afee3-7f51-4d3c-987c-395d079cfa3b", "value": "7b39abe0cc0765ec21da6bff50d88453f6902ae0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859643", "to_ids": true, "type": "sha256", "uuid": "3174fd20-14d7-411f-91af-4beea77078f2", "value": "229732ed7490e222b5758722740d2ca924ea2643808848e3875434e9073cc29e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801336", "to_ids": true, "type": "ssdeep", "uuid": "95001cde-db50-4d73-baee-f463ac7db816", "value": "24576:pEBRNZq3QJAawI/1cyRZmZQY4rSG/Y9X1IerO3WolPR8p+z:WBHJAat1cyRECdY9X1Ij3nEQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801336", "to_ids": false, "type": "size-in-bytes", "uuid": "90ea1dd6-b611-4154-84cf-aef69292e6ba", "value": "1212078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801336", "to_ids": true, "type": "vhash", "uuid": "f99e2bd2-db07-4581-93fb-4fc129ca23fa", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801336", "to_ids": false, "type": "text", "uuid": "7ff8cce7-10e0-4693-b6c9-1593c4638804", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859644", "uuid": "b81db25f-24b7-44d2-b1db-4a8426b23823", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859644", "to_ids": true, "type": "md5", "uuid": "f04c02e5-4c52-4b6f-9d50-f5e56df43c37", "value": "cc1c70818815749a401ec490d23fe908", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859644", "to_ids": true, "type": "sha1", "uuid": "b3c3fb0e-08ad-4436-aeda-0d3d3bd6064d", "value": "2138f222c7e03f34d9cf24f0445880c473f196dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859644", "to_ids": true, "type": "sha256", "uuid": "cab193fc-b24a-4059-ace2-cd746a265d36", "value": "334b78a5cda6a78159010064a481f025a7912f09bb357c41af2610d8c6e43151", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801358", "to_ids": true, "type": "ssdeep", "uuid": "de6d269e-bb36-487d-9b04-d576f5e1ccbb", "value": "24576:8wL2kfFySy609KkWRRNZq3QJAawIqqJ6/4TYtczzsxxAqMQ+X1gy74f+smGrzJjk:8aAJVWRHJAaQGG4YqgcRvlgJ+sTJjcE8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801358", "to_ids": false, "type": "size-in-bytes", "uuid": "4e1bad75-3423-47c7-9206-d72ca277ab58", "value": "1715726" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801358", "to_ids": true, "type": "vhash", "uuid": "8d3efab5-9e26-4e34-a5f0-fbea7a72e522", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801358", "to_ids": false, "type": "text", "uuid": "c5eae11c-2716-4d02-86c3-a57c10a6ccf1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA01\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859645", "uuid": "57a70fa0-a202-4229-8d7b-70acbb67384c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859645", "to_ids": true, "type": "md5", "uuid": "76c8ad4a-1013-4829-bbde-4fb951a003f0", "value": "95be54da13c4d31a99599a75936f014b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859645", "to_ids": true, "type": "sha1", "uuid": "82fa9d06-1583-4c57-995b-e44d30cacf1f", "value": "458dd3f7b98fc934f0be4d622c3ed55f26cdf373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859645", "to_ids": true, "type": "sha256", "uuid": "dc42b7dd-0b19-438f-9186-eed185e6562d", "value": "30de626bc1692edbc60874fbc38216f2b8f73a6cce31705123eb5584394268ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801379", "to_ids": true, "type": "ssdeep", "uuid": "511842f7-b7ac-444a-afdf-e27925efc705", "value": "12288:oxkSQa8U2CSztIrQ/2EjPwSNuzdRsM5K8j3CTzogzPHnAwqThU26:oeSQaICSztIrQuQPwSNAdR7I8j3CXogt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801379", "to_ids": false, "type": "size-in-bytes", "uuid": "c2978a59-5a0d-4906-8ec6-191c51df87cd", "value": "663929" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801379", "to_ids": true, "type": "vhash", "uuid": "dc018573-b497-4666-9e96-e45ebd6b85c0", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801379", "to_ids": false, "type": "text", "uuid": "a009b841-a475-4489-914f-7b7767782fda", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859646", "uuid": "86636762-04bf-44dc-971f-09affe5c225d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859646", "to_ids": true, "type": "md5", "uuid": "e6ed3085-0db2-4820-83cb-1652a041c4d8", "value": "93c550a960e04a31fda79b6c6f59040d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859646", "to_ids": true, "type": "sha1", "uuid": "122bd923-a1ef-473c-901b-fbf924262655", "value": "978a92470c348e39fd026bc6a837f97b5836a732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859646", "to_ids": true, "type": "sha256", "uuid": "c72f33dd-43ba-41f8-9468-7f06a256747f", "value": "19c2d574a6d85a2110ab2606b469cad1d72918d17aa7227307698429f17ff0b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801400", "to_ids": true, "type": "ssdeep", "uuid": "657d5d43-1cea-475a-b837-70ddd9a3f77e", "value": "12288:bNZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5KotC0f0NBIYGHJ9A0NVNR2Y/:b/7UpEb43PhLziZ3wIj8YGHJ9A0Nf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801400", "to_ids": false, "type": "size-in-bytes", "uuid": "52c35339-11d6-4a28-878b-57984b666adf", "value": "875779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801400", "to_ids": true, "type": "vhash", "uuid": "fe3b1785-6d86-4ddb-a8e2-20831884e4ac", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801400", "to_ids": false, "type": "text", "uuid": "e7b80483-bb0a-424c-8f94-6db4d7be12bf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859647", "uuid": "d1abb480-3bbb-49bf-bdf7-9ac6244e8b1f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859647", "to_ids": true, "type": "md5", "uuid": "5cb5e555-e516-4607-a13c-d4d26b4b894b", "value": "3f6b6140dbb8c5d127e07a9f089b9149", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859647", "to_ids": true, "type": "sha1", "uuid": "dff6a379-1fcf-47b6-9e45-a9d8dc0e2f29", "value": "7ad9f960b711f4850c4899a8703b5ee32dba5838", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859647", "to_ids": true, "type": "sha256", "uuid": "d18dfd3d-a628-44ab-a047-5f3aa372b185", "value": "1c7db53a5ef4e28cfb86404530e248dc8903728764f970a2e346f4f10f78e21a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801422", "to_ids": true, "type": "ssdeep", "uuid": "e205a396-0a6e-42b7-9f68-f49395760040", "value": "24576:nEBRNZq3QJAawIq1cyRZmZQY4rwG/Y9X1IerO3WolPR8p+I:EBHJAa41cyRECvY9X1Ij3nEH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801422", "to_ids": false, "type": "size-in-bytes", "uuid": "2a82d23d-cd0a-4f27-b631-5995f552afa6", "value": "1212078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801422", "to_ids": true, "type": "vhash", "uuid": "5709c6dc-ef75-4a62-8920-e24ae3bf8269", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801422", "to_ids": false, "type": "text", "uuid": "2cb20579-83c9-463c-ba4a-85e87551b0d0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859649", "uuid": "14cb3577-fb09-4b2a-a8d1-fcf7a87e3da6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859648", "to_ids": true, "type": "md5", "uuid": "802b6baa-27e8-4d74-902d-c198c6a729f2", "value": "c5613751b4ee7bff281c5b340353460f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859648", "to_ids": true, "type": "sha1", "uuid": "857aa8e7-3ecc-4028-a8e3-4016f5d60e82", "value": "98e56742188c7425469876a3a1e588be66d1a826", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859649", "to_ids": true, "type": "sha256", "uuid": "0f89eb66-2ada-4de3-a110-3bb56a32542e", "value": "3ebf967fe6ebde9bbb69dde7a435031b8d201eb62ab6140e1c44e5c3949618d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801443", "to_ids": true, "type": "ssdeep", "uuid": "5a3b3904-fbd6-45f5-a384-7ea6006701c2", "value": "24576:cJEBRNZq3QJAawIm/+9rgCSLLau/ta/AEG/Y9X1IerO3WolPR8p+C:c2BHJAaRRS6KY9X1Ij3nEl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801443", "to_ids": false, "type": "size-in-bytes", "uuid": "abbfd269-6f60-4bae-8c21-10696a863064", "value": "1212048" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801443", "to_ids": true, "type": "vhash", "uuid": "eb4a023a-88da-4ed7-bab1-4ee9a1e0a411", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801443", "to_ids": false, "type": "text", "uuid": "9006a4a4-7623-498c-a74a-d7421438a0f5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:37/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859650", "uuid": "45c6d80c-20e7-4e7b-8dee-0a4e01c48b45", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859649", "to_ids": true, "type": "md5", "uuid": "1fe33bcc-ec44-45c1-9896-e9e842bdd380", "value": "a2da21b563238759be807ddf433cd57a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859650", "to_ids": true, "type": "sha1", "uuid": "cff8aa3f-2937-4bb9-92af-fec4740d3edb", "value": "b46058fdc99ac46b5b3191c3558391faa4f9dfe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859650", "to_ids": true, "type": "sha256", "uuid": "da6b558e-1277-4846-9b31-ad5e7a606e2b", "value": "6ea9258590a9aec7237b345a1af29d40e8e01b830aebdc9f8b238f7886103d14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801465", "to_ids": true, "type": "ssdeep", "uuid": "f8d6cd12-ae97-40d3-885f-107e891988ca", "value": "24576:GEBRNZq3QJAawI21cyRZmZQY4rjG/Y9X1IerO3WolPR8p+A:FBHJAa81cyRECSY9X1Ij3nEH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801465", "to_ids": false, "type": "size-in-bytes", "uuid": "bce797df-8690-4849-a78c-9ed0c107bd59", "value": "1212078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801465", "to_ids": true, "type": "vhash", "uuid": "fc59de51-1e05-4c1d-9ffe-4d50967f2c68", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801465", "to_ids": false, "type": "text", "uuid": "460adc57-0ed2-4609-92fb-eaf5e23629d7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:34/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859651", "uuid": "cdeda3b0-773d-4d7f-b521-31d056fa1f1d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859651", "to_ids": true, "type": "md5", "uuid": "3486b71a-eeb7-458e-9d05-7b5d76d14217", "value": "2ac0c11fd07eae0904e5f37df6f3f152", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859651", "to_ids": true, "type": "sha1", "uuid": "42081d2b-be44-4fec-8808-872932b80b4b", "value": "37617eeab96b49b775d9762bb191e816a749b5ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859651", "to_ids": true, "type": "sha256", "uuid": "5184539a-1230-4298-bf3a-d647597c4c12", "value": "7330168c5d37f56d3a49b9e44d06a633e8389ff3546a3c97ca682ce40e236120", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801486", "to_ids": true, "type": "ssdeep", "uuid": "515fc5b7-887f-4dd6-b1fb-1462109f4c35", "value": "24576:I7UpEb43PhLziZ3wI93oQ+JNMV6eR/IWD4+RZ:gr43titzP+kQetIcRZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801486", "to_ids": false, "type": "size-in-bytes", "uuid": "10007175-8996-4812-9f5e-7c21d14ef201", "value": "875738" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801486", "to_ids": true, "type": "vhash", "uuid": "edc5aa9e-fd6e-4a06-9a1f-c9c5e225f107", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801486", "to_ids": false, "type": "text", "uuid": "712d6a3e-1e82-4c2e-8670-49381f7afc99", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859652", "uuid": "7eeb769b-ecc9-4bce-90cf-060c6bc9537d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859652", "to_ids": true, "type": "md5", "uuid": "85326307-a91a-4ed9-a25b-7891b9c8826f", "value": "7fc9786621240aeda81f54ed602306ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859652", "to_ids": true, "type": "sha1", "uuid": "6f681406-0a0a-470d-ba4a-a5fd26795db5", "value": "b617398df31b46bb64bfdab5d2cc40e4847b5122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859652", "to_ids": true, "type": "sha256", "uuid": "f79a85ec-aa2a-402c-b625-3116f83768cb", "value": "b8856ac8ae4ecca47952c65d39d923c1124754b3ac0995487148560b92ac77ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801508", "to_ids": true, "type": "ssdeep", "uuid": "d4319068-fa00-47ea-a67f-16749b0ede6d", "value": "24576:pEL2uavqQhoE0Cop0fIrgM/CbAchTPDmpW7bH8h:pdhiB0RM0AcxDmpW38h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801508", "to_ids": false, "type": "size-in-bytes", "uuid": "003995b9-3e85-4d12-b3c1-9f28d7276499", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801508", "to_ids": true, "type": "vhash", "uuid": "2bb659a8-3044-46c2-b4b1-7966297c8bf3", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801508", "to_ids": false, "type": "text", "uuid": "92524f81-aa5c-4f60-add1-862168dc0754", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859653", "uuid": "8c26021d-b818-4887-8ba7-dd5b71dcd905", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859653", "to_ids": true, "type": "md5", "uuid": "bc151a67-1217-421a-8b29-e4c8ca57a01e", "value": "880db36faff3c00fee1e71acf776ba61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859653", "to_ids": true, "type": "sha1", "uuid": "d7b39fb9-65d3-433d-8c5b-fe70f614fdfa", "value": "bb10bc8c40ed9f355ab7de9b17aee1c7ea2433de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859653", "to_ids": true, "type": "sha256", "uuid": "63e8a6e4-9d19-4356-944c-eb103a4e0f18", "value": "c8797e4f59e94f3b50d03f854681818633d1344fb7c1ae8d9db64de48c661e14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801529", "to_ids": true, "type": "ssdeep", "uuid": "02208a55-aab2-4600-a926-1e521540d3d9", "value": "12288:XNlE6g0zfmm/piaTzRY31Yt4ydqpT4S/c3sM5KyvSFaWvBntdvQiJDrk6h73Jb:9NzawqmKpT4ac37I66vBn7vQidxt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801529", "to_ids": false, "type": "size-in-bytes", "uuid": "add7987e-0f68-4cbb-87b8-48b9e45d3342", "value": "669614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801529", "to_ids": true, "type": "vhash", "uuid": "0c2c6f42-5d6e-4f42-bafa-e299a2074a98", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801529", "to_ids": false, "type": "text", "uuid": "8b3958ad-ba4f-4964-bbac-63fbb0d14fce", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:37/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859654", "uuid": "4fb4339b-72ca-466f-aa0e-414f1092d5f2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859654", "to_ids": true, "type": "md5", "uuid": "74bbb5c4-b65e-494a-8892-fbdbb619a5f8", "value": "86b91f5da3e20980a8b6dae9790efdce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859654", "to_ids": true, "type": "sha1", "uuid": "840c0b8f-cb12-4588-a77d-f2e437a06ba0", "value": "54e9d977dc62d1e106c5e04ac1df1e20b5393b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859654", "to_ids": true, "type": "sha256", "uuid": "d379f809-2452-431b-91c4-08d27e09cceb", "value": "7c88ce953afa1ad3e27098a9816a203cd341d8b8a8503a368298891da3ab1c82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801550", "to_ids": true, "type": "ssdeep", "uuid": "2fd10827-6c72-4aa7-8755-4bd7ec679dd7", "value": "24576:n8HUpEb43PhLziZ/wIsiHk2VTiDv8XGoR:nor43titiiHk2VTqEX9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801550", "to_ids": false, "type": "size-in-bytes", "uuid": "cf38d37b-c23c-44f3-bd95-358d5fb38bbe", "value": "876965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801550", "to_ids": true, "type": "vhash", "uuid": "879cd073-49d0-46a1-9d90-7f445310c05a", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801550", "to_ids": false, "type": "text", "uuid": "af07d6b4-7c59-44ee-a220-885bd079bf78", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859655", "uuid": "a8b0d5ff-84e6-4518-aec3-a3e7194603f8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859655", "to_ids": true, "type": "md5", "uuid": "29ff9e5d-400d-480c-acac-385eaad2ba1e", "value": "7260c52d04efaf0d4ae49b68e6853ad6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859655", "to_ids": true, "type": "sha1", "uuid": "68b106aa-1450-43a3-bddd-61954bed4c93", "value": "1065031035687f6ae77b8ded183781f02b4cf086", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859655", "to_ids": true, "type": "sha256", "uuid": "c969e2c8-3dcf-4431-8982-07fa34155083", "value": "4da4b75678a0c6e3016f7574a63ffefa53c4f22fcc7efa1aa0c6252abff4404e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801572", "to_ids": true, "type": "ssdeep", "uuid": "d3ae09df-d877-4ed7-aa13-7ef6136cec23", "value": "12288:R7Zblp2Ca1pBhJREtZ45ZPhLzGZ3Z0sM5KqDr3APObwNU:THUpEb43PhLziZ07IYL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801572", "to_ids": false, "type": "size-in-bytes", "uuid": "4482e436-a62c-4e1f-bdbe-7a0eaf02655a", "value": "671672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801572", "to_ids": true, "type": "vhash", "uuid": "f7033bb8-4fe2-48aa-b1bd-0a95b9b45732", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801572", "to_ids": false, "type": "text", "uuid": "7e3bc410-cf00-4316-a6be-1b328d53bf20", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859657", "uuid": "4ac4c81c-4ee5-4b74-a51e-a942a2b3e1cc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859656", "to_ids": true, "type": "md5", "uuid": "15b06afc-53d1-4bd9-8d3e-2b7fe94183c9", "value": "be007b4c44bb47de2b280fc7aa355b5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859656", "to_ids": true, "type": "sha1", "uuid": "fe3887b7-9ef2-4cc7-8583-332d0a933fea", "value": "dfab785a05940c0177fef7220bddda612402e249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859657", "to_ids": true, "type": "sha256", "uuid": "3cba0ee4-042e-44ff-8de8-c53719951492", "value": "6a34421961a33dad387f604eaaecdd379cdd5a789b1edc1cd1241317f83fa2d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801593", "to_ids": true, "type": "ssdeep", "uuid": "3d7e2868-ac96-478c-bc2f-9c8cbb8f92d1", "value": "24576:SEL2uavqQhoE0Cop0fICgM/CbAchTPDmpW7bH8x:SdhiB0EM0AcxDmpW38x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801593", "to_ids": false, "type": "size-in-bytes", "uuid": "de25701e-1f8b-49be-89fc-9d33d30c5982", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801593", "to_ids": true, "type": "vhash", "uuid": "8b675705-ce27-4fed-95c5-1d95eaf0308a", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801593", "to_ids": false, "type": "text", "uuid": "6cebb0b6-0280-4324-8ba0-d43a6e39582f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859658", "uuid": "d5f94903-b122-496a-b4da-8cdfc7c406ee", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859657", "to_ids": true, "type": "md5", "uuid": "090101c1-bfe5-4020-98d7-625611dcd474", "value": "7061fbb860511a696832cbcf1fd3b18a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859658", "to_ids": true, "type": "sha1", "uuid": "d83ed9f5-9783-445e-8864-e24cde0699ee", "value": "1564d93d463d50ffabd090e82759595d9815ddfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859658", "to_ids": true, "type": "sha256", "uuid": "e909b983-5c79-491d-8a69-c5f63d8dacb1", "value": "53ec00e1b381eb988a8882a6add0c4a553631bc6e224d2c67cce460985488049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801614", "to_ids": true, "type": "ssdeep", "uuid": "b5e8d2de-9c65-45ec-b4ff-f52a36a51c8e", "value": "12288:+xZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5KnMLwsW+gN7b9v3Fr6yJri7:s7UpEb43PhLziZ3wIn4gN79u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801614", "to_ids": false, "type": "size-in-bytes", "uuid": "a61ef52b-d2f6-42a8-b07c-969b7fb15413", "value": "671173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801614", "to_ids": true, "type": "vhash", "uuid": "84c3a2ac-64c0-4235-9e93-9ccb268ee2b9", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801614", "to_ids": false, "type": "text", "uuid": "37d58866-fafe-4d09-9e24-dda89090d24b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859659", "uuid": "f57a1b68-6fec-4b42-9d59-57ee18c7d1ad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859659", "to_ids": true, "type": "md5", "uuid": "bb77d1dc-c6f0-44ce-91bb-e261c9eb6692", "value": "d2507f9c2024dfa2428859f8b1615c77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859659", "to_ids": true, "type": "sha1", "uuid": "1300bc93-cb9a-422b-888d-65b0a2c6793d", "value": "9617db2bb67bba700c7274d92a9181362b305ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859659", "to_ids": true, "type": "sha256", "uuid": "6e157e62-84c9-40dd-9cb9-49996ffff4db", "value": "3100b733b291b3ea8f168efa0dd99158be708dc5235ae89c4d2f90884b3d43e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801636", "to_ids": true, "type": "ssdeep", "uuid": "c9f03bf2-ada6-44ab-91c6-28195facd3fd", "value": "12288:RZbli2Ca1pBhJREtZ45ZPhLzGZ3ZFsM5K/rG/WAqJxKC9kgCouGR:z+UpEb43PhLziZF7Ia/WAGxHC0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801636", "to_ids": false, "type": "size-in-bytes", "uuid": "f0ff2a60-5871-4de8-a4ad-ab69c4dfe6a3", "value": "671904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801636", "to_ids": true, "type": "vhash", "uuid": "33d315e0-076f-4dc7-9de0-88faeda5b0f8", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801636", "to_ids": false, "type": "text", "uuid": "5540e4a1-2c00-4f66-89af-a0fd91ff6ddb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859660", "uuid": "180ab2c7-8858-4c6f-8d37-05420201e007", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859660", "to_ids": true, "type": "md5", "uuid": "42cb9f98-984a-4192-93f0-5eba01e160a9", "value": "59bb09c3696df485a6cf5aa4d77c4c8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859660", "to_ids": true, "type": "sha1", "uuid": "e1cb2a34-57e6-4fa2-b13e-6fe37a469c42", "value": "9516a3d24346b751d2886a8390bfe07f7a0dd01d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859660", "to_ids": true, "type": "sha256", "uuid": "806c12cd-2ff7-43d6-9625-5bae76463878", "value": "927bca1d87864fcdccfd3782426089ecdfc0374352c5f7bf2a7af0446fe899d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801658", "to_ids": true, "type": "ssdeep", "uuid": "c305977e-93fd-4eb5-8ad6-9052249b169b", "value": "24576:zTiShA5Eitf5kHGY7VFgcFC3ji52RF9+Hj/FXgR+XdCVcBlZWHLZt3LZ9KY:zTxhA5Eitf5kHGY7VFgcFC3ecL9AZXgv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801658", "to_ids": false, "type": "size-in-bytes", "uuid": "08126d64-d907-4383-b5fe-3470bcacc240", "value": "992386" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801658", "to_ids": true, "type": "vhash", "uuid": "7240c9e3-86e2-4a85-9f92-dcf5711931cb", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801658", "to_ids": false, "type": "text", "uuid": "b1167b16-7674-4ea2-8704-af8806939c13", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859661", "uuid": "aef4f7af-2aa3-4016-bd98-4b1af2dd7b97", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859661", "to_ids": true, "type": "md5", "uuid": "efd9ba75-a51c-48a9-bd93-1f57a0a21778", "value": "b78ff4891f0587fa3567d7b38f6d5f15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859661", "to_ids": true, "type": "sha1", "uuid": "5b921590-7a71-4762-af9b-cc64d651348c", "value": "7de36b546e0bfe3491d94cfcc2e3712fbeaea7ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859661", "to_ids": true, "type": "sha256", "uuid": "cddc3878-a4d8-40cf-b352-c83fe3dcc8d3", "value": "2425e56d79e1b9ed08c253ca63f68cdfb2743a1bcccb33d4a80df0c402afce4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801679", "to_ids": true, "type": "ssdeep", "uuid": "ab67cf16-17df-4afc-a6a0-947c3464bd69", "value": "24576:TEBRNZq3QJAawIK1cyRZmZQY4rUG/Y9X1IerO3WolPR8p+S:YBHJAaw1cyRECbY9X1Ij3nEH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801679", "to_ids": false, "type": "size-in-bytes", "uuid": "4a58de6a-072e-40c1-8ad1-59674c86006e", "value": "1189549" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801679", "to_ids": true, "type": "vhash", "uuid": "99b575f6-9b2d-4c13-a547-1900de2ddba3", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801679", "to_ids": false, "type": "text", "uuid": "66e00eec-59fd-46c6-8a3d-9b871e22cce9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:33/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859663", "uuid": "ea3aa6fa-c74a-4cd6-a2ac-d862f1331569", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859662", "to_ids": true, "type": "md5", "uuid": "8792bc4d-0377-4249-9929-0818785513a7", "value": "28c11f8c709903453b13d693bc178f4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859662", "to_ids": true, "type": "sha1", "uuid": "a6a31c87-c997-47da-94ed-0acd275c56ee", "value": "9df0eca28fbe43d9ff6395352f459a9d9d0f8fa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859663", "to_ids": true, "type": "sha256", "uuid": "a1318386-a012-4a19-b0b9-bf4e422ffe4e", "value": "18a2a70bca5a3adf85ac2a4218a797d9dc0dc40e6f909b4073d4aecf8085b154", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801700", "to_ids": true, "type": "ssdeep", "uuid": "491041c2-7491-4b09-a30e-29b9f5813427", "value": "24576:vEL2uavqQhoE0Cop0fIVgM/CbAchTPDmpW7bH8t:vdhiB0jM0AcxDmpW38t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801700", "to_ids": false, "type": "size-in-bytes", "uuid": "691c8477-d209-4150-8239-cabd42881b55", "value": "992082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801700", "to_ids": true, "type": "vhash", "uuid": "8208c8ba-1e16-428d-8e4f-33cfc5b4f0c5", "value": "98920121227d7b7634b12aa19ce409f9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801700", "to_ids": false, "type": "text", "uuid": "40d96029-a869-4bf6-ab03-d746e0fa3802", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859664", "uuid": "b41c050f-fc0e-4d54-a797-0b2156dc84bb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859663", "to_ids": true, "type": "md5", "uuid": "489ae587-280f-4634-bac1-411b93782137", "value": "b61207693a9a5ad8b44ee86267a9e3a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859664", "to_ids": true, "type": "sha1", "uuid": "2bf8f2c7-d1d9-45ec-ae42-74be3db175fc", "value": "9a3f104627a230b72aeba048e209db516df748dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859664", "to_ids": true, "type": "sha256", "uuid": "8f8f4b93-afe3-4958-bcc6-bf2ec11f856d", "value": "35f50d8b2d5683049ddced9a9a0c0db67b4f9b46e195e948fe80155188ff802c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801721", "to_ids": true, "type": "ssdeep", "uuid": "653618da-811c-4a52-910e-9b23603861e1", "value": "12288:yxZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5K5rG/WAqJxKC9kgCourU:Y7UpEb43PhLziZ3wIQ/WAGxHCW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801721", "to_ids": false, "type": "size-in-bytes", "uuid": "6ad5fe9f-5c76-4742-b85b-9e032387d133", "value": "671409" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801721", "to_ids": true, "type": "vhash", "uuid": "ebe1cb03-4384-4cc5-ae65-be63d0154ac7", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801721", "to_ids": false, "type": "text", "uuid": "a5ad49a0-4924-410a-83c2-abdf0a9ae1b3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859665", "uuid": "6e4e90a0-1958-460a-9a77-2f56667cb6a0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859664", "to_ids": true, "type": "md5", "uuid": "eaf4160f-1524-4456-86aa-ffb9961c049f", "value": "b2f5ae4497c31e57c98c5789ad6165fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859665", "to_ids": true, "type": "sha1", "uuid": "a1f7851e-9625-4c52-bdea-2a4cd206f2d3", "value": "e5c2428ec5ac7b9c8006f4e9ee8f16645d49463f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859665", "to_ids": true, "type": "sha256", "uuid": "a1f292ac-dd0c-45ad-ad36-64d949053a97", "value": "72d0236969967ff7c6bf6a1c3a3949b4af0170961af776a9072f45ff254bc14e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801743", "to_ids": true, "type": "ssdeep", "uuid": "e8168866-53f9-4e69-9ffe-8eeb64846c25", "value": "12288:/NlE6g0zfmm/piaTzRY31Yt4ydqpT4S/c3sM5KuvSFaWvBntdvQiJDrk6h73Jr:1NzawqmKpT4ac37IW6vBn7vQidxJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801743", "to_ids": false, "type": "size-in-bytes", "uuid": "581ecedf-1bf3-4b47-8e6b-a041d0572612", "value": "669614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801743", "to_ids": true, "type": "vhash", "uuid": "19a4b47b-db8d-4222-ac42-c540dc009422", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801743", "to_ids": true, "type": "filename", "uuid": "97ad9bd2-600e-4933-8a26-95c0f79ff757", "value": "72D0236969967FF7C6BF6A1C3A3949B4AF0170961AF776A9072F45FF254BC14E.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801743", "to_ids": false, "type": "text", "uuid": "4466eae0-f3cb-4816-9f2e-7a427b16a06a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:34/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859666", "uuid": "4ded6faf-0b68-4955-b0d2-e44fb60c25c4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859666", "to_ids": true, "type": "md5", "uuid": "9b5c4d5b-7734-41d2-a2cd-decae4fec2b3", "value": "227c58e45a85ff9b088bf99a6a657251", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859666", "to_ids": true, "type": "sha1", "uuid": "63f49598-44a2-46e4-b85f-31f5a5cbcb9a", "value": "d2ce5eef92513ae09d058e04bc5f4ec73088dcc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859666", "to_ids": true, "type": "sha256", "uuid": "42ae4ecf-6d00-4bd0-90be-1f7330edd988", "value": "45432c38f540f34ce1792de4139b6c30f5bc1565eb86f076d47ff3ece6fb937b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801764", "to_ids": true, "type": "ssdeep", "uuid": "70dca67f-fa1b-47f6-9a0d-96745168a94f", "value": "12288:TZblSkSQa8U2CSztIrQ/2EjPwSNuzdWsh5K0K+LXBsRd7sqy+9giPstjV:tvSQaICSztIrQuQPwSNAdWwIvWXesqyx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801764", "to_ids": false, "type": "size-in-bytes", "uuid": "bc6807d8-1a50-4abe-a508-174ee9eda40c", "value": "671559" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801764", "to_ids": true, "type": "vhash", "uuid": "524b3e87-68c9-4ce7-a4fb-4caf7f362cce", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801764", "to_ids": false, "type": "text", "uuid": "c99dfb58-6fe6-497e-bb9a-79f8aa350694", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:38/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859667", "uuid": "a184c98b-2e90-4e79-9635-0436a345b18e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859667", "to_ids": true, "type": "md5", "uuid": "6ea48e64-57ec-40a9-842f-4240027e037d", "value": "048e38cfdd0cc4bc67f8867bd2296409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859667", "to_ids": true, "type": "sha1", "uuid": "09654247-629c-4a47-be3f-a1e9709d580c", "value": "ad728e4149c3d14b41109e4307282426b980249c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859667", "to_ids": true, "type": "sha256", "uuid": "9d85a05d-4d0d-4230-8d27-d320baf646c9", "value": "24894c0e98ce31725215cb61053ad66f09d885d16bcd05edf6ea18a5735e1864", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801786", "to_ids": true, "type": "ssdeep", "uuid": "e9718820-505d-4273-9311-afb36b8abf49", "value": "12288:4EZblN2Ca1pBhJREtZ45ZPhLzGZ3ZcsM5KBtC0f0NBIYGHJ9A0NVNR21O:T7UpEb43PhLziZc7Io8YGHJ9A0NF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801786", "to_ids": false, "type": "size-in-bytes", "uuid": "fd702136-ecbf-4b34-9e81-8ddd09c55822", "value": "875764" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801786", "to_ids": true, "type": "vhash", "uuid": "bc618bf8-58df-4032-b690-96be43be8e9f", "value": "aac2fd2decbd53c5e6e6a7fed6767f91" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801786", "to_ids": false, "type": "text", "uuid": "9b36df61-b584-4e4d-a65f-d28d3963af7a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859668", "uuid": "40fc8666-fbda-4c9b-9def-20ea66a9f241", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859668", "to_ids": true, "type": "md5", "uuid": "fe101e84-65e7-414b-ab7b-6d1b4b37969f", "value": "46ee5de160484cea8758bd514af5f09f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859668", "to_ids": true, "type": "sha1", "uuid": "1422946e-3398-4afa-b3a4-9968b91ee0e2", "value": "dcc9af898ad14075cc6187812917c91639623ad7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859668", "to_ids": true, "type": "sha256", "uuid": "e555a3be-12d5-459a-8ff3-3d61b8d1c480", "value": "b2ef61705acdb2d9bc9fc0b15ec272d4a129ffecbdc7690a82afe4f5ded195f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801807", "to_ids": true, "type": "ssdeep", "uuid": "87588430-03a9-40e3-bc37-50a8b5a8156e", "value": "24576:SEL2UMjirRnUZ8JswIlsvh9EsRqbe+v9MpElndV2ygNlbcg1ZmsAt/25OQK0:S5MUisTsrEHbe+lMuldEygPQ+Zmd1o1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801807", "to_ids": false, "type": "size-in-bytes", "uuid": "ca142150-57b1-40cd-b1e1-36916e072f39", "value": "1337567" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801807", "to_ids": true, "type": "vhash", "uuid": "5374c126-fe26-4e6b-a112-f78400b0cfb3", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801807", "to_ids": false, "type": "text", "uuid": "02daa4e0-4a83-4fd5-b444-f2b1d7fa6e66", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859669", "uuid": "dc9d19b4-205c-4fac-b913-d6a564b7c9cb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859669", "to_ids": true, "type": "md5", "uuid": "631ba97b-afeb-427a-81af-038067938daa", "value": "6b11a483824b64ac8d1bb1a063c6eb7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859669", "to_ids": true, "type": "sha1", "uuid": "656cb410-5c69-4789-b051-9858cdb13c96", "value": "a3a7b44d2cd165578392959b71eba5341b3b7835", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859669", "to_ids": true, "type": "sha256", "uuid": "fd591eb4-c082-46ec-8852-788beaf85255", "value": "f6d55d7559e2226b8356c094b5361132b608603f773cf94921315d8a28b57704", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801828", "to_ids": true, "type": "ssdeep", "uuid": "663e5b91-b1b2-4b40-b1d5-6970b7a7f159", "value": "24576:uEL2agMSyilWVx/7FIhyp46QuBo37jiKn2Rm/ww9kqb:usoU/7eyatL3/wwBb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801828", "to_ids": false, "type": "size-in-bytes", "uuid": "23d3776d-51bc-4a61-a254-de9eca2a805b", "value": "1378471" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801828", "to_ids": true, "type": "vhash", "uuid": "88df071f-540c-4de0-8a54-1c213ae59620", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801828", "to_ids": false, "type": "text", "uuid": "6345273e-79f1-4c60-8146-fb1c1ee67159", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859671", "uuid": "19a36d6e-853b-4d87-9f16-ea54f48005f7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859670", "to_ids": true, "type": "md5", "uuid": "b6902693-a061-4d5a-b2a6-037ebb74973f", "value": "037016d0958d4e149850d5de4d2bf34b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859670", "to_ids": true, "type": "sha1", "uuid": "03ed135d-6583-4de3-924a-4eed99d8e98c", "value": "828ba08b033a73b291a1d1374626cc24435c7e39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859671", "to_ids": true, "type": "sha256", "uuid": "06c0d07b-23f3-4721-8df8-e4f992bde3d9", "value": "b4771e34eda19d3f1ed1bcc1b39ab2e367778f9e8fb783d55928b3c5d133536b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801850", "to_ids": true, "type": "ssdeep", "uuid": "d791db49-2b74-467a-b868-745e88f74e8d", "value": "98304:ss4Nah3KNKq7faERyEeZCGqnjTL8WCSGaLJrblwmqoDlj1XBdTnsfBO:Gm3cJ7CER5eAGqnzG41um5XsfBO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801850", "to_ids": false, "type": "size-in-bytes", "uuid": "c8efe42b-38b3-47ad-92cb-77526d5634ae", "value": "3931056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801850", "to_ids": true, "type": "vhash", "uuid": "a037477b-ffdf-4d08-b7ab-140d68b11ef0", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801850", "to_ids": false, "type": "text", "uuid": "c657266a-19b2-4209-94ea-75d35dca0be2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859672", "uuid": "7e3b0db4-cf24-4cb0-a73b-29962b926bba", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859671", "to_ids": true, "type": "md5", "uuid": "51232613-78c3-4259-b0bd-5423fc3cab36", "value": "83f1421e83970585fa9ada2b56445731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859672", "to_ids": true, "type": "sha1", "uuid": "28abf80a-7ef9-4bac-b139-c7665449e965", "value": "bb895ac7509556962de4485db940b90577d8dbb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859672", "to_ids": true, "type": "sha256", "uuid": "ffd4fdbc-c391-48ea-97f6-dbbbb15d2d8e", "value": "9db26cddedf34a2704f1a8f7bd3771beacf3e9966afbc396a98ad851cf70d7de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801871", "to_ids": true, "type": "ssdeep", "uuid": "743b665d-3cc3-4859-a570-3989d277f2a9", "value": "24576:HEL2uavqQhoE0Cop0fIGoskp/gcnvpIvIdJHVHaTC8pys:HdhiB01kpTmAdJHVHaTC8Ys" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801871", "to_ids": false, "type": "size-in-bytes", "uuid": "e322f6ba-88bd-480c-a20b-81ca00208137", "value": "1339656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801871", "to_ids": true, "type": "vhash", "uuid": "b6f7934a-c606-444d-8ca0-a7eb787f4c02", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801871", "to_ids": true, "type": "filename", "uuid": "d0966070-760c-4e9a-9254-b479a5f0b14e", "value": "83f1421e83970585fa9ada2b56445731.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801871", "to_ids": false, "type": "text", "uuid": "311c0638-4d2f-44a6-943e-1a3d9cb7c2df", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859673", "uuid": "5c7ef574-9ec5-4a8c-893c-cf971b9bea8e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859673", "to_ids": true, "type": "md5", "uuid": "a26e5557-3d34-4a8c-86a1-5b2736e28ccf", "value": "07fbd70289bafd0ec5548951d5bb6aa5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859673", "to_ids": true, "type": "sha1", "uuid": "5c121942-a403-4d27-a1c6-f6f056e999a6", "value": "36edfa97c178dfbf19f6e0dc3f7dffa32747d3d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859673", "to_ids": true, "type": "sha256", "uuid": "fe6b9915-8229-405f-a2aa-686a07472df0", "value": "92f1db05d5fa7c10b4b99ea490e3e37b9034fdf3ac51ab07bf9386a8af1ada07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801892", "to_ids": true, "type": "ssdeep", "uuid": "ee34a3e0-af25-48f0-b238-5c188c371e25", "value": "24576:BEL2uavqQhoE0Cop0fIjgM/CbAchTPDmpW7bH8qvIdJHVHaTC8pyK:BdhiB0JM0AcxDmpW38qAdJHVHaTC8YK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801892", "to_ids": false, "type": "size-in-bytes", "uuid": "ec40b709-1b5c-4c55-90d5-c22bda18601d", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801892", "to_ids": true, "type": "vhash", "uuid": "5c92838a-a194-4198-8c22-9b72399cfbed", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801892", "to_ids": true, "type": "filename", "uuid": "3771e164-806b-475b-9c9f-0b430c0eeb3a", "value": "07fbd70289bafd0ec5548951d5bb6aa5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801892", "to_ids": false, "type": "text", "uuid": "a07d6b1b-bf0f-4de7-b8a7-50a9f026ba6b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859674", "uuid": "25a26019-897d-4cd4-8fe4-48d64181e529", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859674", "to_ids": true, "type": "md5", "uuid": "2651dd67-d355-42fd-b27e-0e9cb2bf7d57", "value": "6f92a290125c195d3f528b815ff9df58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859674", "to_ids": true, "type": "sha1", "uuid": "0e1efdc5-9a2c-4ae8-8b54-f10c653f550d", "value": "c686cdc89c525264becc6adebff478e79ac106a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859674", "to_ids": true, "type": "sha256", "uuid": "937db22d-9777-4898-bf84-0f73633e618b", "value": "626a6fd23dcb189b6e5304dca4d615fcea75fe8c082b2d52812749a2b6068ca9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801914", "to_ids": true, "type": "ssdeep", "uuid": "773165b7-d6e4-4130-8e33-caf1ec68a177", "value": "12288:BhfJkSQa8U2CSztIrQ/2EjPwSNuzd0sM5KAj3CTzogzPHnAwqThU2Y:BMSQaICSztIrQuQPwSNAd07IAj3CXogZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801914", "to_ids": false, "type": "size-in-bytes", "uuid": "1b7a3b69-0bea-4378-8eac-588ab6a0a3cd", "value": "671230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801914", "to_ids": true, "type": "vhash", "uuid": "ef5d204e-8481-41bd-a97b-99dbf39b3d51", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801914", "to_ids": true, "type": "filename", "uuid": "d6911395-b84b-4c99-995e-212b186cdf46", "value": "6f92a290125c195d3f528b815ff9df58.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801914", "to_ids": false, "type": "text", "uuid": "f70d6339-ae9c-404e-8d54-5aadd2de2d29", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:37/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859675", "uuid": "af1ee6eb-3000-4622-88c1-7294d8d30915", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859675", "to_ids": true, "type": "md5", "uuid": "7cda1af1-785e-436a-aff3-d7bd0a5d8aca", "value": "28908b9ad2b380d8399e2858985366fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859675", "to_ids": true, "type": "sha1", "uuid": "2c3528ce-509a-4f93-b771-1e6b859d0039", "value": "b39914094b8aa08d6dbaa7d925b43db4edd92ebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859675", "to_ids": true, "type": "sha256", "uuid": "74d69822-b1ad-4aed-a25e-471cc35c89dd", "value": "6899991071707c8731470758a44cc2c8395f9012b6d677266f8b584d5632abd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801935", "to_ids": true, "type": "ssdeep", "uuid": "6b7abe64-0826-4989-905b-9e091b8bd246", "value": "24576:jEL2uavqQhoE0Cop0fIJgM/CbAchTPDmpW7bH8FvIdJHVHaTC8pyv:jdhiB0HM0AcxDmpW38FAdJHVHaTC8Yv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801935", "to_ids": false, "type": "size-in-bytes", "uuid": "1cfd6da8-3a29-4ebd-9853-7b13bffc9155", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801935", "to_ids": true, "type": "vhash", "uuid": "b1c6cfc2-aec4-4b13-a16d-490e4fd928c0", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801935", "to_ids": true, "type": "filename", "uuid": "8c874bfc-8b07-4969-b82c-5c0c7fb59066", "value": "28908b9ad2b380d8399e2858985366fe.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801935", "to_ids": false, "type": "text", "uuid": "3c78e5ef-040a-4dac-a78b-d5ea3e6c9c0a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859676", "uuid": "1b429325-1b21-402a-a90d-b47fcaa4afbe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859676", "to_ids": true, "type": "md5", "uuid": "116f0ebb-549d-4669-9faa-18241efc5395", "value": "ad2c019d85c0d194e38b5a8b6274114b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859676", "to_ids": true, "type": "sha1", "uuid": "3facfa1f-6036-4244-8c1a-ce80e5add1c2", "value": "262aa0c4c02508a93bd768c1b092f4de994e24f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859676", "to_ids": true, "type": "sha256", "uuid": "13ca81cd-c63a-461c-b558-e569948bfa2d", "value": "50aa32798e5e480fe7cc7ba974a8f47215d9656841cd34a612f3f863dc9567a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801956", "to_ids": true, "type": "ssdeep", "uuid": "c18beab4-fe54-4fa1-a1be-c99ccffae4f3", "value": "24576:IEL2uavqQhoE0CopjPIEiU7b54HMvIdJHVHaTC8pyK:IdhiBjBiU7b54sAdJHVHaTC8YK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801956", "to_ids": false, "type": "size-in-bytes", "uuid": "ecd6476f-c827-4335-9810-64d1a397be3c", "value": "1146512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801956", "to_ids": true, "type": "vhash", "uuid": "68056bb1-5c13-4f01-8672-f7d6d7196a70", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801956", "to_ids": true, "type": "filename", "uuid": "1ca93930-238d-4001-b820-167156ed3d8d", "value": "ad2c019d85c0d194e38b5a8b6274114b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801956", "to_ids": false, "type": "text", "uuid": "e7ea1491-0eb1-4fc8-9513-6bc79a3d2184", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859677", "uuid": "6913f962-5ac2-467e-99e0-6fae370eefdc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859677", "to_ids": true, "type": "md5", "uuid": "f66e684c-4bda-43b0-bdec-befba3379b91", "value": "0146d302e0ae9195a1206721d47070d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859677", "to_ids": true, "type": "sha1", "uuid": "feaad136-aa3f-4313-a9b3-4e4cad865e75", "value": "0404cbce95f67bb7c745f6d3d077e4eeafdef3b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859677", "to_ids": true, "type": "sha256", "uuid": "c140fdfc-f709-4d47-b636-15ef488f77be", "value": "3bbc086ac314951cafc06feaa0b32d75a3f3ec9da8829da79d459d6374ac8191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801977", "to_ids": true, "type": "ssdeep", "uuid": "51cd3be5-d9a9-4d1f-9c5d-29955b555659", "value": "24576:LEL2uavqQhoE0Cop0fI9gM/CbAchTPDmpW7bH8svIdJHVHaTC8pyw:LdhiB0bM0AcxDmpW38sAdJHVHaTC8Yw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801977", "to_ids": false, "type": "size-in-bytes", "uuid": "f660bf50-af9a-4530-84c6-6daf75dba06c", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801977", "to_ids": true, "type": "vhash", "uuid": "c39f368f-54bf-4af1-8358-c5d0f6f4f8cb", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801977", "to_ids": true, "type": "filename", "uuid": "e5335051-f505-4b97-b74c-7ed538327ef3", "value": "0146d302e0ae9195a1206721d47070d7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801977", "to_ids": false, "type": "text", "uuid": "20fabef4-c319-4e7e-b010-68d6f9697b00", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859679", "uuid": "a846196c-9ca9-4fd1-9872-578db92d7014", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859678", "to_ids": true, "type": "md5", "uuid": "11f530f1-ba06-4fe1-90ad-8ed41307f47c", "value": "67ed2e8dac354fb2ba0bf18604216374", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859678", "to_ids": true, "type": "sha1", "uuid": "c633ab2e-8376-4ce4-84f5-633e2c0d77cd", "value": "8e3a41c5617ee9fd10bd6004c0e95547e53568ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859679", "to_ids": true, "type": "sha256", "uuid": "bd134397-6764-42d7-b6e3-df385a6cf0d8", "value": "696b5f00c08e4639cf5c8ab4b29884223907daa5a2fdffa5a9ba055fc09c7350", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740801999", "to_ids": true, "type": "ssdeep", "uuid": "11508b16-3a79-4441-828d-245c3e064339", "value": "24576:bEL2uavqQhoE0Cop0fIZkbNAZlO4uIiCtn9Taf66Xx:bdhiB0CCKlO4Hiy5vk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740801999", "to_ids": false, "type": "size-in-bytes", "uuid": "354350ff-2947-49e0-9128-05395e6151f2", "value": "1340518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740801999", "to_ids": true, "type": "vhash", "uuid": "3c55950b-e6f8-4ba6-855a-8490d9af74d3", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740801999", "to_ids": true, "type": "filename", "uuid": "8d0dc6fe-9b5f-4147-a627-240b091a0816", "value": "21792a57-2428-4d3a-bad4-7faab873d401.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740801999", "to_ids": false, "type": "text", "uuid": "047ed6b8-7f66-4d71-a1c1-3d8da6c2a24b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859680", "uuid": "c9849e58-ff9d-4f79-b7a1-9f1c7411445c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859679", "to_ids": true, "type": "md5", "uuid": "d51e8faa-32f0-4c1e-9dad-e2e49e4d8117", "value": "80cda69eefc7baf0dc4fc097277ebb0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859680", "to_ids": true, "type": "sha1", "uuid": "1066eb21-86c2-43f0-9e50-ccd2426463f9", "value": "2a14663b00800d2abf454f3778ccab97dac8cf2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859680", "to_ids": true, "type": "sha256", "uuid": "5ace7333-abb8-44e7-b147-df2035096eee", "value": "55fac53f0e34685675101ee4658087b2a59146e5088d6479ab8d9c719450bf5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802020", "to_ids": true, "type": "ssdeep", "uuid": "c4a472d7-c9ca-4b00-9c1c-90e7b0dd396d", "value": "24576:7EL2uavqQhoE0Cop0fICkbNAZlO4uIihtn9Taf66WM:7dhiB0NCKlO4Hib5v8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802020", "to_ids": false, "type": "size-in-bytes", "uuid": "2bf7b8eb-a89e-4734-8d4e-8ed5372a34c9", "value": "1340967" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802020", "to_ids": true, "type": "vhash", "uuid": "7abb6ab5-0e49-4716-b6cb-b5ccf34bba3a", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802020", "to_ids": true, "type": "filename", "uuid": "f2f94fb7-1b3f-40b3-bf9c-6cd6b96568ce", "value": "8dba52c9-29ce-4bc1-9122-847651d29430.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802020", "to_ids": false, "type": "text", "uuid": "4417758e-1681-4aa5-a9f6-4445447694cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859681", "uuid": "9ea2f211-7290-4cd5-949b-993b61fc2d82", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859681", "to_ids": true, "type": "md5", "uuid": "538cd2b1-c285-429f-8a3f-87a37bf58cee", "value": "d555a3324f2a374837c7f83d6983c426", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859681", "to_ids": true, "type": "sha1", "uuid": "3a412b88-c57e-4b0b-860e-2702a5eaacf0", "value": "708c4836e36d87dc0a75aa22a8f2f495156c903b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859681", "to_ids": true, "type": "sha256", "uuid": "b75454b6-aed1-46d9-b0c9-812acd5be3c4", "value": "da499ad096bf97ef1dc28a78d3717fd1aa927587ea64b36d6395082d8f385678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802042", "to_ids": true, "type": "ssdeep", "uuid": "86d6eae0-444a-4d21-920a-70334adb38ae", "value": "24576:fwL2kfFySy609KkWRRNZq3QJAawIA0RnI/V1YIJxPtMXIYLzEpBLlOrELP93BwId:faAJVWRHJAatmYHYEzE/LlDB3BB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802042", "to_ids": false, "type": "size-in-bytes", "uuid": "49f450c7-1203-4285-bb8e-82efb970eff3", "value": "1717041" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802042", "to_ids": true, "type": "vhash", "uuid": "cfb62c83-14cb-4221-bd60-c9287cee3b0d", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802042", "to_ids": true, "type": "filename", "uuid": "f79e6189-68b5-4456-b2f4-d8af8f8b5ce7", "value": "dcff3a4a-2abe-40b2-a11f-b8fa0f5c7107.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802042", "to_ids": false, "type": "text", "uuid": "f551f145-43b7-4d4f-8c7d-0d2644b424fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859682", "uuid": "5a173123-314b-485c-9bab-10c485e43794", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859682", "to_ids": true, "type": "md5", "uuid": "6d3395ed-71ec-4146-88ae-697d47c817ad", "value": "7cf8bca0fd594da65b4240e95a7a7e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859682", "to_ids": true, "type": "sha1", "uuid": "397d8f45-8a9b-4c9a-9eb3-78be76ee4411", "value": "1f13a4316370d7172bbe6a9c744e32f13564336c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859682", "to_ids": true, "type": "sha256", "uuid": "68e06627-75e1-47b3-920f-6deed80e9ad9", "value": "cc41ccba677718384d170a6f00493c0665eb00fb9f7f39900fe700c0db00326b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802063", "to_ids": true, "type": "ssdeep", "uuid": "571b549e-9dfb-4b7c-ba03-369e18c8aec0", "value": "12288:twGXbSophOalMZSSnQJccBS7tKdXPstLfLRYKMQLYx2VuPL8HV:tRNZq3QJAWoLfLRYBZ2Vw81" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802063", "to_ids": false, "type": "size-in-bytes", "uuid": "8cc74b88-b35b-4e4e-a421-7e54078d3fc7", "value": "689973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802063", "to_ids": true, "type": "vhash", "uuid": "c826fa72-cf9b-4900-8dc9-f8e08fe562f7", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802063", "to_ids": true, "type": "filename", "uuid": "191e32ee-e7e4-4b2f-a8cd-b90ca3a938c0", "value": "7cf8bca0fd594da65b4240e95a7a7e30.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802063", "to_ids": false, "type": "text", "uuid": "ee2aa1a7-918c-433a-9008-b863212e4ae8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859683", "uuid": "465f3c76-f135-444f-9b36-138af75289ba", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859683", "to_ids": true, "type": "md5", "uuid": "6077f896-e8dc-432e-bf39-790bb514dd62", "value": "fbfb212e7cd97558fde2ede4469aa9be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859683", "to_ids": true, "type": "sha1", "uuid": "515b6fd9-b7dc-4e7c-9914-84502f6192aa", "value": "fbe9b1cbaaf66f8e225f9b974b30b0351dcb1e6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859683", "to_ids": true, "type": "sha256", "uuid": "a6876c7e-b0fe-464e-b6b4-c2cb75b663b3", "value": "b34b2f022d2bcd0c0b8da77814354b9b067fe92eff0f5f6eb615e8708ee7a860", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802084", "to_ids": true, "type": "ssdeep", "uuid": "f36d04c3-5b05-4339-aef3-a83df4fb3772", "value": "12288:g0wGXbSophOalMZSSnQJccBS7tKdXbsv8SmWtJlwDX74gzyFK2SRaEB71SAexvLC:ZRNZq3QJAOFilwDXZzKK2OaYJSvxTCF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802084", "to_ids": false, "type": "size-in-bytes", "uuid": "62dd626e-0c33-4b14-9b97-2a042b4e49f6", "value": "689964" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802084", "to_ids": true, "type": "vhash", "uuid": "3c8d51f9-f075-49c2-a463-9b42b1501d3a", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802084", "to_ids": true, "type": "filename", "uuid": "65807fb9-e3a6-47f3-942a-e93ff5b39e80", "value": "fbfb212e7cd97558fde2ede4469aa9be.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802084", "to_ids": false, "type": "text", "uuid": "3dcfb55e-b00d-4c32-9fd9-afcf6279eb0c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859685", "uuid": "238265e2-fc18-420a-9e81-3cffe794fe99", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859684", "to_ids": true, "type": "md5", "uuid": "7548aa8b-0ad0-4df2-afae-2f3c6489ed3c", "value": "982ca2d9e3cdf6a39152f95105ac0008", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859685", "to_ids": true, "type": "sha1", "uuid": "754aef4c-eec9-4b50-907d-83aea33ce9fd", "value": "d39ef8c71f48c503d8d5232bc3231d592f0d8ac7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859685", "to_ids": true, "type": "sha256", "uuid": "d5b1fc86-9b8d-4846-924f-fea51763640f", "value": "6dfb972db61c7e698d6d21abd259f4dca180c1ae05390c3b849e2bb2f8504b59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802105", "to_ids": true, "type": "ssdeep", "uuid": "b87433c4-6690-47be-858d-26defaf96217", "value": "24576:FEL2ZaDgISYFcZiBMfIIhMmpTKihBbQ4n0dFqyeYAb4039ps4Q8yEP:FokarMZhMkTvvQM0ii6tyEP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802105", "to_ids": false, "type": "size-in-bytes", "uuid": "9a69bc69-d0a9-476c-ba45-46d963a8dc30", "value": "1339607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802105", "to_ids": true, "type": "vhash", "uuid": "70dead8c-6b9a-43c5-a3aa-4e74bceb859b", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802105", "to_ids": true, "type": "filename", "uuid": "589bbab1-3d56-4273-a745-ecaf1338a0ee", "value": "982ca2d9e3cdf6a39152f95105ac0008.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802105", "to_ids": false, "type": "text", "uuid": "658cb8f8-3122-46d4-91bf-1c5786530fdd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859686", "uuid": "dea4c84e-8e65-4926-9668-44521bcdc5c5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859686", "to_ids": true, "type": "md5", "uuid": "8cf2c69d-d84f-4ac5-ad03-8a9d9dc458ef", "value": "e1a87a44792739313862b67ae369dab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859686", "to_ids": true, "type": "sha1", "uuid": "5899acc6-efa1-444d-bfd7-5ca3d7dc032a", "value": "e20130e98240514922f37594f0b533e58c5620a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859686", "to_ids": true, "type": "sha256", "uuid": "452e9e23-bd79-4351-a93b-6be6ebc58774", "value": "76c606b073419904ef9c808f7e6c1627388efd440a58c6ede5d358048d9366fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802127", "to_ids": true, "type": "ssdeep", "uuid": "6ad00b25-8bc5-4f71-9649-d5b89eb91396", "value": "12288:OgwGXbSophOalMZSSnQJccBS7tKdX+sBxUcKaErJQR0eybYH71pk0xZNxOkLk:LRNZq3QJALMOcKlqR0et71W6DxOYk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802127", "to_ids": false, "type": "size-in-bytes", "uuid": "a12eb1e5-963e-442f-aa27-d998f718eaa9", "value": "689571" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802127", "to_ids": true, "type": "vhash", "uuid": "e21cdb42-0a95-4567-80a5-235155a88372", "value": "43df5a3b96ab9a60861f3f288204ab9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802127", "to_ids": true, "type": "filename", "uuid": "d2dc6427-d6c8-4a0b-8a7e-bb4e132bfca2", "value": "e1a87a44792739313862b67ae369dab7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802127", "to_ids": false, "type": "text", "uuid": "f05ce69c-5c2d-406e-aaad-f2045306cb95", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859687", "uuid": "466dcaf2-a637-4a7f-9623-5cb0f95eb123", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859687", "to_ids": true, "type": "md5", "uuid": "8d264292-82ca-4da4-8ada-c5e53d928b17", "value": "41d08bb26a75c85bd4ebd23a30aad89d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859687", "to_ids": true, "type": "sha1", "uuid": "31e5176e-3a6e-4395-9642-0856cf4c94b0", "value": "704026ec2fe31e43241f77c9c20f9a8af7722a76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859687", "to_ids": true, "type": "sha256", "uuid": "e062fa93-3afd-4366-a5c7-0dc5b7ea5fde", "value": "e89d3b7f0fc3b38c25ec3d5ad235d4a87b2dbb99bfb481693d86d06e4e9d55a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802148", "to_ids": true, "type": "ssdeep", "uuid": "f483632d-da0c-4234-9418-4df1dafc294e", "value": "24576:WEL2ZaDgISYFcZiBMfIjhMmpTKihBbQ4n0dFqyeYAb4039ps4Q8yEl:WokarM6hMkTvvQM0ii6tyEl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802148", "to_ids": false, "type": "size-in-bytes", "uuid": "3fef771f-5b36-4ea8-a71c-55fe8711a88b", "value": "1339607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802148", "to_ids": true, "type": "vhash", "uuid": "7b86ab6f-4098-4c04-bdae-e6f4e279c182", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802148", "to_ids": true, "type": "filename", "uuid": "f06bdfac-f1aa-4404-b66c-59d304adb06f", "value": "41d08bb26a75c85bd4ebd23a30aad89d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802148", "to_ids": false, "type": "text", "uuid": "0efa7009-e6b6-4864-a12e-5904ad8b6ba5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859688", "uuid": "5e07641f-164e-445f-9f7b-3228bedba483", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859688", "to_ids": true, "type": "md5", "uuid": "5c53cac5-2ebb-4298-9362-d84b5a9d23e2", "value": "e2556a5ddb4f3540f17dc67de4b7856f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859688", "to_ids": true, "type": "sha1", "uuid": "e910275b-15c9-4c75-b9bd-7c3e2f8ec601", "value": "17d2e5493ef7b0a589c7d26cd60d8ac519fe7d5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859688", "to_ids": true, "type": "sha256", "uuid": "2fb1ca0e-5961-472f-a7e2-7a80c6121ed3", "value": "eb1fcde0e5ff932f216390f625dbf044b555f10e2922dc865f55b6dc7fb6c362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802169", "to_ids": true, "type": "ssdeep", "uuid": "fc4a0bee-7346-4bcb-b573-4a690b861816", "value": "12288:cwGXbSophOalMZSSnQJccBS7tKdXBsbLfLRYKMQLYx2VuILe8S:cRNZq3QJAU6LfLRYBZ2V7eF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802169", "to_ids": false, "type": "size-in-bytes", "uuid": "abe56aba-7d71-40a3-9f53-59253f1602eb", "value": "689973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802169", "to_ids": true, "type": "vhash", "uuid": "1c1d9971-49fc-4667-9b87-d8f4cd19bea3", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802169", "to_ids": true, "type": "filename", "uuid": "18346107-4df3-4d80-900e-319298034090", "value": "e2556a5ddb4f3540f17dc67de4b7856f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802169", "to_ids": false, "type": "text", "uuid": "5a07c04f-7cde-43b1-be55-2405cca9d276", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859689", "uuid": "724dd500-c5d0-4f70-830b-cce4771d8224", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859689", "to_ids": true, "type": "md5", "uuid": "a17b6968-dccf-4370-89c4-8c7b05f03462", "value": "03cd693f0c4c0cd46f7886e16c2682dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859689", "to_ids": true, "type": "sha1", "uuid": "9c525fe4-1017-4bb3-a6be-63d942cf51eb", "value": "a19371fd36bce8b5b78ec385f1dc2f15a50043ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859689", "to_ids": true, "type": "sha256", "uuid": "f3c37deb-50fc-4681-bee0-725ccce79d7e", "value": "eb3c72b81263ee0dbfe4c265f4a03dade44ea1b779cb22fd174627ac8069edcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802191", "to_ids": true, "type": "ssdeep", "uuid": "04f5bb3e-0886-4fe3-bd20-00a8da6559d1", "value": "12288:4wGXbSophOalMZSSnQJccBS7tKdXHsFLfLRYKMQLYx2Vu7Lsfe:4RNZq3QJAOwLfLRYBZ2VEsm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802191", "to_ids": false, "type": "size-in-bytes", "uuid": "c08b6dab-76b5-40b7-8979-3b422c4d0df9", "value": "689653" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802191", "to_ids": true, "type": "vhash", "uuid": "26cae3d1-ab8e-4e14-a021-9fb9f66fd110", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802191", "to_ids": true, "type": "filename", "uuid": "62539197-4a4c-48f3-8fa3-2eab915db006", "value": "03cd693f0c4c0cd46f7886e16c2682dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802191", "to_ids": false, "type": "text", "uuid": "a201ef22-77f4-4acc-8925-db8e0a7513b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859690", "uuid": "4136970d-a663-4eb4-a182-7c234c29da37", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859690", "to_ids": true, "type": "md5", "uuid": "911ad739-6925-45c1-95bb-922822af3a17", "value": "2ed1b90b89c232b7a3188c5da405d678", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859690", "to_ids": true, "type": "sha1", "uuid": "78c4eb72-45ff-4145-b35b-dbb49b71911a", "value": "3bfa6925f88b4e1400a00556ce45c1eace95d72d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859690", "to_ids": true, "type": "sha256", "uuid": "3748588c-bb67-451d-a24f-60fb6d94ed8d", "value": "754ee1910be1318d599a1b66d53047ac7ebc5470f283b0fd4331faf6fdeed74d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802212", "to_ids": true, "type": "ssdeep", "uuid": "44e924fb-a86f-45be-aa60-56cacc072cc8", "value": "12288:EGwGXbSophOalMZSSnQJccBS7tKdXbsR8SmWtJlwDX74gzyFK2SRaEB71SAexwLn:nRNZq3QJACrilwDXZzKK2OaYJSvxU4q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802212", "to_ids": false, "type": "size-in-bytes", "uuid": "d4643bbf-99b1-4d69-9849-d42c5bdb0fb0", "value": "689964" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802212", "to_ids": true, "type": "vhash", "uuid": "2473e166-df9b-4f46-862b-fef0e880c079", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802212", "to_ids": true, "type": "filename", "uuid": "8f8a501e-0d76-47ea-ac77-7c55391fff66", "value": "2ed1b90b89c232b7a3188c5da405d678.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802212", "to_ids": false, "type": "text", "uuid": "7dd51978-d7a5-4806-9c0d-e29c6962dd0e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859692", "uuid": "46132e91-584c-4ea7-aa61-add933335a1b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859691", "to_ids": true, "type": "md5", "uuid": "6ca3095f-f56f-4f11-976b-9273b931ac63", "value": "79d6d6257203ae98fc0b0bf7ac28ab9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859691", "to_ids": true, "type": "sha1", "uuid": "e3d1a2d2-34e9-44e9-ab85-97ad0d631cb4", "value": "14f2d0d869c70875528dd0390006a811767e10d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859692", "to_ids": true, "type": "sha256", "uuid": "da3ae77b-9309-4d3e-9736-819cec8ae260", "value": "a546b5620a3a227310843b2dd6f4b0debf376bdf4b703bb4642e974c30db6e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802234", "to_ids": true, "type": "ssdeep", "uuid": "cae2efb9-e217-4067-bb0f-03cc2d4dd474", "value": "12288:qwGXbSophOalMZSSnQJccBS7tKdX+sBxUcKaErJQR0eybYH71pk0xZNxOkLD:qRNZq3QJALMOcKlqR0et71W6DxOYD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802234", "to_ids": false, "type": "size-in-bytes", "uuid": "cad86a13-bf5d-4247-9cbd-abf81cea9cff", "value": "689887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802234", "to_ids": true, "type": "vhash", "uuid": "68e45723-0c06-45bc-895b-7ecf65885852", "value": "43df5a3b96ab9a60861f3f288204ab9e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802234", "to_ids": true, "type": "filename", "uuid": "87f3fdf4-1bfc-48bf-b9a9-b5dd52f0ada8", "value": "79d6d6257203ae98fc0b0bf7ac28ab9a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802234", "to_ids": false, "type": "text", "uuid": "8c59318b-62c4-4b5f-94ac-1d8b046dab30", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859693", "uuid": "e9c1011d-2a89-4a20-8e99-943cd9abbba2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859692", "to_ids": true, "type": "md5", "uuid": "5e79eb32-cd9e-4ff3-99b2-1642bfcc3e1f", "value": "b56f72297958017958a0435d237035f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859693", "to_ids": true, "type": "sha1", "uuid": "77790bb7-ff8c-4742-a8ac-85cec35cc07a", "value": "fdae5711b48e9e85408c870caea29065821ea444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859693", "to_ids": true, "type": "sha256", "uuid": "75bf733a-da27-4681-9765-55c1ee94ccde", "value": "50645d71727c6b36c9f14115d35cf1ba6b12089d9b4583b44ff17531dd377d72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802255", "to_ids": true, "type": "ssdeep", "uuid": "ec8f3491-08e6-4e0d-a733-6a9df275906b", "value": "24576:YEL2uavqQhoE0Cop0fIRoskp/gcnvpIvIdJHVHaTC8pyO:YdhiB08kpTmAdJHVHaTC8YO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802255", "to_ids": false, "type": "size-in-bytes", "uuid": "88f081e1-76f8-46c4-ab02-c8c535135f0b", "value": "1339656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802255", "to_ids": true, "type": "vhash", "uuid": "cb9ef8f5-5856-4514-bd1f-2b0cf1707155", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802255", "to_ids": true, "type": "filename", "uuid": "212f4900-b892-4767-b134-115f63e9d047", "value": "b56f72297958017958a0435d237035f9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802255", "to_ids": false, "type": "text", "uuid": "37925548-4293-4fc8-b96a-2d0362354656", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859694", "uuid": "f9038c14-f1a9-4d24-8cb2-301e52a84207", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859694", "to_ids": true, "type": "md5", "uuid": "70f8c9b3-8ad2-4347-9907-5bed8e47ccaa", "value": "e32c73041f7b961970cf27d61fcc02c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859694", "to_ids": true, "type": "sha1", "uuid": "f384399b-9e41-4b51-a7f1-959c9e6a48cb", "value": "d11f0ba31c1edd0d219a4f446c741d0d79248cf8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859694", "to_ids": true, "type": "sha256", "uuid": "c6231510-adf8-478a-9fef-4103fe9e2980", "value": "e55d35043fa9f3ae00c88409de8244f441d85231097137a9d36c285f493bd46f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802276", "to_ids": true, "type": "ssdeep", "uuid": "f9cb281b-c1c7-4896-8842-702c51e3f104", "value": "24576:vEL2ZaDgISYFcZiBMfI0hMmpTKihBbQ4n0dFqyeYjb4039ps4Q8yEm:vokarMZhMkTvvQM0iV6tyEm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802276", "to_ids": false, "type": "size-in-bytes", "uuid": "5f68f8a2-ff8c-437a-aacc-4d632617927d", "value": "1339600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802276", "to_ids": true, "type": "vhash", "uuid": "cbaf3bdd-83ec-4ad9-9093-c9a4265e77f1", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802276", "to_ids": true, "type": "filename", "uuid": "efd8372f-01fa-46c7-8aa2-613ad3f69bdc", "value": "e32c73041f7b961970cf27d61fcc02c1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802276", "to_ids": false, "type": "text", "uuid": "71e3ca4f-6aac-445c-9ee9-01c459cbf7a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859695", "uuid": "ecd64525-73f7-4413-81b4-12f4611195a9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859695", "to_ids": true, "type": "md5", "uuid": "3063d4eb-ae02-40d3-9b48-4c9e7a682a42", "value": "7e65a55bc8c9d0caaa842c812b487181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859695", "to_ids": true, "type": "sha1", "uuid": "9c09f119-b285-452d-a924-52d260776d22", "value": "29dd34a517e3442c07f1fd76b2bca184d11fab51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859695", "to_ids": true, "type": "sha256", "uuid": "fde3faeb-31e4-4190-9179-9016cc57ebe5", "value": "6a4bddd9850d0a148a2ecc1dcd566e3ed35be299dd479e384a7eb2d95b4e3a43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802298", "to_ids": true, "type": "ssdeep", "uuid": "bd13d06d-eff0-409e-b22e-2de7ef3c5640", "value": "24576:poEL2ZaDgISYFcZiBMfIRiU7b54Hsb4039ps4Q8yEV:qokarM6iU7b5436tyEV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802298", "to_ids": false, "type": "size-in-bytes", "uuid": "603f3107-0133-410b-ae27-9656d107124a", "value": "1146464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802298", "to_ids": true, "type": "vhash", "uuid": "99e32178-423a-499c-bbfc-aa4231ddfd06", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802298", "to_ids": true, "type": "filename", "uuid": "436c637d-5e4c-46db-8251-8d00b8840847", "value": "7e65a55bc8c9d0caaa842c812b487181.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802298", "to_ids": false, "type": "text", "uuid": "19ef7b7a-899a-4439-a613-cb20941d9ed5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:36/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859696", "uuid": "f7659ce4-4ddd-433e-8961-3abe08894469", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859696", "to_ids": true, "type": "md5", "uuid": "d4600614-46f2-4b68-a0b0-218167c778bd", "value": "7a10a47a59391eb15925a563fd309ceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859696", "to_ids": true, "type": "sha1", "uuid": "326af273-22fd-4afd-8ae8-c8847edd7245", "value": "e6607b642c58c3e065a3a0aea697640f5e76b26d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859696", "to_ids": true, "type": "sha256", "uuid": "5ced8596-c5ce-4aac-92df-c4574b5f409b", "value": "c5f33a039b000f958025f91344aa5311ad24eaf536f74caa408ddf70bdd58dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802319", "to_ids": true, "type": "ssdeep", "uuid": "a68ccfac-bab6-4968-8c0b-b474ecc0f91c", "value": "24576:9RNZq3QJAawIhE8MNzugmkfpBH/vxxWGkrH3WSUa5fhrZ:9HJAavMqUfrfvxxuGVaLrZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802319", "to_ids": false, "type": "size-in-bytes", "uuid": "9e40f475-d591-4c91-afb4-6da24ef2bae0", "value": "1202190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802319", "to_ids": true, "type": "vhash", "uuid": "a9ad3e34-5e64-4930-bd66-7ea056598783", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802319", "to_ids": true, "type": "filename", "uuid": "18a5fdd5-7556-412e-95de-cd53963f655c", "value": "7a10a47a59391eb15925a563fd309ceb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802319", "to_ids": false, "type": "text", "uuid": "dc8c3f84-aa03-4b47-a5a9-b6f542178510", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859697", "uuid": "a9311354-b660-43cf-9bed-fc644d5c81db", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859697", "to_ids": true, "type": "md5", "uuid": "55ee6250-bc55-4e61-ba63-79efabf99a68", "value": "2bc53f3c3b433227a3a8d9d8c784ff8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859697", "to_ids": true, "type": "sha1", "uuid": "12e89809-ce0d-4399-892c-9548247aef35", "value": "2fec337501cb19cd6b52ef2098a26c5026996b04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859697", "to_ids": true, "type": "sha256", "uuid": "34d7b7b6-e240-4d3d-88f1-f9168c1c27e3", "value": "5b3bf0ceadb7da473d0c59ac6f85103503863f4c633afc2edc9a98dc2b5b0e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802341", "to_ids": true, "type": "ssdeep", "uuid": "770e7a9f-047a-4773-a783-a2dc5ae7f477", "value": "24576:ynEL2ZaDgISYFcZiBLPI9iU7b54HJb4039ps4Q8yEj:SokarL4iU7b54a6tyEj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802341", "to_ids": false, "type": "size-in-bytes", "uuid": "82055c93-2b9f-48e7-9757-31ba35f8ea30", "value": "1146475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802341", "to_ids": true, "type": "vhash", "uuid": "8a1babc7-7bc7-47d8-ab36-50dae748addf", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802341", "to_ids": true, "type": "filename", "uuid": "fb4ede7d-42da-45dd-a903-8a13f291c847", "value": "2bc53f3c3b433227a3a8d9d8c784ff8e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802341", "to_ids": false, "type": "text", "uuid": "04e89910-b773-4f82-8c65-d6e834d272fb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:35/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859699", "uuid": "6ba22b0f-fbae-4cd6-8ae8-02db33234dea", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859698", "to_ids": true, "type": "md5", "uuid": "0a8cd7b8-446d-4de8-868f-34355c1d1421", "value": "dc5a7cec9011c297707735d92a26138d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859698", "to_ids": true, "type": "sha1", "uuid": "252d6c2f-9b33-42ef-b97a-8a23d98fbb47", "value": "002d1ff08c8a058cf65eee591d33ed96c3e03881", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859699", "to_ids": true, "type": "sha256", "uuid": "39a5a538-c86f-47ff-998f-803a8a540103", "value": "ba3e2bd5e2e72e4ae138a0adc322fe0d32fd90b7f68f5e028d4b62643377bbd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802362", "to_ids": true, "type": "ssdeep", "uuid": "9d22215c-5698-4b74-9c9c-1656431845f6", "value": "6144:5VipmiOd2y4rqh9aXpcoHffkM4/t9uyTNhU5mZUZIt:5ViAiG2y4rIMGsffkMmgwUZIt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802362", "to_ids": false, "type": "size-in-bytes", "uuid": "a10c5d17-acdf-4a69-8337-461b94989783", "value": "247963" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802362", "to_ids": true, "type": "vhash", "uuid": "60134d51-5a2f-4949-9843-ad34dab09aa8", "value": "c97782211174267e1e34cbe7a8593804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802362", "to_ids": true, "type": "filename", "uuid": "f46112f1-8625-4dd6-92c4-77b323e5dd23", "value": "dc5a7cec9011c297707735d92a26138d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802363", "to_ids": false, "type": "text", "uuid": "418d36a0-0682-40e0-a3ac-bdf8f5007778", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859700", "uuid": "1996ddf3-0f33-4593-8ee6-c02f4a876851", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859699", "to_ids": true, "type": "md5", "uuid": "97bfdf00-19f9-4534-b208-aec50d9d9d42", "value": "08b73948e6eae1bc0ea08561fa800362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859700", "to_ids": true, "type": "sha1", "uuid": "e041332a-8f3a-4218-8bba-83dc38edc6b7", "value": "362d6ac2c498875f83b54c83ac0fb7d6a805b118", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859700", "to_ids": true, "type": "sha256", "uuid": "c253e78e-51bf-49e3-96e6-a781f0f962bf", "value": "b917f06580fab0ef394880da5dfe4c73d79447114dc871df1cb86377f282cc87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802384", "to_ids": true, "type": "ssdeep", "uuid": "caa3a51d-4113-4c73-bf43-34b6511e15b8", "value": "12288:xwGXbSophOalMZSSnQJccBS7tKdXQsPHm0dK1+dnZfqPshR1N+L+ue:xRNZq3QJAZIm0dKEd0PshR1w+b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802384", "to_ids": false, "type": "size-in-bytes", "uuid": "5ac83312-0651-45fe-86fa-e52c5029ef24", "value": "689972" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802384", "to_ids": true, "type": "vhash", "uuid": "7c081198-cb12-4bde-aaec-f7848bcf939b", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802384", "to_ids": true, "type": "filename", "uuid": "b3b56abc-7014-4eb0-878a-bb5bb9100cd0", "value": "08b73948e6eae1bc0ea08561fa800362.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802384", "to_ids": false, "type": "text", "uuid": "701530b3-136d-40f1-860d-95b2e7492b37", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859701", "uuid": "5bb1b065-1bf7-4d60-980e-b2983f0823dd", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859701", "to_ids": true, "type": "md5", "uuid": "3fa96b3d-85ed-4736-804e-9b9a5c15ec65", "value": "3bf8f51751e490f9e5e1f478fd8dcba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859701", "to_ids": true, "type": "sha1", "uuid": "c05443f8-f4ff-4a60-96b4-a23b1d1eb72e", "value": "374d8c3477ebf20003b268fc65b45332abd89d46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859701", "to_ids": true, "type": "sha256", "uuid": "a93377ad-bdeb-47f0-9244-3da82c5b2f71", "value": "70a879f4e2ab89a966d9083230513d9d3ffee2ba5664295c035440957b2e7c4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802405", "to_ids": true, "type": "ssdeep", "uuid": "ad93cee4-a3f2-4a71-8f07-72928b77daa3", "value": "12288:/wGXbSophOalMZSSnQJccBS7tKdXOsaRmt8nH+nnZkHg7mf01QLe40:/RNZq3QJAn9Rmt8enedej" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802405", "to_ids": false, "type": "size-in-bytes", "uuid": "6e179791-5a41-43f3-98f5-60aff498ce3a", "value": "689975" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802405", "to_ids": true, "type": "vhash", "uuid": "ef0540dc-ea41-4859-a207-604c321655c3", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802405", "to_ids": true, "type": "filename", "uuid": "67209f4d-56ff-4f0c-8544-4080f8858cc4", "value": "3bf8f51751e490f9e5e1f478fd8dcba1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802405", "to_ids": false, "type": "text", "uuid": "962ec5ae-1e9e-4c66-bbf7-8cfce26703c7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859702", "uuid": "cf3636f1-251f-4d7b-b3aa-2781bed05b0e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859702", "to_ids": true, "type": "md5", "uuid": "52ec1ccc-31e0-4508-9708-66a900db0eda", "value": "130061df3b1089f7611096f051013fdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859702", "to_ids": true, "type": "sha1", "uuid": "e65d0cf6-c2f2-43bd-b94c-20f87de73a35", "value": "bd7c65bb1032237c368e5b05b2bab4657d4a3b1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859702", "to_ids": true, "type": "sha256", "uuid": "4d5341ed-d84e-4f07-a976-1535acbb8aa7", "value": "bdaabd111d1eb6cc8d5d334beac7cd487d27dd917bbdfdd1ed0ce1407ffeb7f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802427", "to_ids": true, "type": "ssdeep", "uuid": "18c796fb-0261-468d-bf38-98038e23fa29", "value": "12288:uwGXbSophOalMZSSnQJccBS7tKdXKsRLfLRYKMQLYx2VuPL0jv:uRNZq3QJAjkLfLRYBZ2VI0j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802427", "to_ids": false, "type": "size-in-bytes", "uuid": "084e9f72-744b-4dc2-9545-b266d2eb13ee", "value": "689973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802427", "to_ids": true, "type": "vhash", "uuid": "831eddb6-d052-49a0-9971-1e41343453cc", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802427", "to_ids": true, "type": "filename", "uuid": "8600d42a-197d-480b-8cb8-24fb50b59103", "value": "130061df3b1089f7611096f051013fdd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802427", "to_ids": false, "type": "text", "uuid": "076d1fa7-626a-4c43-aa36-e05ddcee6293", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859703", "uuid": "d722a89b-0bce-4412-9ced-81b08dfa47f6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859703", "to_ids": true, "type": "md5", "uuid": "c02ff4ad-7d1f-4684-810a-f120f9665d50", "value": "fd96992cf4d83fcb7091ee3afba6b036", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859703", "to_ids": true, "type": "sha1", "uuid": "96bf9c77-4cee-441f-b47b-186b5041c550", "value": "64ab1802f02d513660001b69be34268d2ce662f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859703", "to_ids": true, "type": "sha256", "uuid": "891c538f-936e-421e-b8ef-66144160557c", "value": "3effd73d1a19c69c3a620ed39d25cae390bfa2e0fd48f416214b4cf1ea50a0fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802448", "to_ids": true, "type": "ssdeep", "uuid": "e0e246f9-ce25-4ff1-b64d-88cf17c58f02", "value": "12288:+NlIkSQa8U2CSztIrQ/2EjPwSNuzdNsh5KQj3CTzogzPHnAwqThU7P:6xSQaICSztIrQuQPwSNAdNwIQj3CXogB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802448", "to_ids": false, "type": "size-in-bytes", "uuid": "bc9dcd91-55d3-42e7-98d6-06d4156d63eb", "value": "671390" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802448", "to_ids": true, "type": "vhash", "uuid": "a54273d9-99e9-4721-8b38-7b4ea7acae2f", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802448", "to_ids": true, "type": "filename", "uuid": "e3d833e4-5421-43d2-92d8-869ef51052c0", "value": "fd96992cf4d83fcb7091ee3afba6b036.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802448", "to_ids": false, "type": "text", "uuid": "e14f6dd2-14b2-4938-be07-4ba3fac8f2cd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859704", "uuid": "8ed23444-ede5-49d6-abaf-f54a1daf69b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859704", "to_ids": true, "type": "md5", "uuid": "27798039-0373-47fd-a713-1258dddee0a2", "value": "0e9c3c1fa6b17bd238d0ef26648a01f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859704", "to_ids": true, "type": "sha1", "uuid": "d9eaf8cd-883b-41b7-8d18-c835231db300", "value": "00ca9bf4eff6d0ddb784c3de0fc692ff289099f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859704", "to_ids": true, "type": "sha256", "uuid": "7b60fc21-2629-47f3-ae24-80ecfe85ab03", "value": "7aea03830842bb31d2552731793802f6cecea9570eab3bd4833eee4ecdd80d75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802469", "to_ids": true, "type": "ssdeep", "uuid": "41f8ab82-bae8-49f8-8c73-2e9cf536c9c3", "value": "24576:vwL2kfFySy609KkWRRNZq3QJAawI2lD+oLUm3F1I6qfCrC1f+smGrzJjNjy4voH:vaAJVWRHJAaIlD+yUm3Qme1+sTJjcEY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802469", "to_ids": false, "type": "size-in-bytes", "uuid": "f199709c-d7fe-462e-94df-ea9e9d3d0806", "value": "1716000" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802469", "to_ids": true, "type": "vhash", "uuid": "ae513622-c120-4b2d-8fd2-cd076f6a11ff", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802469", "to_ids": true, "type": "filename", "uuid": "1224512f-ca13-4b0f-a37d-2143901ff761", "value": "0e9c3c1fa6b17bd238d0ef26648a01f3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802469", "to_ids": false, "type": "text", "uuid": "f5ba92ed-01d6-4236-bc72-aacba98c1ee9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859705", "uuid": "041e7641-1e34-4fd2-bccf-c876200c1638", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859705", "to_ids": true, "type": "md5", "uuid": "4497d2e6-6f1d-457c-b3e5-e2985bbab0fa", "value": "60c6428fab898150ba1aa723b62e64c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859705", "to_ids": true, "type": "sha1", "uuid": "081b3f61-d158-4006-9f72-0fdc5c2bce4e", "value": "4ebff3d6543d25e7b4a4f1badd73e1676edd711e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859705", "to_ids": true, "type": "sha256", "uuid": "21de1325-3a26-4861-9ce6-c42409dcc3b5", "value": "7ce1f7c3bb791dad169bdfef484498170ac53ebc148dfda33c50024baa524267", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802490", "to_ids": true, "type": "ssdeep", "uuid": "2fda3c0e-014f-4bf1-b47d-d7a1513e65ba", "value": "12288:8wGXbSophOalMZSSnQJccBS7tKdXYs9abY76nnCwxJifpeLILOGq:8RNZq3QJARBhLx8oLsOb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802490", "to_ids": false, "type": "size-in-bytes", "uuid": "142d0775-e175-46fd-a74c-427a91c2fff8", "value": "689986" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802490", "to_ids": true, "type": "vhash", "uuid": "b0f05cd2-f450-44ca-b8b0-ea4d43cbd15e", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802491", "to_ids": true, "type": "filename", "uuid": "686272d2-5ab0-45d0-8e09-39683eea8fe9", "value": "60c6428fab898150ba1aa723b62e64c5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802491", "to_ids": false, "type": "text", "uuid": "13cc03ad-562f-4951-b59a-8c6d787d9a7f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859707", "uuid": "e80d3051-f3a0-4023-afa4-9050a26689b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859706", "to_ids": true, "type": "md5", "uuid": "973f5f7c-7d34-4d22-9e8b-e7fa01b9a9eb", "value": "6abe6c3ed646ecc866891378d1ee5569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859706", "to_ids": true, "type": "sha1", "uuid": "a5d1a326-73a9-47f3-9221-576ce7814a67", "value": "60b1b47572b157244450a9e31d381138e78a4488", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859707", "to_ids": true, "type": "sha256", "uuid": "f3d2cace-d4e9-4071-9b0c-6daeb73a4869", "value": "c6b9bd046880bc214be414344ce6f860ad0dac707256189cc93760b95c42a11b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802512", "to_ids": true, "type": "ssdeep", "uuid": "675bec79-cf19-4f22-b419-b24ee89f8dd0", "value": "12288:yN9C4SsGhGEzlT9EDJiq0ojkyBXXKd/xknxc76sBaEy6IqyAF0gLY5l:yLqlbQ4qZXKxUxcesBaEBjfYL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802512", "to_ids": false, "type": "size-in-bytes", "uuid": "cf4c8075-6385-4c62-94e5-f069c8c45938", "value": "643220" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802512", "to_ids": true, "type": "vhash", "uuid": "99a48634-c8c8-4021-8788-017aca6fce99", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802512", "to_ids": true, "type": "filename", "uuid": "0804108c-4624-4be6-8e97-e05a6a43d9b5", "value": "6abe6c3ed646ecc866891378d1ee5569.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802512", "to_ids": false, "type": "text", "uuid": "3a7db94e-1f41-4890-a8ed-506df9c4ed90", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859708", "uuid": "1d0d8db2-d2b0-49b9-93fe-1d682bfa67b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859707", "to_ids": true, "type": "md5", "uuid": "ae259a29-487c-4288-839c-42fe5d651dbf", "value": "4d080bcd1a7959676366306ecbb98084", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859708", "to_ids": true, "type": "sha1", "uuid": "76be63ba-2448-4308-9d03-68f1dde98450", "value": "3bf98a26f6a6614c90b513457eff180373ce9ef2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859708", "to_ids": true, "type": "sha256", "uuid": "b5cfba49-988f-4fd2-b490-aee684c6c192", "value": "b249589ba99f1cd40b34a3d21ac94fb5b76263ca1125d7cb24fa64221eedd241", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802533", "to_ids": true, "type": "ssdeep", "uuid": "68c5336c-2741-4e06-affe-b533e7e9d956", "value": "6144:EwBMxhLi8qajW8DiuTjTieGGOK2v1VsIksWTy/Rzdufjgkvog9bRjTbB:EwBuLi8qaK0i2jTm22dqvURBu7Pn1fB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802533", "to_ids": false, "type": "size-in-bytes", "uuid": "5eaa8414-e109-4f82-8154-6452b562e674", "value": "253617" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802533", "to_ids": true, "type": "vhash", "uuid": "41013869-fbaf-4e9d-afd6-20f26b6dfce5", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802533", "to_ids": true, "type": "filename", "uuid": "615d70fd-8f35-4c3d-bc35-ebeba40bedde", "value": "4d080bcd1a7959676366306ecbb98084.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802533", "to_ids": false, "type": "text", "uuid": "c1679dc9-e647-4915-9c6f-eb3a71f30065", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859709", "uuid": "f592767b-0ec6-47e4-a36a-172cf2a32820", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859709", "to_ids": true, "type": "md5", "uuid": "5f2c71fb-1733-4d0c-a1a1-c7cc908e0ba6", "value": "287806be222aa8044717f6e0a9b88dcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859709", "to_ids": true, "type": "sha1", "uuid": "568f0909-3c8b-4654-89d7-a1396242bba9", "value": "a9f51cde2a3aa34d7d5d28ac1f8211117949da67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859709", "to_ids": true, "type": "sha256", "uuid": "a054ab30-6ee0-449f-a834-e05a5556ddc1", "value": "a4ac741b89cdd76ff62fb4d372cd4b361ce30c8649c06ec00105caa245cb0f35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802554", "to_ids": true, "type": "ssdeep", "uuid": "50d9c692-1567-40f6-a661-6322dd8e6b7b", "value": "6144:BZmcbLdh/jLuCr5+GCyXul6hjIqwLjx0Z05E0z8BI5jcjwyvk9yVE7:vmcXdheCQGCttLOZ01Tlsvk9l7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802554", "to_ids": false, "type": "size-in-bytes", "uuid": "4ff11702-ab82-4a23-b27f-2e5d53970bed", "value": "253469" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802554", "to_ids": true, "type": "vhash", "uuid": "52c3f7d3-0a5d-41d7-a3ef-fd6d46c046b8", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802554", "to_ids": true, "type": "filename", "uuid": "8077333e-4859-47c9-a60f-9ed90ae1c700", "value": "287806be222aa8044717f6e0a9b88dcc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802554", "to_ids": false, "type": "text", "uuid": "97482faa-baa9-4511-a34f-3c1ec7c9b174", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859710", "uuid": "26b21df0-b2be-4c3c-8d6b-425ef6d30c2f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859710", "to_ids": true, "type": "md5", "uuid": "4dd95052-1dac-4372-ba67-1cd3c72715e4", "value": "1ce2770e8729303838ec5e6c2ed208d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859710", "to_ids": true, "type": "sha1", "uuid": "484b3832-0ebc-4498-9fc2-4a91f5175d09", "value": "410da91e6e676901e71db6b8a01301cf1c5bff0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859710", "to_ids": true, "type": "sha256", "uuid": "4e98cb96-eec1-4b5c-bb5d-1e444ffee3eb", "value": "3443832c010626f00d73835a7d76556a968dd95932e4ef1b21201ce9017d7b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802576", "to_ids": true, "type": "ssdeep", "uuid": "5c612b76-cf46-4cf1-89b4-c05ff10e5457", "value": "6144:BxqAarcuQfCdXd1HS1kYnvzFt5wprCNuP/aUhHEr:Bxqh4uC3vzreBCkEr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802576", "to_ids": false, "type": "size-in-bytes", "uuid": "4c581361-3f72-47f2-8aeb-35da8dcbc1f1", "value": "249120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802576", "to_ids": true, "type": "vhash", "uuid": "7f2599ce-a93e-4476-a2a2-bf4e0ad05693", "value": "18d72edf629d205b5e6f05850b9e7d10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802576", "to_ids": true, "type": "filename", "uuid": "daa29edd-9ff7-45d2-80d8-50e6fb913bd6", "value": "1ce2770e8729303838ec5e6c2ed208d3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802576", "to_ids": false, "type": "text", "uuid": "44485993-91d5-4dc1-9af4-f0c53be6cfd1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859711", "uuid": "3593e770-4a2d-439c-85f3-0448f5801211", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859711", "to_ids": true, "type": "md5", "uuid": "961d6dd1-30ed-449f-aaf8-89c44f78fa4b", "value": "2806e5653e40591f4c035d9c90934b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859711", "to_ids": true, "type": "sha1", "uuid": "a77a18c6-cdff-44e3-aa60-a9cfb4954e59", "value": "f99c8aace362a76609ef4e9b1c6684880b7beb38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859711", "to_ids": true, "type": "sha256", "uuid": "3c8822e7-506a-4512-aeba-a15baab813f5", "value": "aa23ffed086c106ffd3ee8a34d4333fcad558edd66ab7b89da679a8190b08f98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802597", "to_ids": true, "type": "ssdeep", "uuid": "167e6823-8650-4b94-87ea-42240d049231", "value": "6144:N1TbeWIoEibiYarvrGCnskQ2Inl5GxXpXKXmh8PGwHhf:N1neNoEMirzGCnsO2LYXpa2v4hf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802597", "to_ids": false, "type": "size-in-bytes", "uuid": "da684387-4e47-4d8f-a6ce-ac178b2728bd", "value": "253473" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802597", "to_ids": true, "type": "vhash", "uuid": "e4fd0bd5-85cd-40eb-9a3d-ea13503e4e6b", "value": "c97782211174267e1e34cbe7a8593804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802597", "to_ids": true, "type": "filename", "uuid": "bf7f5cbc-8b8a-4a44-bebf-28710b4be696", "value": "2806e5653e40591f4c035d9c90934b3d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/12/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802597", "to_ids": false, "type": "text", "uuid": "cddb8d78-b0e3-49a2-8a60-c82d59be946a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859712", "uuid": "cd3866f1-29ff-4419-a8cd-df6ee5a28055", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859712", "to_ids": true, "type": "md5", "uuid": "ae52aaf2-c58c-4244-8562-c779f9b8bad2", "value": "efa3f19377aca43591798f0f91fd03e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859712", "to_ids": true, "type": "sha1", "uuid": "e112e884-ad95-449a-8435-e4edc6675f9f", "value": "bb2f09c8e8bb2b84505aa50a7d7f13f713608b21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859712", "to_ids": true, "type": "sha256", "uuid": "2586158f-2650-4ffb-afe5-462b762a093b", "value": "7569335aebf2fc861712ddbaec95d888a5955cb535312170431ac855570860f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802618", "to_ids": true, "type": "ssdeep", "uuid": "cdbd18e5-09ee-4d90-88da-d713084fa9c6", "value": "6144:/Pj6nOIB+c94iNmsP+7kim9z6oE1jkECcQFuXcVnyiYwI5F:/PjBIB+cVwsiqzpqCj4XcSwI5F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802618", "to_ids": false, "type": "size-in-bytes", "uuid": "d9b62056-38a3-4cd2-97c4-501a3e5afcbf", "value": "253424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802618", "to_ids": true, "type": "vhash", "uuid": "929039d0-60a7-4e7a-9b78-b83e5f7e73eb", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802618", "to_ids": true, "type": "filename", "uuid": "849f3665-0416-4bc4-96e5-27cbe3d6a57e", "value": "efa3f19377aca43591798f0f91fd03e1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802618", "to_ids": false, "type": "text", "uuid": "8ba2b3d0-0b68-4a85-a6b4-5467bb75e6f0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859714", "uuid": "a4663a08-b468-4b86-b705-fe0afcde80c8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859713", "to_ids": true, "type": "md5", "uuid": "109338e2-7405-4000-a7e0-18f2c4f19473", "value": "4a9091073e144779a2df2db9496ef73e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859714", "to_ids": true, "type": "sha1", "uuid": "0bcb0f95-3ebb-4f05-8ae6-10113e6e1d81", "value": "2d3c79522b094b43c3f641cc0943e812ef0a605e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859714", "to_ids": true, "type": "sha256", "uuid": "06284ff9-df31-4e27-b0bf-c2511408a964", "value": "b0c371cbbce8b0e40404928c6bcc2fadbe4f5d6ae825cebf6e101b500b9531c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802640", "to_ids": true, "type": "ssdeep", "uuid": "4724a603-4dce-460a-89ef-e85c2898aca3", "value": "24576:xwL2kfFySy609KkWRRNZq3QJAawIK/trIh0F9umFupAozzf+smGrzJjNjy4voD6:xaAJVWRHJAaU/tkosZ3+sTJjcEk6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802640", "to_ids": false, "type": "size-in-bytes", "uuid": "7f531bf3-38ca-486a-8747-5aaa6051bc56", "value": "1715700" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802640", "to_ids": true, "type": "vhash", "uuid": "d4494242-babd-4c1e-990d-368503ba96ea", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802640", "to_ids": true, "type": "filename", "uuid": "0ef46efe-a917-47d2-855f-3de8814e3aaa", "value": "4a9091073e144779a2df2db9496ef73e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802640", "to_ids": false, "type": "text", "uuid": "97760273-74ac-4d46-a10a-71d49d534922", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859715", "uuid": "a0e2b84c-97f3-40cb-b723-dbe8e650baea", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859715", "to_ids": true, "type": "md5", "uuid": "cfb02614-3e3f-4de6-85be-c315bfd57208", "value": "0a9b463e95e03c95da5792552e69a395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859715", "to_ids": true, "type": "sha1", "uuid": "5d502af8-b8cd-48a0-9fba-c2fc227e02d9", "value": "da572238550c49af3e619ef38ef070c68e9ee267", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859715", "to_ids": true, "type": "sha256", "uuid": "8fca8c04-aa9d-44c0-a9a9-4e5611256d01", "value": "d4a7ca1795c5d23f1396fa5cb538351978b5f7df4f82bc28666a59f8bff0c90f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802661", "to_ids": true, "type": "ssdeep", "uuid": "39f36ef3-06eb-4ef9-9974-f591c6ba04ef", "value": "24576:9wL2kfFySy609KkWRRNZq3QJAawILqJ6/4TYtczzsxxAqMQ+X1gy74f+smGrzJjo:9aAJVWRHJAa9GG4YqgcRvlgJ+sTJjcEA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802661", "to_ids": false, "type": "size-in-bytes", "uuid": "dc252d4e-fc42-41c0-9c6f-f5f8633dc34f", "value": "1715726" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802661", "to_ids": true, "type": "vhash", "uuid": "d52a1619-7ab7-4a87-8f52-2d8cdaec12c9", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802661", "to_ids": false, "type": "text", "uuid": "da94058e-726b-46ac-b627-6691e22a8cc7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859716", "uuid": "d47fb168-5827-4e69-a463-9f4ac7b7e0e8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859716", "to_ids": true, "type": "md5", "uuid": "7a5b7f17-6d75-4435-8667-38b10d3cc524", "value": "ee7a38e271ec22eb95504e78b5ae29e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859716", "to_ids": true, "type": "sha1", "uuid": "2c7da11e-655a-40f4-bad4-4b7f8c212613", "value": "c25be97c057b3ff388b0a54d38047f87d688b4cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859716", "to_ids": true, "type": "sha256", "uuid": "d45d6a20-6761-46e4-8240-23334d266bab", "value": "cc5f620b2333cfc2a04b2334a8ead45e2341957f04401b2cf92eefaba8ce4b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802682", "to_ids": true, "type": "ssdeep", "uuid": "7cb5eb16-03ac-40bd-b224-90a23bca7b07", "value": "12288:3wGXbSophOalMZSSnQJccBS7tKdXgsHEVk48E2z1/LZyEGqgvQxL83M:3RNZq3QJAxYp48E2z1/LZyEG9q88" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802682", "to_ids": false, "type": "size-in-bytes", "uuid": "736eefd6-239c-4bb1-96a5-9d2e403000ee", "value": "690023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802682", "to_ids": true, "type": "vhash", "uuid": "e2c2180d-4124-4029-b68c-4f98be51f438", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802682", "to_ids": false, "type": "text", "uuid": "af49373f-2d7b-4b5f-85e2-0a52be460861", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859717", "uuid": "13b8a241-75dc-44a0-9b0c-671dbbf63c44", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859717", "to_ids": true, "type": "md5", "uuid": "94325a6f-817a-4ef7-a4a0-8754c712460d", "value": "a6972c5a8a17aed68d259d4de4bcc252", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859717", "to_ids": true, "type": "sha1", "uuid": "64f4b961-6938-4fb1-b108-f115034316fa", "value": "0004e8760347120541b175a4f3a45a431e48c916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859717", "to_ids": true, "type": "sha256", "uuid": "770ce2c7-44e3-4c37-93c7-95ac8215f958", "value": "a43bd993361628f9dcd0ed67bbf5eafa826b6c18e50a9a6a7a82bf9dfa9f0ca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802704", "to_ids": true, "type": "ssdeep", "uuid": "a94782fe-791d-40bc-a90c-a0dcaaa2e10d", "value": "12288:NwGXbSophOalMZSSnQJccBS7tKdXasMOj8kExHAB8B7uRL0hF:NRNZq3QJAj0AkExgisB03" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802704", "to_ids": false, "type": "size-in-bytes", "uuid": "b6412636-3af6-471b-8bd7-3dd98835e14c", "value": "689650" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802704", "to_ids": true, "type": "vhash", "uuid": "4a5e1608-1932-49d8-a880-52bca2fd3078", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802704", "to_ids": true, "type": "filename", "uuid": "de686ddc-dbea-4a38-8f0f-821f1f98d3b4", "value": "a6972c5a8a17aed68d259d4de4bcc252.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802704", "to_ids": false, "type": "text", "uuid": "e852628c-392a-4277-9cfa-814cde744d63", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:32/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859719", "uuid": "111a07de-f144-47e1-a75b-0395a8fd40ae", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859718", "to_ids": true, "type": "md5", "uuid": "2fdc741f-ae9c-4d15-9854-5b5dccd25682", "value": "e1ce4e6e98de8d130c9e8d8aff3e14ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859718", "to_ids": true, "type": "sha1", "uuid": "671471b5-1c4a-485d-89dd-c4f01704bcfc", "value": "f8d2eff0ecd047fb157a65d873601952676443be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859719", "to_ids": true, "type": "sha256", "uuid": "d488a099-b74b-42d9-b87a-888b7e75efc4", "value": "b4f3823b42e628eaaf1efcc58766d937f389e248f2b7f784227aa0a7e30184e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802725", "to_ids": true, "type": "ssdeep", "uuid": "e87a7ecc-6973-494a-8b8f-253968b3941b", "value": "6144:6IP2ITPiHgVw9/XSVMjpROIUsByO1a0YjNjdiovJmnQ8yhmV9VjLlb/mi38dFLK9:6I+8igexj/QsByTzJjdiYmndzTt+i3UY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802725", "to_ids": false, "type": "size-in-bytes", "uuid": "79504a3f-a887-463c-8e4e-b0611e9cae87", "value": "331181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802725", "to_ids": true, "type": "vhash", "uuid": "efde19be-2349-489a-a7f5-06c36a7fbd1a", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802725", "to_ids": true, "type": "filename", "uuid": "6bffa1e6-d438-41cc-b9dd-eae61fe84445", "value": "b4f3823b42e628eaaf1efcc58766d937f389e248f2b7f784227aa0a7e30184e9.py" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802725", "to_ids": false, "type": "text", "uuid": "1062fd52-d8cb-4bbf-98e0-6d4e99dc9437", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:43/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859720", "uuid": "f2a642ce-0100-400a-a815-60801ad16983", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859719", "to_ids": true, "type": "md5", "uuid": "0c54950b-afb5-457f-a7d2-07291ad295d3", "value": "1ad255dcfbce3f9a462add2efedf18e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859720", "to_ids": true, "type": "sha1", "uuid": "aa27a879-fe7f-47b9-be85-224172c9ff5f", "value": "1c1cc46cf43df567c8e7f7d59a4f4b414a62ff16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859720", "to_ids": true, "type": "sha256", "uuid": "659c265b-e7f6-4d86-8a50-c3bc8ae12821", "value": "72e44677acf8a2c6fdfc19ecab5aa8a746e971c17e0dc5397c2f16bab952327f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802747", "to_ids": true, "type": "ssdeep", "uuid": "3a0fd73a-fa1b-4d16-96d4-dfa8ac859bd4", "value": "24576:iEL2UMjirRnUZ8JswIIWkKs7J6GB15EYWOglbcg1ZmsAt/25OQKpP:i5MUisa5UGW9Q+Zmd1oUP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802747", "to_ids": false, "type": "size-in-bytes", "uuid": "d07afc35-d14a-45ba-94b0-739f68637b50", "value": "1337435" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802747", "to_ids": true, "type": "vhash", "uuid": "13863ab5-a268-412f-b445-c9ebce332449", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802747", "to_ids": true, "type": "filename", "uuid": "5a8794bf-240f-4657-8211-060460a13799", "value": "1ad255dcfbce3f9a462add2efedf18e3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802747", "to_ids": false, "type": "text", "uuid": "17a315a3-43f7-47fc-b330-f1220f27f214", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859721", "uuid": "652b7f88-0cc7-4a1b-a503-e25d0975912f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859721", "to_ids": true, "type": "md5", "uuid": "7b2d9510-776b-4d56-b96a-27a413ce5b6a", "value": "a9fc88f6cd823284c4653d8aeadddd94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859721", "to_ids": true, "type": "sha1", "uuid": "ee1b27ce-6823-495b-95da-bd159990c764", "value": "9ce7ba50052cf4e174f9f22b022cfae5ca5f9c3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859721", "to_ids": true, "type": "sha256", "uuid": "7c11feb3-df24-498d-b922-f637c8d5a38c", "value": "2e1e14eb5f8bf4cd653111cd6abd2ef0efcbdbdda9b836616fb97214df1cdfcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802768", "to_ids": true, "type": "ssdeep", "uuid": "51cb7b71-a593-4350-9d6f-70b8014fb3a9", "value": "24576:+vIdJHVHaTC8py1IXEL2uavqQhoE0CopZEFmUU8uLZ0Yno:+AdJHVHaTC8YgdhiBZEFBuNno" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802768", "to_ids": false, "type": "size-in-bytes", "uuid": "e49e0b2d-5fa0-4c55-8743-e533ce304a59", "value": "1401060" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802768", "to_ids": true, "type": "vhash", "uuid": "22a13f4b-5ce1-48db-98b0-56a6e63cb759", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802768", "to_ids": true, "type": "filename", "uuid": "f09675c7-93f5-49fb-afc9-75edb3e4c77f", "value": "bd0c2f287c9162b4f8879925b67bac59b00a17b98a67cca6e0994cd51a63a5a6.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802768", "to_ids": false, "type": "text", "uuid": "be7a0659-b261-487b-9bf7-0dfa835a3ac1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859722", "uuid": "c3554599-6522-46b4-b3d4-e55ddbded5c3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859722", "to_ids": true, "type": "md5", "uuid": "14abf738-4188-429e-9d2e-f8e2be265da0", "value": "ba0b26394c87947e80f8865ef1c27dab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859722", "to_ids": true, "type": "sha1", "uuid": "26a23224-bb4d-4599-bd2f-a746e9cc29f9", "value": "6f766545836382721c625e803085b06eb1f3eb33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859722", "to_ids": true, "type": "sha256", "uuid": "954cec43-bac5-43fa-990d-5479f939e54f", "value": "a722d0a23bcfbb643a70d387aaa24fcfebd61429f8bf37bc8f201d306631dfdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802790", "to_ids": true, "type": "ssdeep", "uuid": "0f90c13f-4be6-441b-9e83-c6e3b470b2b2", "value": "24576:mEL2uavqQhoE0Cop0fIUgM/CbAchTPDmpW7bH8qvIdJHVHaTC8pyk:mdhiB0qM0AcxDmpW38qAdJHVHaTC8Yk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802790", "to_ids": false, "type": "size-in-bytes", "uuid": "8b387976-e000-4629-a3ba-413e504d36ee", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802790", "to_ids": true, "type": "vhash", "uuid": "d7988ff9-fae1-4f43-aaac-37410e50eb86", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802790", "to_ids": false, "type": "text", "uuid": "c9b92a9e-898c-47be-ad76-e6c6a5d46427", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859723", "uuid": "429e7ba1-b223-4dc9-ac3a-49e47475b7ab", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859723", "to_ids": true, "type": "md5", "uuid": "e581e66c-2439-457a-8cc4-fc10a6d3a23a", "value": "8917d089f902e37da76c2138e0bf2658", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859723", "to_ids": true, "type": "sha1", "uuid": "a705f477-48ae-4218-a769-3250229657d8", "value": "5015f8c9813e6f80baecf26e05f87b5984c9c1c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859723", "to_ids": true, "type": "sha256", "uuid": "aeb65ae7-506a-479b-a4a2-7e7b16cd2d8e", "value": "fdc8b490c76f3bfe78262290e6c0153ecdd89f59ef3d39a6f14506b7247d7128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802812", "to_ids": true, "type": "ssdeep", "uuid": "bccafefa-6242-4b73-b9c5-c3734c41a03d", "value": "24576:8EL2uavqQhoE0Cop0fIkgM/CbAchTPDmpW7bH88vIdJHVHaTC8pyQ:8dhiB0qM0AcxDmpW388AdJHVHaTC8YQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802812", "to_ids": false, "type": "size-in-bytes", "uuid": "5e0b796c-b683-4da9-bdbf-a223477e653d", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802812", "to_ids": true, "type": "vhash", "uuid": "c36c774d-68d4-4ad8-8311-80016b4f8ba7", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802812", "to_ids": false, "type": "text", "uuid": "d197b458-34b0-4f8d-8b8b-5c83858b941c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859724", "uuid": "9afaa647-96bd-4a33-b5c4-8271bb30fdf4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859724", "to_ids": true, "type": "md5", "uuid": "6056a29c-4b36-47a8-9af7-24dcc5af28b0", "value": "963f712701586ccaaa0f367f11607eb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859724", "to_ids": true, "type": "sha1", "uuid": "012f3666-6d3b-4620-9665-ac7306e5b6a1", "value": "dcbf474a1f47b57508cd3bf946044dff54d7e791", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859724", "to_ids": true, "type": "sha256", "uuid": "9e6420cd-a420-4ffd-818e-bbb90e57e1c6", "value": "2ef3c3052c803d36cca823d9cf652499bc161a2b683a832de9a511e5a0ecb290", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802833", "to_ids": true, "type": "ssdeep", "uuid": "b7f304df-5dd0-495a-ad47-db5338f6fcf2", "value": "24576:iEL2uavqQhoE0Cop0fI6gM/CbAchTPDmpW7bH89vIdJHVHaTC8pyZ:idhiB0MM0AcxDmpW389AdJHVHaTC8YZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802833", "to_ids": false, "type": "size-in-bytes", "uuid": "dbb382e2-2a58-456c-a2c8-c5412cca8636", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802833", "to_ids": true, "type": "vhash", "uuid": "567802f7-3bae-4d62-8013-f9eeb7efc06d", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802833", "to_ids": true, "type": "filename", "uuid": "14f35f5f-4be3-4ba0-ba57-a133f43a43e2", "value": "963f712701586ccaaa0f367f11607eb7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802833", "to_ids": false, "type": "text", "uuid": "5b0f819d-d88e-4f74-870f-35674d8b0266", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859726", "uuid": "1afb1b4a-4873-4276-af23-e8d5734de880", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859725", "to_ids": true, "type": "md5", "uuid": "1e5611bf-fbf9-4f83-85d7-a49c9b5cb65b", "value": "cbfbab027585733f8a6ebe723f848cee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859725", "to_ids": true, "type": "sha1", "uuid": "c6b65911-2137-4c33-bc94-26daf568e40d", "value": "72699e58bc274e85c99bb99ff774f9304a736eef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859726", "to_ids": true, "type": "sha256", "uuid": "fcb052ab-3039-4c0c-9077-1eab3cbd4d11", "value": "a2a5bcbf742c3ac88c27c72d533f455854f5104d3bdee8a356f7635b0d1bbfb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802854", "to_ids": true, "type": "ssdeep", "uuid": "c1d5c357-fc4e-49c1-b3c3-7555ef0ff96c", "value": "49152:n6eO19B0szEzZoR7j967+rUr03+ZVwO4srgm6tE:n0tnjYO+ZOO4zE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802854", "to_ids": false, "type": "size-in-bytes", "uuid": "aa731a1f-82bd-42bf-ab08-bb4f0f308c93", "value": "1858976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802854", "to_ids": true, "type": "vhash", "uuid": "8e25d79c-3a8a-4ea3-86e5-c314e2fa7011", "value": "a7917225680cac687deedfafa8f49626" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802854", "to_ids": false, "type": "text", "uuid": "782bc654-d49a-4550-a9a9-bcd80624cc62", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859727", "uuid": "9a351cdd-d364-4d71-babe-c099f0859d66", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859726", "to_ids": true, "type": "md5", "uuid": "6a1dd190-6222-4349-b511-4c03aa1f6d08", "value": "aa759c998cf44d800da7a08116bf53b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859727", "to_ids": true, "type": "sha1", "uuid": "cc8a9c96-2735-4cc0-b061-4591d9fcd387", "value": "77b7b880c27e03d2e97c9b31f82cbae9bff62ae1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859727", "to_ids": true, "type": "sha256", "uuid": "d91e974c-529f-4195-aa3e-18af0449662e", "value": "ebce1360ba6d6f96a427464801d8ef5a08db5acaabad522ccd5f97ddd7e472da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802875", "to_ids": true, "type": "ssdeep", "uuid": "f06ca5d2-778e-4fc6-9ec1-ff8752fd5084", "value": "12288:XZbljYaiOGI9uZ8Hcn7aKsh5KTANtW5JBNl4KOawt9LpUT8:Ru/O1r8n7aKwIJ5JBNO8wtNpUI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802875", "to_ids": false, "type": "size-in-bytes", "uuid": "5cdac86b-73b8-406f-9aaa-c5b4996242e6", "value": "670044" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802875", "to_ids": true, "type": "vhash", "uuid": "c11b7d2a-77db-4209-a2a8-fb24def75e15", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802875", "to_ids": true, "type": "filename", "uuid": "19c7864f-a72e-4b64-8e25-a26f81f4fae6", "value": "aa759c998cf44d800da7a08116bf53b5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802875", "to_ids": false, "type": "text", "uuid": "6993675f-385b-49c3-8045-b222c75f1eb5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859728", "uuid": "950e9910-8f18-4650-ab55-b011af9a263c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859728", "to_ids": true, "type": "md5", "uuid": "fb8d1f8f-a44a-4c70-9074-7d3fdeb7a35a", "value": "7db8f46a8496dd91008432047198c148", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859728", "to_ids": true, "type": "sha1", "uuid": "d1998c73-108d-499e-b4c9-a80355e5483b", "value": "a991e6a767185b1398113302ecb5e3a567f89287", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859728", "to_ids": true, "type": "sha256", "uuid": "5c3d3fd3-6d36-4502-9b56-378508854104", "value": "9962b3a9d9474742828c52c27d92fc1eded0bd7de60452eb6c0a794c2b587ea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802897", "to_ids": true, "type": "ssdeep", "uuid": "0cd86d84-52b5-4f24-a54c-629d530c887e", "value": "12288:/Zblf9XJwLWuYi+QHX1EZ95ArxbRLGnbfsM5KZ3R0eerQUTfA8MiOFznWqC:ZHWIi+Q3895AVRLGnbf7ID0eIdMiONnS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802897", "to_ids": false, "type": "size-in-bytes", "uuid": "a25f5c20-97cf-4e6e-ae65-5265a0f33dfa", "value": "671779" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802897", "to_ids": true, "type": "vhash", "uuid": "92f0c9e1-7e5b-4fa9-a9c1-7991d78ee3ac", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802897", "to_ids": true, "type": "filename", "uuid": "5a1d6bd5-cd1a-462b-bc14-df6615b2c7d4", "value": "7db8f46a8496dd91008432047198c148.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802897", "to_ids": false, "type": "text", "uuid": "daca3597-b8ce-4d13-91b1-3d38bf9e3b75", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:41/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859729", "uuid": "dce71124-3ee0-493a-905f-9b5b38bdd577", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859729", "to_ids": true, "type": "md5", "uuid": "41dd7d31-4448-4cc9-bd39-a004ee4cfc2c", "value": "261dbc9585a72ef669315e617652429c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859729", "to_ids": true, "type": "sha1", "uuid": "4071b400-bc43-443c-831c-aab89b66191b", "value": "57880d3b76c2cb18fe608e44069f76ff9e0b5705", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859729", "to_ids": true, "type": "sha256", "uuid": "fa68da2e-ed17-4b53-be68-c124d5aae802", "value": "5a38b4578c21190120de88cd31706af59477a92515555791d3a5a5bfdfbff699", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802918", "to_ids": true, "type": "ssdeep", "uuid": "ee5ef6cb-5d1f-442f-b9e7-04d77501aa34", "value": "24576:sSqL+pg6PGWjfTZ4bsRNZq3QJAawIPKMMYmiDqknh5W1garryHbiYQvxkrnWnWb:d+6+eGsHJAahJciDTnjqg2rEbikrI6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802918", "to_ids": false, "type": "size-in-bytes", "uuid": "03d0fcac-3188-4a9a-8211-0b9fc5b43c5d", "value": "1715423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802918", "to_ids": true, "type": "vhash", "uuid": "926b6deb-e646-450b-a7b3-27bcc7d02526", "value": "b46313b09a56ae0fe267e78e547d75d9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802918", "to_ids": false, "type": "text", "uuid": "dfb3a219-7dd4-4b4c-9948-867d763620a9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859730", "uuid": "0f856c3c-4df9-4d5f-9835-87218dbcd839", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859730", "to_ids": true, "type": "md5", "uuid": "e88239e3-984a-4c59-9b2a-4c3101effa8b", "value": "5400702b645a2ec72549a194e502160e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859730", "to_ids": true, "type": "sha1", "uuid": "5a7ffab1-caf0-4782-b99c-62758f05ac45", "value": "5ab9489b692a0bab25a2e423cc055faa30df9f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859730", "to_ids": true, "type": "sha256", "uuid": "5d64b78b-a50a-466a-9fa3-741282ae9305", "value": "52889f7c07e031b22ad6f1c31008d251ce54579b4d88832b10ed51c4c0b8c8ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802939", "to_ids": true, "type": "ssdeep", "uuid": "cf0edfa5-3fd3-4a58-8169-9dfdca88ab87", "value": "768:mIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsRH:mNwEbF6zoXXYwuyJzjkW3UXwpaRGfxJf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802939", "to_ids": false, "type": "size-in-bytes", "uuid": "8a7e7e8a-f23d-4775-b006-14842daf0177", "value": "44903" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802939", "to_ids": true, "type": "vhash", "uuid": "1571f758-ee47-4ce3-b541-52b499f9cb96", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802939", "to_ids": false, "type": "text", "uuid": "8d2f06cc-978c-4243-a3f7-e924ccc82159", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859731", "uuid": "25b923a8-1fb1-4eaf-9b98-9514cef2d113", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859731", "to_ids": true, "type": "md5", "uuid": "6615b218-cb46-4ef8-9456-e8edb4594b80", "value": "f80ac33d78e922ffb7b1e954ded74e21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859731", "to_ids": true, "type": "sha1", "uuid": "47a97d1b-cbcf-4574-a915-76365da93be2", "value": "d45009dd3e231735989701ed597120dfc6299dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859731", "to_ids": true, "type": "sha256", "uuid": "5d53d400-1d59-4cdd-b7ac-f7ee2427f00a", "value": "be13bf3e0ea8f5a59376e57c8c289e620024ea1f22ff142f10affbe01ca7f078", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802961", "to_ids": true, "type": "ssdeep", "uuid": "7c8b2b2f-e519-4485-bdb8-88b3329d0439", "value": "49152:orhK0aVr5RWAMUvfMn/f7a5cOysrfFafTErY00BKM2CXKyRUhEg:L0MRsUvfA259Dsr+umThEg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802961", "to_ids": false, "type": "size-in-bytes", "uuid": "36f37c21-93b7-45df-9801-e995c0d816b6", "value": "2315327" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802961", "to_ids": true, "type": "vhash", "uuid": "a23162f1-aa6c-4445-8a6e-99ee0f2c272c", "value": "521db4cde9eda0e867c97c0bb472a601" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802961", "to_ids": false, "type": "text", "uuid": "bd91fd6d-b780-4f57-bf7d-f7449b6e4dcb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859733", "uuid": "d29d2b3e-6898-4cbb-bf02-2c6e16d6b8b3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859732", "to_ids": true, "type": "md5", "uuid": "92f280eb-b7b2-457e-8089-eb0e1ae8d77f", "value": "3b701630f163164a926e9000031b07ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859732", "to_ids": true, "type": "sha1", "uuid": "a2c54e11-0bc9-483a-9e1e-f5b0d7f29d63", "value": "8ee21a04cf33223c44a1634aa61f3d498e9e9476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859733", "to_ids": true, "type": "sha256", "uuid": "111476f4-78b7-43bc-88ec-ddd29e686958", "value": "fc9897d7073a6eee4a559180c99c2187084a008b1feda04f88dbf4a09bb4b9bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740802982", "to_ids": true, "type": "ssdeep", "uuid": "ce056115-bc17-42de-83d3-9e976c8b0c86", "value": "768:8It03WP8sdaPWFbFuW7/Xyz6PXQ0YLDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsBm:8NWEmF6zoXXYLuyJzjkW3UXwpaRGbodn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740802982", "to_ids": false, "type": "size-in-bytes", "uuid": "1adafe06-4bcf-471a-bc9e-cef2866cb827", "value": "45340" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740802982", "to_ids": true, "type": "vhash", "uuid": "dd88cfff-57e0-45cc-a4dd-42d5b66577b7", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740802982", "to_ids": true, "type": "filename", "uuid": "14f86cf2-3be8-4b4d-8ab8-fcfc6016be41", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740802982", "to_ids": false, "type": "text", "uuid": "78c0df45-5e4a-43d3-8900-b18713379592", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859734", "uuid": "bbae9cb3-e983-4147-9184-9f18d7f83191", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859733", "to_ids": true, "type": "md5", "uuid": "9733631a-8569-4c7b-92b0-be6540b84a72", "value": "3b55b0ddb4cc002da6455f55945881c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859734", "to_ids": true, "type": "sha1", "uuid": "632d2a93-0a4e-41c4-a213-ae316f7d4409", "value": "f9f70cfbfbf5b93445d459de9137d73505f1f7c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859734", "to_ids": true, "type": "sha256", "uuid": "92b0b2ec-a857-4d22-af92-46ad15d7f999", "value": "9232e8ef01c481279932199a69ef84d06315c65d361c6df01da3504040996f73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803003", "to_ids": true, "type": "ssdeep", "uuid": "68d44bec-bd47-4e47-8a3a-dcc6fcc39739", "value": "12288:bwGXbSophOalMZSSnQJccBS7tKdXBsULaG//99HONsJNh77MvLkX4:bRNZq3QJAM7fPHONsJNuTko" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803003", "to_ids": false, "type": "size-in-bytes", "uuid": "a4ad4899-99d1-483d-ad97-93d9b9ba6c51", "value": "689651" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803003", "to_ids": true, "type": "vhash", "uuid": "36dff3c2-c033-4472-8e94-6d8f1d60b268", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803003", "to_ids": false, "type": "text", "uuid": "7220d3dc-7516-46b5-910d-d6f387a9a9ab", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859735", "uuid": "a6988a2b-944d-46b8-a458-b27e1787147e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859735", "to_ids": true, "type": "md5", "uuid": "0f5e3ade-630c-4808-bd45-7f15d73456aa", "value": "79818db8785d259ab1ccbe486808011d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859735", "to_ids": true, "type": "sha1", "uuid": "de52b7f0-a8ce-4ec8-ab05-ccfa02275bed", "value": "67cf0d0ec1bd0f3961eaf5720c6470193d76896a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859735", "to_ids": true, "type": "sha256", "uuid": "f829e76e-6b75-4e77-a8a1-41fd8c7c661b", "value": "779f28573969544212289b0939488ecee98b2e74040217e70a9cc970d6ebd7e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803025", "to_ids": true, "type": "ssdeep", "uuid": "9aa1ec31-ce13-4068-9eda-ae914bb4ea69", "value": "768:WIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsVP:WNwEbF6zoXXYwuyJzjkW3UXwpaRG7xJn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803025", "to_ids": false, "type": "size-in-bytes", "uuid": "21baddb7-f745-4187-883b-819e2f8db388", "value": "44903" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803025", "to_ids": true, "type": "vhash", "uuid": "4830891e-c793-469c-b89d-ccd41b075844", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803025", "to_ids": false, "type": "text", "uuid": "2db1d555-958d-415e-bbd7-8e36c7a34b07", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859736", "uuid": "7d192099-8605-4315-aed4-076ff5a3977d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859736", "to_ids": true, "type": "md5", "uuid": "af600b85-fc7f-4b12-9369-dd85388647d2", "value": "7a1eab3f37203ca2653111650a22aca6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859736", "to_ids": true, "type": "sha1", "uuid": "05c18d70-fe7a-4306-9ea8-6871e3120ef5", "value": "13e62c461e76256a9f88807d0ccd9ef1a03e71ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859736", "to_ids": true, "type": "sha256", "uuid": "5a098d21-3ab9-49e3-9ddc-352b61392cd9", "value": "842b0cd0c7e84cf5eb4a25e262c306b7a14e1af9a00d9b3c0d6707d0e40fb0cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803046", "to_ids": true, "type": "ssdeep", "uuid": "b8fe3eb8-8baa-4aab-a81d-207f7dee9dc7", "value": "768:lIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsZW:lNwEbF6zoXXYwuyJzjkW3UXwpaRG3xJe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803046", "to_ids": false, "type": "size-in-bytes", "uuid": "ddd8edf6-e442-41c7-a2ec-60334fd2703e", "value": "44903" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803046", "to_ids": true, "type": "vhash", "uuid": "0f877da4-fcb0-419d-aa79-913211122e30", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803046", "to_ids": false, "type": "text", "uuid": "2bf6b42d-d57f-45e4-a4f1-230c0b13819a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859737", "uuid": "b3dd947c-bf83-41fb-841c-64c2019e3228", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859737", "to_ids": true, "type": "md5", "uuid": "64f20fa9-02c1-4281-9cca-c8f52b339607", "value": "49f8c9db5dc7175b72069385c2e158c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859737", "to_ids": true, "type": "sha1", "uuid": "1dd20509-11a0-49c1-a945-21b468d93971", "value": "88f47016bdbe06b2829ad061affb1aa5718b21b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859737", "to_ids": true, "type": "sha256", "uuid": "765270d9-2a83-4ba2-9e93-b2299018431c", "value": "e0230243a37d435edcd907c388d554f39af5ec12cb422dbe52c7f6b3d35f835c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803068", "to_ids": true, "type": "ssdeep", "uuid": "9573fd2b-bcd5-43ab-8a0f-10a5747eaaae", "value": "12288:l7QlCYaiOGI9uZ8Hcn7atsM5K2ANtW5JBNl4KOawt9LpUOn:l7QN/O1r8n7at7IE5JBNO8wtNpUQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803068", "to_ids": false, "type": "size-in-bytes", "uuid": "d0de10ea-892b-451f-94c4-37be4c13c353", "value": "670053" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803068", "to_ids": true, "type": "vhash", "uuid": "770d362b-f67c-4fa4-bec1-34156fc740ba", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803068", "to_ids": true, "type": "filename", "uuid": "812f4d97-8d64-49bb-a4f2-15120cfbbc8c", "value": "49f8c9db5dc7175b72069385c2e158c5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803068", "to_ids": false, "type": "text", "uuid": "9173907c-371c-47c1-9f05-d07b22495874", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:35/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859738", "uuid": "e66e3cce-0d3c-42c5-89a8-3c1ea195c8ca", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859738", "to_ids": true, "type": "md5", "uuid": "db357f4e-116d-4ef7-8d82-815a58ebf32e", "value": "5bd44eda695f7a208ab202fa5fc298ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859738", "to_ids": true, "type": "sha1", "uuid": "7509d7ff-2228-463e-990c-e097fe196f68", "value": "8ba53b85a24ec09b98e865cfe20b99ddbd9494c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859738", "to_ids": true, "type": "sha256", "uuid": "0121835b-77aa-48d0-a759-9f05de0dac57", "value": "a87ebe666f7bc3f29fad158c5ecf32cc1eeba4be2982ccd649121070a9d6de1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803089", "to_ids": true, "type": "ssdeep", "uuid": "1335949a-e2bd-4ad5-a4de-6dc85d29bfff", "value": "24576:gEL2uavqQhoE0Cop0fIFgM/CbAchTPDmpW7bH8qvIdJHVHaTC8pyL:gdhiB0nM0AcxDmpW38qAdJHVHaTC8YL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803089", "to_ids": false, "type": "size-in-bytes", "uuid": "1d76bd55-fd55-4d20-90f2-32124452ed49", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803089", "to_ids": true, "type": "vhash", "uuid": "4ee00eac-0362-46aa-8662-ee8d31df1aad", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803089", "to_ids": true, "type": "filename", "uuid": "468c8cc4-48aa-4952-8ae0-51a036a6b0e3", "value": "5bd44eda695f7a208ab202fa5fc298ba.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803089", "to_ids": false, "type": "text", "uuid": "dca67b67-8b17-4461-bb79-06dbdffac7cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859740", "uuid": "f4e16e3f-bb63-48cd-a0e4-12736b45222f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859739", "to_ids": true, "type": "md5", "uuid": "f7a84a28-1547-40e1-ae64-037a1434b8b6", "value": "d0ac11fbf81caebc8747286ed0db9da7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859739", "to_ids": true, "type": "sha1", "uuid": "5b002382-f6d0-4461-95bf-96ad7abd5d47", "value": "a353d2637597ac434c3fdf4c4a7ded3c78b100ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859740", "to_ids": true, "type": "sha256", "uuid": "651cffb1-e513-4c2c-a4f9-301a3752cd59", "value": "218f413c2e18f1620764aceab89bd45a2dbc1e121e5efb1ba639df21c9a234c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803110", "to_ids": true, "type": "ssdeep", "uuid": "3f13c813-0982-44ab-be0c-e3ab5b8bc371", "value": "12288:HGTsyyM0OCOaYhcmsd8MNNDuqiWbumwhy8TIRwGXbSophOalMZSSnQJccBS7tKdz:HGXUY6m6RNNyqiWEXIRRNZq3QJAKIo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803110", "to_ids": false, "type": "size-in-bytes", "uuid": "c223e0ea-82e2-41c4-a1a9-ace2d73967fe", "value": "890006" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803110", "to_ids": true, "type": "vhash", "uuid": "c1f20f52-fb52-4275-bd2d-afa3a48b4b73", "value": "9cb00f62aa1b8d74b17a5500ab6a3235" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803110", "to_ids": true, "type": "filename", "uuid": "be5ee5c2-86c2-4e40-b56c-161aa9701b64", "value": "d0ac11fbf81caebc8747286ed0db9da7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803110", "to_ids": false, "type": "text", "uuid": "c1e5fa73-36a7-4d43-825d-8f45ff080634", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859741", "uuid": "2a6dd067-c7dc-4840-baf5-b9e95dc3cb71", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859740", "to_ids": true, "type": "md5", "uuid": "d3161a41-215d-4115-a3ed-b45a5451f6d4", "value": "0e660e10239ce11bc09f2026a39838f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859741", "to_ids": true, "type": "sha1", "uuid": "1fd9cfad-0606-4877-99a7-441955c40193", "value": "0a1493bd111403f2d1e3139cfd71c2c44f1f646e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859741", "to_ids": true, "type": "sha256", "uuid": "7f442b26-6004-426e-a06f-abd9dde84bd3", "value": "7145e95b672237964f0c2467fcc8cc9d9b66fb37d2a8e87fe2603513590451dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803132", "to_ids": true, "type": "ssdeep", "uuid": "78a5beb2-30bc-48ee-8307-6bbeafd3b113", "value": "12288:5yT9Pgxtt9n6flB6tnccHgZWX2dvnKd1iuMNBFu3kzZMffG2pLi6U:05gCqdXg+iuMNBFu3QZyOCi7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803132", "to_ids": false, "type": "size-in-bytes", "uuid": "2bc00e0c-56a4-42ea-92eb-3200fa51732d", "value": "644560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803132", "to_ids": true, "type": "vhash", "uuid": "3b765191-299c-41be-8348-8e9d6346c1e6", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803132", "to_ids": true, "type": "filename", "uuid": "d60cd2ee-ea65-40b4-8909-a81341a3ae87", "value": "0e660e10239ce11bc09f2026a39838f8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803132", "to_ids": false, "type": "text", "uuid": "e1eecd46-6261-4e38-91be-69a36c38a77e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859742", "uuid": "c7a1acfe-e42f-4a35-9cd1-dbd64b9056eb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859742", "to_ids": true, "type": "md5", "uuid": "24cdfcd2-6ba4-40d1-9be8-4d6cbd6c0c3a", "value": "89ed4166efbd869c5e8f16df79f5e958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859742", "to_ids": true, "type": "sha1", "uuid": "9cf160f1-448f-4900-90dd-62aed909bc68", "value": "33e762264f5cc53a98cffe4fa91138f2d00feecf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859742", "to_ids": true, "type": "sha256", "uuid": "a58e95c5-57f2-48e1-a3a3-e37f4620701a", "value": "3f35ffec34829577d804c4f7493aede3c48b246da66768d839f9f2f55c5f1ec7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803153", "to_ids": true, "type": "ssdeep", "uuid": "3b4d7cbb-9498-43d3-bf34-dbefe65a5ea8", "value": "24576:BEL2uavqQhoE0Cop0fIXgM/CbAchTPDmpW7bH8uvIdJHVHaTC8py+:BdhiB0hM0AcxDmpW38uAdJHVHaTC8Y+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803153", "to_ids": false, "type": "size-in-bytes", "uuid": "b1ee9228-ca0b-4bed-869f-a9b2a73c9c04", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803153", "to_ids": true, "type": "vhash", "uuid": "7158bc64-4b60-4f46-9858-6c3af326c7a2", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803153", "to_ids": false, "type": "text", "uuid": "3107e3a9-c327-4521-a3b5-b0a6cefa69f1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859743", "uuid": "958f1714-85e4-4052-a5cb-d07ea70bcb7c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859743", "to_ids": true, "type": "md5", "uuid": "f4b36ac3-e563-4950-994a-ae8a8939c591", "value": "7903d418392cf7f8530cff5bb2c335db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859743", "to_ids": true, "type": "sha1", "uuid": "ea1c4a3d-db4d-447b-ac9d-4745815dbcf6", "value": "3e4c0a2aaa74861d16f5855951080b659cdadbe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859743", "to_ids": true, "type": "sha256", "uuid": "2552220d-447e-4263-8e8a-94729b6774eb", "value": "4c66b7e7488ff9781e7df076824a1852f1b5b6e55c2da83ed94fe72d19a69193", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803174", "to_ids": true, "type": "ssdeep", "uuid": "8254306c-e544-4f94-8586-00aabb23a916", "value": "98304:+gUXpC6GENIewqBbObT5zNjQbaaN1hRL0Zd0vka:ZIwmYN8fH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803174", "to_ids": false, "type": "size-in-bytes", "uuid": "786a1756-6f74-4685-bc20-b21570ddd916", "value": "4385259" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803174", "to_ids": true, "type": "vhash", "uuid": "d5eac94e-2d90-4bff-8a43-940f708c044b", "value": "b755089e8143341b3b02a799d1e72204" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803174", "to_ids": true, "type": "filename", "uuid": "e31653ee-8e6b-4fb2-92db-75060c7acb70", "value": "7903d418392cf7f8530cff5bb2c335db.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803174", "to_ids": false, "type": "text", "uuid": "fca631b9-6680-471f-819e-76f1c8885fb6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859744", "uuid": "69247610-8d13-41d1-b99c-6a6f27ee87ec", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859744", "to_ids": true, "type": "md5", "uuid": "e01a1cce-0e01-477c-a43f-1a0c980ca5cd", "value": "0d5fa35fcda152bc6eb5d789c03659f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859744", "to_ids": true, "type": "sha1", "uuid": "552615c8-889f-43fc-8876-6aa366743dc6", "value": "785281d70b72dcfc179bca2fb13b63f5b9336774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859744", "to_ids": true, "type": "sha256", "uuid": "4bc6fa58-b44c-48ce-b0a1-1cb39cfc1272", "value": "12e24e5f281a5fc17da55cc8eb16961c5f092ee70dfcf899ca47fa1fb8cc5909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803196", "to_ids": true, "type": "ssdeep", "uuid": "d4b31d33-a80b-41d8-944f-b232fd652cf1", "value": "12288:zyT1HSM6gyolBlMqU7cP344JGKduesetdhMVZfTK7lL6q5:z+EgVJAcJzoVVTK7F6E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803196", "to_ids": false, "type": "size-in-bytes", "uuid": "2a89086c-02ba-431a-a15e-c6f66b15256a", "value": "690161" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803196", "to_ids": true, "type": "vhash", "uuid": "f2bb5454-3a55-4905-af27-4a935b9e4b37", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803196", "to_ids": true, "type": "filename", "uuid": "428acc01-9087-4d96-a208-cbd9139c8961", "value": "0d5fa35fcda152bc6eb5d789c03659f9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803196", "to_ids": false, "type": "text", "uuid": "a76972ae-c469-4e19-8fb6-60ff328bd091", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859746", "uuid": "1b9bedb5-4501-4cb2-8b03-6c556715fc2f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859745", "to_ids": true, "type": "md5", "uuid": "60368df8-98cc-4e02-ab1e-e63e62c7aa87", "value": "685ccdb3b3a31d8471d51acd0be2b1c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859745", "to_ids": true, "type": "sha1", "uuid": "667a851c-2160-4683-b55e-14e51047b6fa", "value": "8b96180489fbacbec9e42bc2cf4ebb02d741d308", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859746", "to_ids": true, "type": "sha256", "uuid": "244e4928-5095-4b13-b343-f49fe467e8e5", "value": "b8dc1cd3572f0c7fea4cc2d4c909c9a199829401f4de68cc64cb0a1ecaeffa4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803217", "to_ids": true, "type": "ssdeep", "uuid": "dcd19672-f908-464d-8bf2-d6f0704aff40", "value": "12288:Ssb+KD5N2QYcJNduLolHHKYOsz2NPt5vECxfGNNL+yg:Sa5N2QYcJOolHHNJ2BtWCyt+F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803217", "to_ids": false, "type": "size-in-bytes", "uuid": "e5eb2895-5b07-4c61-9911-136dab05e169", "value": "568829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803217", "to_ids": true, "type": "vhash", "uuid": "ce8a2c1f-6d86-4c8e-ab92-8ffcb3c234c0", "value": "cd405c0f81796da89f891d0b523ee911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803217", "to_ids": true, "type": "filename", "uuid": "c709a6a7-5d9b-4a9d-87a3-65daf544df29", "value": "685ccdb3b3a31d8471d51acd0be2b1c3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803217", "to_ids": false, "type": "text", "uuid": "054b1711-8e90-446b-b579-bd51362dc59d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859747", "uuid": "aa6b8686-912c-4ef2-8517-2f858449787a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859746", "to_ids": true, "type": "md5", "uuid": "f9ab02b7-1e4e-463b-b0fd-50c6eac6d4ac", "value": "6e4e5ac032bca2c23a8afae74ebf0cb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859747", "to_ids": true, "type": "sha1", "uuid": "2477a8d0-6ec3-4231-a5b1-dc28b2b61acc", "value": "c82e540c6ce81d941c265eff01ce34a603f96618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859747", "to_ids": true, "type": "sha256", "uuid": "6b003705-9849-4b9b-93e9-6fcd31c11d2c", "value": "35a6bba52b51d85e1573cedcaf10d6b7b829b629fff7f681a2676f8ddf88aa69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803238", "to_ids": true, "type": "ssdeep", "uuid": "a37b109f-7567-47c0-90a3-28f1828e5227", "value": "12288:ass+KD5N2QYcJNdGLolHHKYOsz2NPt5vECxfGNNL22l:aF5N2QYcJeolHHNJ2BtWCyt2k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803238", "to_ids": false, "type": "size-in-bytes", "uuid": "fd6f3573-a7e7-4e87-a603-2b62ed1f3464", "value": "568829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803238", "to_ids": true, "type": "vhash", "uuid": "a1ba92a3-d666-4911-836a-b6eab2893694", "value": "cd405c0f81796da89f891d0b523ee911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803238", "to_ids": true, "type": "filename", "uuid": "67193b64-2ff7-401e-99af-5bcaf2c362b7", "value": "6e4e5ac032bca2c23a8afae74ebf0cb5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803238", "to_ids": false, "type": "text", "uuid": "ee167a1f-960e-420d-8706-f65c9cb39faa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859748", "uuid": "e9034262-2765-4df4-97bb-d800d70c8032", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859748", "to_ids": true, "type": "md5", "uuid": "7155daaa-5939-474a-8263-901464779e19", "value": "b42c0b35d74567cbfc98558f6d54fde6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859748", "to_ids": true, "type": "sha1", "uuid": "a0d44134-1563-4026-923d-26636f9ec072", "value": "d70ab8d4e89e6c0ba3dec422f49e6b69fc8f8fca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859748", "to_ids": true, "type": "sha256", "uuid": "9f9bb894-691d-43a4-a0c4-c1e4393d62e1", "value": "21da326f78b9f248c51a24e3b58a86fb9dee079df908fdc25d1ec8a8a6ab27d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803260", "to_ids": true, "type": "ssdeep", "uuid": "3bf512ac-48a5-4ef3-8691-edc2978226d4", "value": "12288:QsxlyKe40lIHABB70QZAcMIgtLD2NLolHHKYOsz2NPt5vECxfGNgLUDY:QUQKe40lIHU70QbMIgtLD25olHHNJ2BR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803260", "to_ids": false, "type": "size-in-bytes", "uuid": "17b03734-8125-407c-98fb-ff3de69c03a0", "value": "568820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803260", "to_ids": true, "type": "vhash", "uuid": "7c4277d6-8c37-4893-a68a-d668e9f45aa8", "value": "cd405c0f81796da89f891d0b523ee911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803260", "to_ids": true, "type": "filename", "uuid": "8c2c80d9-8b4d-46e7-a4ee-754fb0997c6f", "value": "b42c0b35d74567cbfc98558f6d54fde6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803260", "to_ids": false, "type": "text", "uuid": "8d8d3a09-b797-469f-abc4-4c3ff09a1300", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859749", "uuid": "07bf3028-8ed1-497b-97e9-69e6d8e87e2f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859749", "to_ids": true, "type": "md5", "uuid": "e6439082-956c-44f5-9049-88fdc83ebb21", "value": "f10cee2df2c9da35a8f301e9381b1029", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859749", "to_ids": true, "type": "sha1", "uuid": "74301813-1710-4d22-bf2e-572a1075506b", "value": "4dfd7175714462da2ddc386f8c8ec8957d3a0e46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859749", "to_ids": true, "type": "sha256", "uuid": "e6cec17f-7a44-4ca8-96ff-80653d3b79e5", "value": "0560aa3040542e49f1e5af5ab2c10c10eefa60cea17c4cc9e85369377385317a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803281", "to_ids": true, "type": "ssdeep", "uuid": "52af6439-23d9-415b-b7d6-8edd7535e9e1", "value": "12288:4sEd/GpNvyZ9c5QCHTq17MnAGwQcOLolHHKYOsz2NPt5vECxfGN2LwR+:4hGrkQQCHTqBM+QcyolHHNJ2BtWCymwY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803281", "to_ids": false, "type": "size-in-bytes", "uuid": "a3260f04-bbdf-4f3b-8ee7-a91757c5fa05", "value": "568791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803281", "to_ids": true, "type": "vhash", "uuid": "942f2862-a812-4afa-989b-459e0e79fc03", "value": "cd405c0f81796da89f891d0b523ee911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803281", "to_ids": true, "type": "filename", "uuid": "480c2cf9-3705-414d-a0eb-dc0cd53a9e50", "value": "f10cee2df2c9da35a8f301e9381b1029.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803281", "to_ids": false, "type": "text", "uuid": "a118f098-e276-43cb-a03d-28dc389d771a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859750", "uuid": "dae566d6-3813-468d-b5c8-2fe42743a6b9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859750", "to_ids": true, "type": "md5", "uuid": "697cbddf-0f0b-4e34-90ae-3c46ecb54dba", "value": "11f1e9bb17de6d50e35928a8259b3df1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859750", "to_ids": true, "type": "sha1", "uuid": "e68b1289-3a3e-43af-9380-5dd82f939fd6", "value": "0dab9f6a808d02420c8cc97b68a0f4555c596999", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859750", "to_ids": true, "type": "sha256", "uuid": "de2b40a9-41a3-42ab-af8d-ba7753e1810b", "value": "a1a337596d375d0ba37def1aa63ec15270b90e8043b55b30029f9ab1ed32729d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803302", "to_ids": true, "type": "ssdeep", "uuid": "c1b6efee-ea4c-41bc-99ce-12a8f9d89359", "value": "24576:3EL2uavqQhoE0Cop0fIVgM/CbAchTPDmpW7bH8uvIdJHVHaTC8pyO:3dhiB0/M0AcxDmpW38uAdJHVHaTC8YO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803302", "to_ids": false, "type": "size-in-bytes", "uuid": "f9b3b728-b708-485c-930f-e35b3df05330", "value": "1339171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803302", "to_ids": true, "type": "vhash", "uuid": "d328ab3a-3553-4557-b45f-3447e7bf854a", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803302", "to_ids": true, "type": "filename", "uuid": "ba0eedef-1d64-4f9e-8b95-90fda083c8e1", "value": "11f1e9bb17de6d50e35928a8259b3df1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803302", "to_ids": false, "type": "text", "uuid": "93c0b6bb-5af7-4abc-ac57-9bc47bddd239", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859751", "uuid": "74d9fbf6-c8d7-44ca-be92-5b71d15e4bc5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859751", "to_ids": true, "type": "md5", "uuid": "adfa14a3-68de-42c2-a23b-6821fe22509e", "value": "eda7254c3d7a39b7fb34c203e574331a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859751", "to_ids": true, "type": "sha1", "uuid": "5bf82cac-f8a9-4b5b-9e7b-e2defa47a23d", "value": "b07b5c20e9a212ddbae91e17f5ce421d58980dc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859751", "to_ids": true, "type": "sha256", "uuid": "39950942-3a25-4fa3-9182-f04d888f0586", "value": "ea8a36899a8d1b7c708f51803d4e392faff529610aa5186a7d3c4cb7e4c9e32b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803324", "to_ids": true, "type": "ssdeep", "uuid": "7b022020-98de-4b08-9e2c-b98ad6313795", "value": "12288:hyT9Pgxtt9n6flB6tnccHgZWX2dvnKdUgfcDgL3u65rH1czrPLUho:85gCqdXgxQfLnNizrzUC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803324", "to_ids": false, "type": "size-in-bytes", "uuid": "98307988-9873-4949-adc0-ed801bb2d6a4", "value": "644624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803324", "to_ids": true, "type": "vhash", "uuid": "6ba052af-c8dc-433e-929a-478cb5e107d2", "value": "dde2de1704115922ea4ae6641e5f3421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803324", "to_ids": true, "type": "filename", "uuid": "8d1c7c59-307c-48e7-8ff1-14a0d51907c4", "value": "eda7254c3d7a39b7fb34c203e574331a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803324", "to_ids": false, "type": "text", "uuid": "7e73b323-42d2-4a6e-8d10-f88495d6d3a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859753", "uuid": "439a5d6c-787b-4914-acd3-649cc33392b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859752", "to_ids": true, "type": "md5", "uuid": "edec65bb-12a4-4722-8dc7-573214eb356f", "value": "02613a237167a14e5edab483234aa52d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859752", "to_ids": true, "type": "sha1", "uuid": "e98e1a00-85d7-459c-bd9a-2ca259affce4", "value": "2b3beb402c1a66a7ed315c19533f6e0cb2dc4a6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859753", "to_ids": true, "type": "sha256", "uuid": "7ce87e37-087a-4764-8710-13a82dce8363", "value": "276375f8638b06eecb90b94b2285b0ebcf9ba634a260e27737c2ecaf239df8be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803345", "to_ids": true, "type": "ssdeep", "uuid": "d901b318-bb02-47cd-b6ac-6b9c51fa7913", "value": "12288:jyT9Pgxtt9n6flB6tnccHgZWX2dvnKdva2pkodTD65rWhJxh/Emr5L49o:G5gCqdXgkdhdywhJxhbrp4C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803345", "to_ids": false, "type": "size-in-bytes", "uuid": "f6137f1f-2814-4f9c-8f32-b5902c19836d", "value": "644611" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803345", "to_ids": true, "type": "vhash", "uuid": "9becc4e0-fb63-4344-90ce-4dc0a8cdf689", "value": "dde2de1704115922ea4ae6641e5f3421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803345", "to_ids": true, "type": "filename", "uuid": "b3e30edf-9eb9-47a8-bc5e-839c2e5da38f", "value": "02613a237167a14e5edab483234aa52d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803345", "to_ids": false, "type": "text", "uuid": "19828782-5a1f-4659-84dd-3c09d3b8428a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859754", "uuid": "ec0d1d44-4dd9-4f6e-9f57-a8e38bad2528", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859753", "to_ids": true, "type": "md5", "uuid": "74691dbb-314a-4198-9dce-39b7ef8ca0ce", "value": "68e0abec61a061b8b4c41638524d0d90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859754", "to_ids": true, "type": "sha1", "uuid": "647f1ac4-2993-4fcf-ae7c-b9853bdafb63", "value": "3040b00fc192d96d5a639b554a2eb73d291602a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859754", "to_ids": true, "type": "sha256", "uuid": "dd84f4a8-a1d6-41bd-8fb6-8a94a17d5296", "value": "06d8609af5b956c55af6a789a52718227710d84d5ab2cef01b4591c481ed149c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803366", "to_ids": true, "type": "ssdeep", "uuid": "0cc78167-cce3-49a8-ae1e-d6f8abf7c634", "value": "49152:KHvKWnhEeqAVoANQ+Ov/cbMYh4mBnTUibNyzd7NfyVymLG2gtd3ywPxdV:2vK6Eeq9RdcbM90gzdxM6dtd3jPxdV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803366", "to_ids": false, "type": "size-in-bytes", "uuid": "13d2e636-5d86-455a-a4f9-ea6d52137f52", "value": "2482837" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803366", "to_ids": true, "type": "vhash", "uuid": "516be13c-e6f8-4820-8b98-3cd0e9deb90a", "value": "deb8556b59bf05b192e686bb73346aa8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803366", "to_ids": true, "type": "filename", "uuid": "0457120c-e5d1-41eb-b5ef-8f2f4fb1bd72", "value": "68e0abec61a061b8b4c41638524d0d90.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/03/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803366", "to_ids": false, "type": "text", "uuid": "47da92d1-440f-4720-8b68-6fcbd4b7c105", "value": "CarbonSteal\r\nType Description: Android\nNone\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:25/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859755", "uuid": "ba3c7640-7609-412d-b541-d65d9f42bffc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859755", "to_ids": true, "type": "md5", "uuid": "10e64f9f-ad02-4dc6-80c2-8e0f74175a7a", "value": "2ebf3546fd13464ef684a76367749ec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859755", "to_ids": true, "type": "sha1", "uuid": "bc202a99-03ff-4ffc-8dc4-3cb6cc61238c", "value": "5bac664a002c40808508dfe91078c2c5d95d3df8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859755", "to_ids": true, "type": "sha256", "uuid": "de50de1c-c248-4998-8db4-0e5a946b08ad", "value": "2f1e9e0c1193e7238b8a85490e4bd79691ac2752b1b376096b4f6de7cd304d36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803388", "to_ids": true, "type": "ssdeep", "uuid": "f57dcead-ffb4-4099-a4f2-be675d803b02", "value": "49152:1gb5oSA8etf4eIDU0jAIJ9Ay/U+pp+vsjY2gDzneD:1+m8ai3jAIfAzaYdfeD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803388", "to_ids": false, "type": "size-in-bytes", "uuid": "c527be9b-6bc0-4fba-af6c-80f0d1e33452", "value": "2491889" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803388", "to_ids": true, "type": "vhash", "uuid": "54a35e79-fb3c-48df-bed4-7376b4c22389", "value": "deb8556b59bf05b192e686bb73346aa8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803388", "to_ids": true, "type": "filename", "uuid": "23a16bae-b224-4c7c-b290-3287adf14e01", "value": "2ebf3546fd13464ef684a76367749ec2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803388", "to_ids": false, "type": "text", "uuid": "8f22dbcd-60ac-4b3b-8010-d0866544995f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:22/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859756", "uuid": "a56c2b15-bf99-491f-96ca-99620d27e4a2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859756", "to_ids": true, "type": "md5", "uuid": "0ae47672-2f23-4fd2-8a17-92821c478bb2", "value": "f2860c0bcd865379ef2425cb867bf608", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859756", "to_ids": true, "type": "sha1", "uuid": "89db17b9-af15-4406-a68d-76b8d94eda77", "value": "127b25d622ba41d271c4032bab15db3025d6908b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859756", "to_ids": true, "type": "sha256", "uuid": "4c8faba3-7825-4005-9c86-813565d9c741", "value": "ad1759b667b75846d509e956089e9e2b686f04d4689c529c11be6fa59a51012f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803409", "to_ids": true, "type": "ssdeep", "uuid": "a58111eb-3349-43c9-8b59-a4054b6fddee", "value": "12288:lyT9Pgxtt9n6flB6tnccHgZWX2dvnKdXRbIraXYP94QXaDaXeLc9J:I5gCqdXggRbIAYPTKgucv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803409", "to_ids": false, "type": "size-in-bytes", "uuid": "caf2d807-059a-4678-99ee-433493dce4c3", "value": "644621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803409", "to_ids": true, "type": "vhash", "uuid": "8cf25f20-9c7a-48fe-982f-29fa78101eb3", "value": "dde2de1704115922ea4ae6641e5f3421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803409", "to_ids": true, "type": "filename", "uuid": "eed32497-2e23-497f-be86-cf86d9c8312e", "value": "f2860c0bcd865379ef2425cb867bf608.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803409", "to_ids": false, "type": "text", "uuid": "206295e3-a166-4b8f-92e1-9f9ff7bbf75b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859757", "uuid": "a674a4b3-56dd-4ae7-ae6e-356cd4184c6b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859757", "to_ids": true, "type": "md5", "uuid": "2868665d-940c-4a4a-905b-8bd0ef9d3c0d", "value": "3963009445825b376279fc1a0f92e3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859757", "to_ids": true, "type": "sha1", "uuid": "769574ee-c0bf-4274-a72c-3fe3856b532a", "value": "8e74ab2651f98d0059eeef16891f8df7eb301090", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859757", "to_ids": true, "type": "sha256", "uuid": "ad5db2a3-817c-49df-a3ac-a533896f0b73", "value": "661c86f2a0064c31df9f2c6a719ab86fbaac49925b135201b6fbee24c8c11455", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803430", "to_ids": true, "type": "ssdeep", "uuid": "5ea4f2f4-e98a-4be5-a2c0-ed95af217e89", "value": "6144:2aTeuacIKfQe6CU1VoFf74BYgib0tm/JfiVJBqJpOQwg4RftNi08FE4J:NTee3B6foFD4By0tLJczOQwDji0R4J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803430", "to_ids": false, "type": "size-in-bytes", "uuid": "4298b9e0-e333-40d5-b3c9-6976fb8e37cf", "value": "256412" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803430", "to_ids": true, "type": "vhash", "uuid": "ee3d7836-47f5-4d16-84a3-f02cc59ad7ff", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803430", "to_ids": true, "type": "filename", "uuid": "cce20c7a-0cc9-4928-8b89-a7235b9d89ab", "value": "3963009445825b376279fc1a0f92e3f9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803430", "to_ids": false, "type": "text", "uuid": "ba5a0379-fee3-4c97-84ff-595a24434d14", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:33/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859758", "uuid": "ed0c27ba-e942-4897-8433-e42b3d2efa0f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859758", "to_ids": true, "type": "md5", "uuid": "c5620ba4-ed6c-4220-9dbf-7fff588a1398", "value": "7015bbecc2e6d35bdfbec5117297980c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859758", "to_ids": true, "type": "sha1", "uuid": "fe049c0f-c33c-4bda-becc-070c38daef44", "value": "f3a87cf7e606f8053921be4b57758046a25015c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859758", "to_ids": true, "type": "sha256", "uuid": "bdd4ff62-bda4-498f-8868-e9101f9e3d99", "value": "a31e4d46a7847255a37253d031ce7bf90474d4bc3c401a15ec60ec1a81e59bae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803452", "to_ids": true, "type": "ssdeep", "uuid": "4b5015bb-8ecc-4ebb-bcfc-a7e270ef199f", "value": "12288:2yT9Pgxtt9n6flB6tnccHgZWX2dvnKdKobIqgl5vYGOC6XL6+LOOy:B5gCqdXgBoUTAGOC6XLbOV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803452", "to_ids": false, "type": "size-in-bytes", "uuid": "8ee83684-beb4-4aba-8b5e-298b44e9c861", "value": "644625" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803452", "to_ids": true, "type": "vhash", "uuid": "aec5cd73-5cbb-4bc6-86cc-f37c2898a421", "value": "dde2de1704115922ea4ae6641e5f3421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803452", "to_ids": true, "type": "filename", "uuid": "08618b65-4be3-4dce-98ac-269fe164f77c", "value": "7015bbecc2e6d35bdfbec5117297980c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803452", "to_ids": false, "type": "text", "uuid": "c40ac8a3-cd54-4009-8deb-65e7a72239f4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859760", "uuid": "9fd825cc-b0ab-4a89-9e9f-832d34416386", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859759", "to_ids": true, "type": "md5", "uuid": "4240ed7b-9042-4b5d-9f71-2eb0d3852893", "value": "dc635e62cbde465c54a4190d437aa8e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859759", "to_ids": true, "type": "sha1", "uuid": "9b1279b7-fc9d-481d-93b9-445bdf109c9f", "value": "744a3a6f4abd0f22bb3d6b58b3c914190c5cf5f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859760", "to_ids": true, "type": "sha256", "uuid": "6962163d-f744-41c9-ba82-51fc852d28ed", "value": "3bceb5eb03e55ea71285b72387a5d0ac42ea7fb389457ca0fe5bbf814b3589b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803473", "to_ids": true, "type": "ssdeep", "uuid": "d70f333f-41dc-4c06-bb0a-704415edad55", "value": "12288:WyT9Pgxtt9n6flB6tnccHgZWX2dvnKdVsiRRj03tUnB3xD9DgfrjwqKvqtyrOhSo:h5gCqdXgI35FZgTuvqtqX+v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803473", "to_ids": false, "type": "size-in-bytes", "uuid": "c8183979-f427-466c-909e-363e7d3199b8", "value": "946918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803473", "to_ids": true, "type": "vhash", "uuid": "1a127f9d-f302-49b2-85c7-ef5f7f354a23", "value": "b5ce6d751acf5f84bdd048193c617b5c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803473", "to_ids": true, "type": "filename", "uuid": "3686aa6a-a826-411f-b805-3a0b7ea2a310", "value": "dc635e62cbde465c54a4190d437aa8e8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803473", "to_ids": false, "type": "text", "uuid": "a25b7479-960f-4207-b5d2-7220b1a0cdf8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859761", "uuid": "e1b20dab-d3e8-412d-9d25-3af720cad729", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859760", "to_ids": true, "type": "md5", "uuid": "a6497509-0211-4c8b-811e-017275885dda", "value": "f95069e7e5a2b8fed37d6192246c5dee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859761", "to_ids": true, "type": "sha1", "uuid": "1515eec3-ccf2-408a-96da-4e5081e78974", "value": "837030e79a6ea6440bad5d60aadd613abf521837", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859761", "to_ids": true, "type": "sha256", "uuid": "2f703a5d-db5b-4efc-bdcb-730a17f4612c", "value": "b02f83202df0a33487d0be23ce83eb2957327126294ba0eba1d42fb5071e2909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803494", "to_ids": true, "type": "ssdeep", "uuid": "97447247-c46c-4ed8-8859-bfb176d782bb", "value": "12288:zN9C4SsGhGEzlT9EDJiq0ojkyBXXKdeIRU8a+PshJL7vojfanL0DA:zLqlbQ4qZXuR6+Eh9ojCL0c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803494", "to_ids": false, "type": "size-in-bytes", "uuid": "928c6f82-1a50-4c25-8d13-f825444de2f0", "value": "643229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803494", "to_ids": true, "type": "vhash", "uuid": "ffbb3e12-4cd4-4f2f-8be4-6ddf9e990094", "value": "dde2de1704115922ea4ae6641e5f3421" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803494", "to_ids": true, "type": "filename", "uuid": "6ada252a-ea14-4980-a5ea-d91c95ff7718", "value": "f95069e7e5a2b8fed37d6192246c5dee.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803494", "to_ids": false, "type": "text", "uuid": "7877f99b-4029-4d87-9e8e-f0ef7cad72fe", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859762", "uuid": "6096cb3a-4d08-4b15-8624-8f321b197491", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859762", "to_ids": true, "type": "md5", "uuid": "c5f18654-1df4-4457-bce6-def85b48e029", "value": "23b0b7282700ab24539e4f4118779dcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859762", "to_ids": true, "type": "sha1", "uuid": "e091fd6c-06a9-43d0-a337-22c33a7549cc", "value": "4c3df3fed542f1782fe23e686f0c89fc2e54f0a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859762", "to_ids": true, "type": "sha256", "uuid": "e10113df-1676-492a-9064-be83c67a6687", "value": "202b5c0419648e1d1b180aa728d6e0065303bbbd8407e05f74b4cbb55f562e19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803516", "to_ids": true, "type": "ssdeep", "uuid": "7654c9b2-a976-4d18-83b7-30a18602d6d5", "value": "12288:OyT9Pgxtt9n6flB6tnccHgZWX2dvnKd/s3PaBAfe3uLSLYVi:Z5gCqdXg+GPzfMuLiYw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803516", "to_ids": false, "type": "size-in-bytes", "uuid": "29f4f78a-fa5e-4224-8385-d32e00d41d25", "value": "690110" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803516", "to_ids": true, "type": "vhash", "uuid": "909b35a0-cbf3-4675-a46c-f64d8e6c1672", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803516", "to_ids": true, "type": "filename", "uuid": "f2397d6c-bb80-4e79-86e3-f559ea2913a8", "value": "23b0b7282700ab24539e4f4118779dcb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803516", "to_ids": false, "type": "text", "uuid": "ddd49aa8-a989-4e18-9961-040a64ab2066", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859763", "uuid": "c194dba9-750b-4944-ae89-63cb772ab6a9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859763", "to_ids": true, "type": "md5", "uuid": "d9499bf9-55ba-4203-9daa-3013dba73dd9", "value": "cb29de37740a85ca460d8a17724f03d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859763", "to_ids": true, "type": "sha1", "uuid": "d48a9768-00a1-49f2-8b56-347223031b6b", "value": "9db725ba69faaf1c2b3fa99653f5d09c8b676a4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859763", "to_ids": true, "type": "sha256", "uuid": "1bb4e800-80c5-4c4d-987e-4c56344262c4", "value": "07d13d169acfac04284ff19030da3f6b219d8902ac876b5048f33cad833bf41f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803537", "to_ids": true, "type": "ssdeep", "uuid": "e6d786fb-d58e-4e01-b2f8-d768d81b73c1", "value": "12288:VyT9Pgxtt9n6flB6tnccHgZWX2dvnKd2sWALfUv7sKZSpIz3JqZRsj9T+SmY7LcY:Y5gCqdXgLpAbUv7sK8pIz0S9z9/cY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803537", "to_ids": false, "type": "size-in-bytes", "uuid": "983e72c5-3ccb-437b-996a-8997eece1b7a", "value": "690110" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803537", "to_ids": true, "type": "vhash", "uuid": "21b8cf21-1685-4031-883b-ebf090ae0064", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803537", "to_ids": true, "type": "filename", "uuid": "2699914e-77e1-4d26-be19-0c30c5b3ad30", "value": "cb29de37740a85ca460d8a17724f03d2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803537", "to_ids": false, "type": "text", "uuid": "9564f537-2ff4-4172-890f-eade55ce919f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859764", "uuid": "8c64b217-6900-465f-9af9-d7115e2a708c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859764", "to_ids": true, "type": "md5", "uuid": "305b97d0-9e94-457b-9b08-f8c14b7147dc", "value": "d8e46d584586e7d0b806dfa5234fb074", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859764", "to_ids": true, "type": "sha1", "uuid": "bf58be33-fde6-4dd2-8f8f-4aaf884de26a", "value": "732fef32ed70d63b61fcca6ffcd9255710515c13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859764", "to_ids": true, "type": "sha256", "uuid": "7a1e0703-349b-4cce-9572-4f63c88e403b", "value": "fe42e6e883a2de41a79f3c3f14347bb7826fd7a355ac162ab830041fb4151260", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803558", "to_ids": true, "type": "ssdeep", "uuid": "a6393063-9b74-4300-8176-b4401e20d48e", "value": "12288:xyT9Pgxtt9n6flB6tnccHgZWX2dvnKdysvRPdQJQwozPt17VGLamS:s5gCqdXgLiPdQCtEaD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803558", "to_ids": false, "type": "size-in-bytes", "uuid": "2e6a9d1e-a5be-4abe-b9b0-36fa956f62f8", "value": "690102" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803558", "to_ids": true, "type": "vhash", "uuid": "6613861d-61c1-4563-b156-492a03e61b63", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803558", "to_ids": true, "type": "filename", "uuid": "4af7b922-99ed-412b-a95a-022e77ab2e0f", "value": "d8e46d584586e7d0b806dfa5234fb074.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803558", "to_ids": false, "type": "text", "uuid": "a762c88f-bd0a-4326-895b-9f16d2a3be4d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859765", "uuid": "41c9095a-def1-4732-b7d1-593eee8b7fb9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859765", "to_ids": true, "type": "md5", "uuid": "c85c77d4-5c69-4ad5-bb3b-5c663e9515d5", "value": "9cce0256a50a478d5856a5a135069c9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859765", "to_ids": true, "type": "sha1", "uuid": "f05e63d9-9cd4-44a3-bca2-cc7339c12667", "value": "4bfc9a3edefb9b6757e3483eb4b6fd680efd6f47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859765", "to_ids": true, "type": "sha256", "uuid": "81e8c073-1d5a-41a4-b860-23101fb955ae", "value": "1d263da52a6dd518124854ad22df234cd82d15db629c16244a32b8861596b15a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803580", "to_ids": true, "type": "ssdeep", "uuid": "7f918032-6a80-49c3-a5e5-caf643fbb08b", "value": "24576:HTiShA5Eitb5kHGY7VFgcFC3jGfHxDdG8XzMDSKnysvvk/ooK0Kp1kIo3bAmN9Pq:HTxhA5Eitb5kHGY7VFgcFC38HSkQDLyE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803580", "to_ids": false, "type": "size-in-bytes", "uuid": "62790092-3a79-45fe-a84d-9fb82fab6f7e", "value": "1333529" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803580", "to_ids": true, "type": "vhash", "uuid": "1bace621-1f09-472e-9674-b7b3df08317f", "value": "0251c4e652aa27872dd6d11a72b904be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803580", "to_ids": true, "type": "filename", "uuid": "f29e87e5-7ccd-4a4b-8177-2423e5ab9ea1", "value": "4bfc9a3edefb9b6757e3483eb4b6fd680efd6f47.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803580", "to_ids": false, "type": "text", "uuid": "90e18e15-45cc-454a-bfbe-1a2a55dddc50", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859767", "uuid": "233ef537-7324-4601-9429-9a202fd4f205", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859766", "to_ids": true, "type": "md5", "uuid": "d757220a-7fbd-4058-9419-fe0c0e91bf55", "value": "f1cad7a667a537d4454d4d5d6cdd3113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859767", "to_ids": true, "type": "sha1", "uuid": "3e758adb-7452-4987-871e-d25f343439d1", "value": "bf65a4f8e9735e0b4699be262edaa406513d944a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859767", "to_ids": true, "type": "sha256", "uuid": "d163501c-31ff-4d10-b1d5-60daa5e6182b", "value": "1745c3dc6c4693b4f445d92562df1f8a21a6591494779cf1426f366a6080ab06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803601", "to_ids": true, "type": "ssdeep", "uuid": "0957b20b-f27a-45e0-a756-c6893968ba21", "value": "24576:7EL2uavqQhoE0CopZR2wl+bm3mClEpxOsztn9Taf66WeIT:7dhiBZLln3exHR5vP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803601", "to_ids": false, "type": "size-in-bytes", "uuid": "fb990596-339a-4978-970c-cbf170caa8e9", "value": "1339308" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803601", "to_ids": true, "type": "vhash", "uuid": "6e4c7f6d-a740-409a-9421-145cc892ff32", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803601", "to_ids": true, "type": "filename", "uuid": "d455070e-05b7-4ef5-81f4-fa67231e662f", "value": "bd0c2f287c9162b4f8879925b67bac59b00a17b98a67cca6e0994cd51a63a5a6.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803601", "to_ids": false, "type": "text", "uuid": "79b075bf-5918-44d2-a554-161ff4472f0c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:35/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859768", "uuid": "1d6c9ee6-f58b-421a-86cf-cbf3385807f0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859768", "to_ids": true, "type": "md5", "uuid": "7c5472e9-299e-41ac-996e-7163f87eae4e", "value": "16c63fa2c9ff319374cef87bf12c0a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859768", "to_ids": true, "type": "sha1", "uuid": "fef6a568-9adb-434b-979b-c0ecee7bb3a8", "value": "0d92462b25d9eee170f088ba283d60de3edda58e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859768", "to_ids": true, "type": "sha256", "uuid": "792f9d61-67c7-4bd6-acdc-0015e36ff8d9", "value": "b16bffc5b680f2ab7ec944375f25b6921251b875b0764ba96cbb664722b5e104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803622", "to_ids": true, "type": "ssdeep", "uuid": "ef9ec4e6-ae5d-4265-a7dd-8dc72bcf4e30", "value": "24576:JEL2UMjirRnUZ8JswIcvh9EsRqbe+vM5G9lbcg1ZmsAt/25OQK3:J5MUisurEHbe+UYfQ+Zmd1oe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803622", "to_ids": false, "type": "size-in-bytes", "uuid": "14743db5-4b1a-4b39-aaad-903b2db6ff11", "value": "1337558" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803622", "to_ids": true, "type": "vhash", "uuid": "a21b12a6-a854-45a3-9347-7eaf34a942ae", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803622", "to_ids": true, "type": "filename", "uuid": "88c006eb-186d-420c-a4a0-369a8a63480a", "value": "16c63fa2c9ff319374cef87bf12c0a34.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803622", "to_ids": false, "type": "text", "uuid": "73339290-38d9-4593-a426-dcb432b73bc2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859769", "uuid": "2d4b6ac4-646e-44bb-9cc5-a769189046cc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859769", "to_ids": true, "type": "md5", "uuid": "d88d32c0-c716-48a5-9ea5-be50f5dfab2d", "value": "af3646e204bd62eba119b9546ad1c8f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859769", "to_ids": true, "type": "sha1", "uuid": "dc27948d-009b-4353-bcce-89df9dac2d8b", "value": "44f2728d6ed91c97d0f70f2c15a1e2c32b72e90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859769", "to_ids": true, "type": "sha256", "uuid": "987f9c40-fed2-4ba1-aa49-6acd59c37300", "value": "fb15d768e5ebfb9d03ccacade715eedc7906ee67e0558e17cf0994dfb8fa58f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740803716", "to_ids": true, "type": "ssdeep", "uuid": "3c14213f-81cd-4be4-a622-29515eae4c52", "value": "768:LIt03WP85daPWRbFuW7/Xyz6PXQ0YBDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsw2:LNTEkF6zoXXYBuyJzjkW3UXwpaRGaxJu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740803716", "to_ids": false, "type": "size-in-bytes", "uuid": "38f15ff9-aad5-40e8-9d77-e42484fbc5cf", "value": "44832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740803716", "to_ids": true, "type": "vhash", "uuid": "b97ee542-5107-4eec-9825-23177e3b295a", "value": "cd0fd9eaeda4347ef46be8c455bef52e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740803716", "to_ids": true, "type": "filename", "uuid": "5548e831-78c2-4da7-9ed1-152e641d64b4", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740803716", "to_ids": false, "type": "text", "uuid": "dcae18f8-cb49-48a2-a28e-292e8aa437d2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859770", "uuid": "fcc94bb4-c8c1-42a7-a1ea-e6181bc50230", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859770", "to_ids": true, "type": "md5", "uuid": "63faaf51-a7e7-495f-8020-36d868af117f", "value": "21511f96a9481e06c189b9eca6fd54c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859770", "to_ids": true, "type": "sha1", "uuid": "da984c55-1ea0-4757-b350-5e8cb04c0669", "value": "e5f8c21659032ff90a7c79872e5a99638fb5fef3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859770", "to_ids": true, "type": "sha256", "uuid": "c080b929-1fb3-43cd-a70b-3e6c45636ca1", "value": "8b4bf5440049797a6f499bf94586e86f608095a580bb04ac0d1054d08a495687", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805084", "to_ids": true, "type": "ssdeep", "uuid": "b0cddd29-ba00-4951-aa76-09dc4205566b", "value": "12288:jyT9Pgxtt9n6flB6tnccHgZWX2dvnKdhs5ScEM1GEc82+TesTuSeo+erDDIrjwq7:G5gCqdXgw86kGW3TjbPDIruvqtq88k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805084", "to_ids": false, "type": "size-in-bytes", "uuid": "3590693a-b614-4ea4-b762-42adff644526", "value": "946917" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805084", "to_ids": true, "type": "vhash", "uuid": "e01298db-fe96-45ef-b02d-b950c1829bc8", "value": "9c0ce85e324a169580f4a495a1d6aafe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805084", "to_ids": true, "type": "filename", "uuid": "1f3503f3-68aa-4f46-bb46-5410b0858584", "value": "21511f96a9481e06c189b9eca6fd54c5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805084", "to_ids": false, "type": "text", "uuid": "8cd6d405-423e-4e66-9e3c-f208449dbb81", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859772", "uuid": "eb596520-d77e-4dc7-a2f3-19af9bb9bb91", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859771", "to_ids": true, "type": "md5", "uuid": "888bfc64-bacf-4352-bce0-ee2c1c9e37e0", "value": "42120ed7b85b9de8d23da0ffd5a7abc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859771", "to_ids": true, "type": "sha1", "uuid": "5e38446c-f95d-4d67-bd97-f06e9903a73b", "value": "5d1dcd92749e3a1825f24b9ab8f346223faba226", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859772", "to_ids": true, "type": "sha256", "uuid": "b4980f5a-f82a-40b9-870a-97400b14cea7", "value": "1f875cd25bbc228c0ece89ed4d3885c8351064d3380f718966b62aa7627f1cd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805106", "to_ids": true, "type": "ssdeep", "uuid": "c91223f5-015a-4896-8e12-d52226a77cc8", "value": "12288:x6yT9Pgxtt9n6flB6tnccHgZWX2dvnKdvs8i+Ngl9Wa63ZbERNPo71:xN5gCqdXgg7Q9W7xqe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805106", "to_ids": false, "type": "size-in-bytes", "uuid": "6faf3f18-235d-406d-97de-263b83416697", "value": "688908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805106", "to_ids": true, "type": "vhash", "uuid": "ace3c30a-5b70-48fc-9e47-9a129c9321cc", "value": "22c7a7be9396dbfd4b3e9e3cd9710e77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805106", "to_ids": true, "type": "filename", "uuid": "c5fe5485-35d6-4fae-b561-d2118e7476fc", "value": "42120ed7b85b9de8d23da0ffd5a7abc6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805106", "to_ids": false, "type": "text", "uuid": "9a6cc75a-1ade-4f90-bb82-34b88fee0fbb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859773", "uuid": "6db39259-ae29-4c9f-8117-b2e9de7fe06b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859772", "to_ids": true, "type": "md5", "uuid": "35501bcd-fe20-4ae6-9c99-68f329bdc141", "value": "3a5694dbc0312cbf2c541348f6cdd682", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859773", "to_ids": true, "type": "sha1", "uuid": "72ac12b2-71fd-48ca-a94b-79ff31bf4d73", "value": "3ea027570a0366ff9112ec9a0f4a0059473fdcb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859773", "to_ids": true, "type": "sha256", "uuid": "efada69a-b677-4bfb-a47d-5b4ccdd0c877", "value": "1d5f39ca37ff7210dee7188481ff96de2836bb00bf3440fc1e99e0666ab0107b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805127", "to_ids": true, "type": "ssdeep", "uuid": "af22936a-477a-40c3-a50c-c296b9cd397c", "value": "12288:lyT9Pgxtt9n6flB6tnccHgZWX2dvnKd7swfS9Vlx8YJmrYW9RRbd+QwDtefLkfI:I5gCqdXgeffS9VlxvmrYW9bYBejkw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805127", "to_ids": false, "type": "size-in-bytes", "uuid": "cfd47300-52b8-4d14-ae25-b5ed0b5de9e0", "value": "690091" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805127", "to_ids": true, "type": "vhash", "uuid": "92fb49a1-21cd-4f88-8d3c-d02dd9f01fb2", "value": "c271e6ac77ddb0d0be94e80bfaf23749" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805127", "to_ids": true, "type": "filename", "uuid": "d81c8dcd-6b8d-4350-8a01-254cc239021b", "value": "3a5694dbc0312cbf2c541348f6cdd682.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805127", "to_ids": false, "type": "text", "uuid": "03da6729-d09b-460f-a4a4-4f4f104d56c3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859774", "uuid": "3b8e74a1-2395-4da3-a1cb-c8534cc8e328", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859774", "to_ids": true, "type": "md5", "uuid": "f5e87488-6759-4b4f-953f-d06fa500e5ca", "value": "41262861d3c19b0d68c81463b3f3f657", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859774", "to_ids": true, "type": "sha1", "uuid": "b6b16941-180c-4559-8f8f-e884f35a6f66", "value": "cb4949c5f9debedac1298bd95251f83cc4b228b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859774", "to_ids": true, "type": "sha256", "uuid": "70450266-6c75-48e7-87cb-2bca56c5184c", "value": "b31063f9aaaedebba93810637ebf96e2dab01e49d2275fc5b351849cd325537e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805149", "to_ids": true, "type": "ssdeep", "uuid": "42a757c9-4be3-4254-9cfa-65a880502b32", "value": "768:FIt03WP85daPWRbFuW7/Xyz6PXQ0YBDCyJzjHYbxsQcZULe+vop5tLcD/JGJmsnE:FNTEkF6zoXXYBuyJzjkW3UXwpaRGx8X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805149", "to_ids": false, "type": "size-in-bytes", "uuid": "86816ba0-b81d-42f2-b03e-126a3e1a2762", "value": "44769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805149", "to_ids": true, "type": "vhash", "uuid": "5a1fabb4-0115-483f-9223-1c6ccbf660c9", "value": "cd0fd9eaeda4347ef46be8c455bef52e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805149", "to_ids": true, "type": "filename", "uuid": "07223a22-2163-4576-822f-b20be12466b0", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805149", "to_ids": false, "type": "text", "uuid": "e7c3c214-b18e-49c9-bf65-5e73d2a4de75", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859775", "uuid": "c6ed8e82-7333-4bba-8550-d09ae011e57c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859775", "to_ids": true, "type": "md5", "uuid": "d1e743e7-ddf8-4315-96d8-543de14f05e0", "value": "a04f9ee4e77eb104821375908f5c45a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859775", "to_ids": true, "type": "sha1", "uuid": "84e0ef5d-0057-4c3a-a6fe-7435c72bbaee", "value": "bd3246701904c1464d1deed06f38264d826a1ebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859775", "to_ids": true, "type": "sha256", "uuid": "f5c77a45-faf7-4ecd-be5c-5f3635605d40", "value": "5e02b2e80782a2896aa017f59557e5245ef31334a393136710f3cb4191a8101f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805170", "to_ids": true, "type": "ssdeep", "uuid": "46d68952-53af-4457-a858-f07207afc609", "value": "12288:RyT9Pgxtt9n6flB6tnccHgZWX2dvnKdvs8iQNgl9Wa63ZbERNPoP9:M5gCqdXgg7u9W7xqY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805170", "to_ids": false, "type": "size-in-bytes", "uuid": "39cc653c-4a87-4abe-a919-9138947fdb2e", "value": "688907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805170", "to_ids": true, "type": "vhash", "uuid": "54a9424f-5284-4e3c-a619-1f3fa27693f2", "value": "22c7a7be9396dbfd4b3e9e3cd9710e77" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805170", "to_ids": true, "type": "filename", "uuid": "b38ebae8-2aa1-4377-9663-71f1b8ee23f7", "value": "a04f9ee4e77eb104821375908f5c45a6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805170", "to_ids": false, "type": "text", "uuid": "2c9ba91d-7fa2-4a22-a279-4aa847162a67", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859776", "uuid": "89d52a43-4070-41a5-b49f-2acbc8d5f81b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859776", "to_ids": true, "type": "md5", "uuid": "854c825d-4581-4c87-8788-655262ddf7fa", "value": "2215044ba6ce10a01f529e015b98b319", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859776", "to_ids": true, "type": "sha1", "uuid": "11c25b14-9d1d-4d41-ad12-c7d2378f2668", "value": "36176c1c2af7d16ecdf308dd2e92b3c729d08a44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859776", "to_ids": true, "type": "sha256", "uuid": "7a92fdaa-2a5e-4347-ba64-ea812563accd", "value": "1633b58c4ba4d69c596b0deca4676792be9c2a3b33facacac98255ff5a45b63d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805191", "to_ids": true, "type": "ssdeep", "uuid": "08dae88a-7919-4166-aa97-a7ed6d78ea00", "value": "12288:JHyT9Pgxtt9n6flB6tnccHgZWX2dvnKdvs8izNgl9Wa63ZbERNPovmXz41Tmsuo1:JS5gCqdXgg7r9W7xq8gzomqDug" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805191", "to_ids": false, "type": "size-in-bytes", "uuid": "55a1c63b-5e22-43fe-bfe9-a542112cc1cf", "value": "945769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805191", "to_ids": true, "type": "vhash", "uuid": "09914a27-d3e3-442e-9ae3-0ac43660e343", "value": "9c0ce85e324a169580f4a495a1d6aafe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805191", "to_ids": true, "type": "filename", "uuid": "b2938b8e-9dd9-428f-b213-915e55d1a2b0", "value": "2215044ba6ce10a01f529e015b98b319.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805191", "to_ids": false, "type": "text", "uuid": "a85b77ea-8d37-4f14-a151-7ef3bd7084db", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859777", "uuid": "4c527e11-e9b6-4cad-b2fe-7899fb78eb82", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859777", "to_ids": true, "type": "md5", "uuid": "404bf5be-095d-41c1-ba3c-19c373b658d4", "value": "d90682854eff846a39ae262030f41998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859777", "to_ids": true, "type": "sha1", "uuid": "3a1a601b-8979-4f5f-b1a4-bcf1d4d1a57b", "value": "598e78462cc3152238ea438481d7d29b880b2b60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859777", "to_ids": true, "type": "sha256", "uuid": "1c24b277-93c9-4990-bb7b-05852ff810f7", "value": "f0a0cd6117c58f3d440cac7c719f487da6a382d37f93928942137100242cf3a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805213", "to_ids": true, "type": "ssdeep", "uuid": "52de1582-5bcd-432b-8088-1361fd9a3616", "value": "12288:2yT9Pgxtt9n6flB6tnccHgZWX2dvnKdkyTnUipwGOfzRjLI9d:B5gCqdXg1yTUipwG0zRHIb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805213", "to_ids": false, "type": "size-in-bytes", "uuid": "3a149325-a5db-4ff6-829e-657dd3117465", "value": "644632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805213", "to_ids": true, "type": "vhash", "uuid": "3070470f-46a9-496d-9ebe-dfdc6c5a5155", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805213", "to_ids": true, "type": "filename", "uuid": "77b72eff-cbda-4f49-8b87-bb24bc542289", "value": "d90682854eff846a39ae262030f41998.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805213", "to_ids": false, "type": "text", "uuid": "3593ad9e-7778-4943-b10d-827c3ab2af10", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859778", "uuid": "603ab7e4-bf3f-4ca7-8b51-227f069b7104", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859778", "to_ids": true, "type": "md5", "uuid": "c845fb2a-877a-4f67-8853-447404663e01", "value": "1ec219487a23e3465b152b559c3fcf89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859778", "to_ids": true, "type": "sha1", "uuid": "b36bcbd3-f262-4265-84f6-7024f602c5c6", "value": "5269c8591ff0d25c07f442b67440175269f0c880", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859778", "to_ids": true, "type": "sha256", "uuid": "0f29ca77-0a6d-4654-ba91-f989c4180450", "value": "e1192a883429dc28224786d65ea4544631e5f3082a9fe4c3151b03be0d23c1d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805234", "to_ids": true, "type": "ssdeep", "uuid": "4b46ca60-b38c-4040-81e8-ff2e278de3cf", "value": "24576:jTiShA5EitL5kHGY7VFgcFC3jEuyP6nUkJzU7BYMQ6s0co1OQsIbZt3LZ9Ke:jTxhA5EitL5kHGY7VFgcFC3sP6nUkd8v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805234", "to_ids": false, "type": "size-in-bytes", "uuid": "5bb1f234-54b6-43c6-9528-942d8fe59064", "value": "993854" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805234", "to_ids": true, "type": "vhash", "uuid": "a5df6946-cc7c-4089-89dc-9f9f2217a7b6", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805234", "to_ids": false, "type": "text", "uuid": "e5883eb0-6524-4a24-a523-aaf132a291a1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859780", "uuid": "df3b4f99-94d5-4e9f-bd3d-51923a83a0ba", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859779", "to_ids": true, "type": "md5", "uuid": "73ee9e4b-2a7b-4623-8ccc-bc58a48251b8", "value": "2c66f87fa7bffd174d34238ac997e711", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859779", "to_ids": true, "type": "sha1", "uuid": "b4f0df72-fdbe-46d6-afd7-c60cb3bf6233", "value": "72b7906cc35a99502572220c766d96e8013c189f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859780", "to_ids": true, "type": "sha256", "uuid": "86e5c176-c097-4cb3-9e7e-b5330515c5e6", "value": "ea8f305e4c109f1463c821c25795445a07bb830d8c0484c7d715ac358653bd3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805255", "to_ids": true, "type": "ssdeep", "uuid": "97dab837-5a7d-447c-8055-64d92570cfef", "value": "24576:PTiShA5Eit35kHGY7VFgcFC3jguyP6nUkJzU7BYMQ6s0co1OQsI1Ov5FJNUeuLLV:PTxhA5Eit35kHGY7VFgcFC3YP6nUkd8X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805255", "to_ids": false, "type": "size-in-bytes", "uuid": "4225232f-919c-4323-82e4-22da0a18e293", "value": "1341446" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805255", "to_ids": true, "type": "vhash", "uuid": "4be17de0-2b98-4c38-9114-2766d0a81399", "value": "0251c4e652aa27872dd6d11a72b904be" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805255", "to_ids": false, "type": "text", "uuid": "fd59d69b-20f9-482f-88b5-d9cac85424ba", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859781", "uuid": "f27d9409-c55d-4ffd-9a59-0fa5ea6a9f0b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859780", "to_ids": true, "type": "md5", "uuid": "dc7ead1d-3679-46dc-b067-106546d66bbb", "value": "97bef0ee6de8bdc731f0a52a2f694f01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859781", "to_ids": true, "type": "sha1", "uuid": "0f5702e5-f2ed-44ef-b1bc-a15c443d116d", "value": "8b001074cb50cde92a82235c694424d622fdfc2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859781", "to_ids": true, "type": "sha256", "uuid": "28f858dc-a565-4dba-bd2d-f41ea2f3dd68", "value": "c26174ae494a5d2736436e66dafdeca9de774960d970667cde19d834b496121f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805277", "to_ids": true, "type": "ssdeep", "uuid": "40d87fad-1eec-4c16-acd0-e84fd667a9e3", "value": "12288:lyT9Pgxtt9n6flB6tnccHgZWX2dvnKdKyTnUipwGOfzRXLUB8:I5gCqdXgTyTUipwG0zRbUa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805277", "to_ids": false, "type": "size-in-bytes", "uuid": "15167811-c2b1-430d-a66b-9ab10c0ca9ad", "value": "644632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805277", "to_ids": true, "type": "vhash", "uuid": "e6096a50-d44d-4897-bebe-d95d42fb8a61", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805277", "to_ids": true, "type": "filename", "uuid": "ef3fb1ea-2086-45b3-b85b-13c0dbb48647", "value": "97bef0ee6de8bdc731f0a52a2f694f01.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805277", "to_ids": false, "type": "text", "uuid": "5f38adc4-1340-4975-b3dc-7c3ef0fdf805", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859782", "uuid": "845099a7-0458-440e-9d2b-abfdc3ac8f40", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859782", "to_ids": true, "type": "md5", "uuid": "e081c4ce-b6dc-441c-9c16-29fd5b9dc001", "value": "ff20e9be3a529ee94fcabdc41509a0cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859782", "to_ids": true, "type": "sha1", "uuid": "72998e79-c3fb-4c4f-a939-5a56048b1a59", "value": "b7eae1e90a99630da8f3bf9e18c611f66753c73b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859782", "to_ids": true, "type": "sha256", "uuid": "1d62a718-e769-4b69-824b-3269689d7fde", "value": "9cbee07da1a0eec0ab2dd7dc30a10e37eb1c53a1dfdc74e507f5cb9c933787d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805298", "to_ids": true, "type": "ssdeep", "uuid": "ebd1f835-9bb4-40ae-b47a-71b8b3a8a34d", "value": "24576:HTiShA5Eith5kHGY7VFgcFC3jiuyP6nUkJzU7BYMQ6s0co1OQsIZZt3LZ9Kg:HTxhA5Eith5kHGY7VFgcFC3aP6nUkd87" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805298", "to_ids": false, "type": "size-in-bytes", "uuid": "1a944cf1-05e0-4f5d-ac08-ac6dc682c231", "value": "993854" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805298", "to_ids": true, "type": "vhash", "uuid": "98cbf52f-8577-426a-b497-e52263e3e7f2", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805298", "to_ids": true, "type": "filename", "uuid": "e346faa1-e42b-4c3f-a1b9-882ec8924d1c", "value": "ff20e9be3a529ee94fcabdc41509a0cd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805298", "to_ids": false, "type": "text", "uuid": "9be44dae-d285-4ef0-9dec-ec5451d10fb8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859783", "uuid": "e79a524e-d91f-4c4c-a33c-ef49c739a6c7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859783", "to_ids": true, "type": "md5", "uuid": "82dea084-281b-4f9f-af5d-0211cbab08a1", "value": "87a1479681da5e244d052c130c1e3a0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859783", "to_ids": true, "type": "sha1", "uuid": "ee37b285-79fe-4e46-b8f5-cd00a2891d84", "value": "c842d59e57947ee068c891ea105a503a0093d3f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859783", "to_ids": true, "type": "sha256", "uuid": "abe75768-0ba0-44df-b9c3-35382b4d9c26", "value": "554f321ae60a21f62438b4331cf3453d83f6334b58893e0865feaa1e1db8718f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805320", "to_ids": true, "type": "ssdeep", "uuid": "488e4fb4-3d7f-4342-9cd2-2691b22ddd0e", "value": "12288:5uN9C4SsGhGEzlT9EDJiq0ojkyBXXKd8rEntfAxc76lsdJHA5+Lc1Y:kLqlbQ4qZXpqtIxcelsdJ/cu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805320", "to_ids": false, "type": "size-in-bytes", "uuid": "9ce196e3-631e-4fbd-a76a-06e85bd816be", "value": "643216" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805320", "to_ids": true, "type": "vhash", "uuid": "97e371c9-1114-485c-a6d4-527623685098", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805320", "to_ids": true, "type": "filename", "uuid": "a7428c03-a246-4a93-b33d-40104129ea18", "value": "87a1479681da5e244d052c130c1e3a0c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805320", "to_ids": false, "type": "text", "uuid": "b0ef167b-3a3b-4f11-94ee-46878e4e3083", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859784", "uuid": "bd3f3ba5-ffbe-439a-9d9d-932ac1612d59", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859784", "to_ids": true, "type": "md5", "uuid": "09047b01-c91a-4097-84fc-5c2fe09bd8d7", "value": "54af761f70fee835ae84415bf486196a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859784", "to_ids": true, "type": "sha1", "uuid": "e0607053-2cbf-4a74-a1fa-c3ef27dda1d9", "value": "440777725fe8f6b6536b97bf6af48a02f9b35bb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859784", "to_ids": true, "type": "sha256", "uuid": "e9cd14db-c39f-4572-803c-afb73c82af8c", "value": "43eb10a885897e8575aff9f9176a994ca3aafcac87cc3b86f5f37d2e5037fdb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805341", "to_ids": true, "type": "ssdeep", "uuid": "3635db97-d529-469e-bfda-e96a31584fc9", "value": "12288:9yT9Pgxtt9n6flB6tnccHgZWX2dvnKd+2O3phtHqgqB15vHsIFNDeyjX0oIj2iN5:A5gCqdXgj2mtKgy15vHXNFX8/1UAjiWH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805341", "to_ids": false, "type": "size-in-bytes", "uuid": "cd4baa3c-4eb1-49da-8cfa-de8006e7e25f", "value": "901251" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805341", "to_ids": true, "type": "vhash", "uuid": "ed22597f-a250-4c81-8e44-5049341d3721", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805341", "to_ids": true, "type": "filename", "uuid": "ae8390ee-38bc-4b8b-bc1b-82951536420f", "value": "54af761f70fee835ae84415bf486196a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805341", "to_ids": false, "type": "text", "uuid": "319da084-b14e-4a76-b7e5-61a35abcdcf5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859785", "uuid": "7b41f364-386c-43c1-a95d-0f77c7344784", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859785", "to_ids": true, "type": "md5", "uuid": "5f0d3967-dd81-4469-8fa0-65fd015fdc5a", "value": "c4334b5a00ee68dcdcdc09faf2498ce8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859785", "to_ids": true, "type": "sha1", "uuid": "4931f917-4fe7-4ec0-8f71-f2d614d7630f", "value": "1bfb020cf6f137ac26c8e9de528e2d7b849266a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859785", "to_ids": true, "type": "sha256", "uuid": "3894bb8a-eaea-4662-b039-39253d8dc14b", "value": "5e0940ee8948a8b10e756423feb7d5c781079c29d6ae773db8439f3f390cd793", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805363", "to_ids": true, "type": "ssdeep", "uuid": "4b46b6e5-ab9b-4dd9-9e66-9aa19d206312", "value": "12288:9xZblN2Ca1pBhJREtZ45ZPhLzGZ3Z3sh5KBMLwsW+gN7b9v3Fr6yJriO:R7UpEb43PhLziZ3wIB4gN79X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805363", "to_ids": false, "type": "size-in-bytes", "uuid": "7cbf8835-c43c-408f-a9af-cd3ac9d8af64", "value": "671173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805363", "to_ids": true, "type": "vhash", "uuid": "b0a5b91e-77fa-4e31-a8fd-1a7ff61be0ea", "value": "aab393d915150cfeb358d1ed48a2b382" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805363", "to_ids": true, "type": "filename", "uuid": "8497144a-3ac8-4b22-8c79-7ada6ebad248", "value": "c4334b5a00ee68dcdcdc09faf2498ce8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805363", "to_ids": false, "type": "text", "uuid": "b96e4f91-e418-43b6-9bdd-cd39e2dffbf0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Mlasdl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859787", "uuid": "4de80fe1-5bca-41bd-8ebc-9047bd56d643", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859786", "to_ids": true, "type": "md5", "uuid": "6bf869a1-4e85-4d3a-a482-bf9adb3cc79b", "value": "66e2e0f4bdffd4fac75e03803866cc31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859786", "to_ids": true, "type": "sha1", "uuid": "8c230309-1924-4796-ba4a-2da1e0312b09", "value": "21717a490c25815224fac764f28ca8d4db68eae6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859787", "to_ids": true, "type": "sha256", "uuid": "ef550b90-2441-44b6-81bc-307dd6b4f46e", "value": "3801ec44cf043762b8c443b73011d228e92299e7c3392b1d182f77833118d957", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805384", "to_ids": true, "type": "ssdeep", "uuid": "4b3ba775-9828-4b7a-8760-fd916241219b", "value": "12288:fyT9Pgxtt9n6flB6tnccHgZWX2dvnKddiuMNBFu3kzZMffG2lLW+8:q5gCqdXgCiuMNBFu3QZyOKWL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805384", "to_ids": false, "type": "size-in-bytes", "uuid": "69df98a0-0a79-49d3-b1f9-3f2f8a41183f", "value": "644560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805384", "to_ids": true, "type": "vhash", "uuid": "30e65373-00e1-45b9-ad5c-b653b5283568", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805384", "to_ids": true, "type": "filename", "uuid": "28128950-2fef-4a7d-9759-03ce51606345", "value": "66e2e0f4bdffd4fac75e03803866cc31.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805384", "to_ids": false, "type": "text", "uuid": "ab8ef303-bc28-4bfb-b33e-c004bcc6ec1d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859788", "uuid": "54f5dac4-0558-4f3f-813b-c35e6979f51d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859787", "to_ids": true, "type": "md5", "uuid": "57a3d497-de0c-4d26-a0bf-8bb6b305d633", "value": "f0173e83ef69c633464c7397101f3bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859788", "to_ids": true, "type": "sha1", "uuid": "7a541926-c6c5-40d6-8a0a-077cadccf6ff", "value": "0148d3706e9a81df8ac2712abaf030bd8227ef6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859788", "to_ids": true, "type": "sha256", "uuid": "d3699c64-3df0-443e-8e5c-17f44385222d", "value": "9f257e4d8c2f4bd1312918eea0b56d6adf8836de897a167e2a6378120bd9bcc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805405", "to_ids": true, "type": "ssdeep", "uuid": "eeb79a8a-25df-4278-a9e7-afdccb30f431", "value": "12288:ifBzlIEXAJe6ANXYC3HAA+9xCDlwKd7LhaUq4pASn5ET6qv6esFakicJKjboRLUE:ifqQ60IWxKIhhq4fCLafiP/bFqYg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805405", "to_ids": false, "type": "size-in-bytes", "uuid": "ab6712c6-f6cf-491b-a245-06ce37ebec1d", "value": "826829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805405", "to_ids": true, "type": "vhash", "uuid": "0b196695-078b-4c6f-aff6-82a7ea831798", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805405", "to_ids": true, "type": "filename", "uuid": "52bb5c94-356e-4382-9e8a-eebee62404a3", "value": "f0173e83ef69c633464c7397101f3bf9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805405", "to_ids": false, "type": "text", "uuid": "4277e383-4c70-4854-ba7d-233a102a2230", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859789", "uuid": "87a6f4db-4784-4bf1-8212-de173ad1d0fa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859789", "to_ids": true, "type": "md5", "uuid": "7f8fdd29-76aa-47de-8a29-fadfa84730d3", "value": "bedd1b45bc85d2776430e4ce25a445ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859789", "to_ids": true, "type": "sha1", "uuid": "da8309b2-cc12-43c6-b731-0fbd692a5124", "value": "f14129e89bd2290fc75b1b8c6560dd1e9863221a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859789", "to_ids": true, "type": "sha256", "uuid": "752635d3-1510-4bf8-966c-4d9e4e3efd29", "value": "13e67abcdcff6fefee102b80e924f2ce6db9b3680f86f66529988a2170eec99b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805427", "to_ids": true, "type": "ssdeep", "uuid": "ba39a7c8-2e90-4053-96de-dfdc0653493f", "value": "12288:EyT9Pgxtt9n6flB6tnccHgZWX2dvnKdojgDITkkuO0pYKC4xQYoLEbT:H5gCqdXgPE20e14eYMEn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805427", "to_ids": false, "type": "size-in-bytes", "uuid": "26a3f4ca-9f19-4bf6-b845-ee13e9d60dee", "value": "644562" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805427", "to_ids": true, "type": "vhash", "uuid": "5e5f55c2-7fb7-478e-9fe5-0ce1054660de", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805427", "to_ids": true, "type": "filename", "uuid": "ba610ea2-27b4-4b4e-a342-056b01e25ad0", "value": "bedd1b45bc85d2776430e4ce25a445ef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805427", "to_ids": false, "type": "text", "uuid": "ac8dbbb0-c181-4987-862f-3202adb3fe04", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859790", "uuid": "7e0a0fc8-c50e-4e79-9c62-715b22847cd3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859790", "to_ids": true, "type": "md5", "uuid": "0f794586-aa18-4a89-8818-f85db56e10cf", "value": "77a2c5ffefb87f84e5b27ccee1389565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859790", "to_ids": true, "type": "sha1", "uuid": "63f6b1bc-f6d4-4d9b-8c20-fee479d5e5b7", "value": "62a17f2b9876ff585846a49d5b701242b31bbd15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859790", "to_ids": true, "type": "sha256", "uuid": "6938bc8e-2ac6-4442-a4fa-6bdc83e3dfff", "value": "e9c0ef628e083bd059b63d2a1a61a10d1a8eed27137aceb937161705c9a4b967", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805448", "to_ids": true, "type": "ssdeep", "uuid": "f514f20e-e8b6-423e-8b1f-3c84611cfb6c", "value": "12288:ZfBzlIEXAJe6ANXYC3HAA+9xCDlwKd+Lt9G3UNJ5YnyyzN2oC1ajHoRLqUbR4j:ZfqQ60IWxKxtrNJ6nD2o5jHUc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805448", "to_ids": false, "type": "size-in-bytes", "uuid": "23cac7d0-e29c-4a69-8dbf-df8f3362685f", "value": "826827" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805448", "to_ids": true, "type": "vhash", "uuid": "b6683abe-d39b-4226-bdb6-240cdd22e01c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805448", "to_ids": true, "type": "filename", "uuid": "bab25eb1-25f8-439e-8874-b6129aa12f14", "value": "77a2c5ffefb87f84e5b27ccee1389565.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805448", "to_ids": false, "type": "text", "uuid": "e2348909-c1fd-402d-bd62-564014046f2b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859791", "uuid": "4f8693c2-dac5-4a88-9c78-b0674f4f9b18", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859791", "to_ids": true, "type": "md5", "uuid": "ac70fd18-a6cd-4bc6-a816-ff561c77b843", "value": "91121edc5ccbdf2311de426df8c47e1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859791", "to_ids": true, "type": "sha1", "uuid": "26f0934e-65cf-461d-af3f-50a170c13cea", "value": "1da204fd7e3ea676cbe12d38fc6949b111aad433", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859791", "to_ids": true, "type": "sha256", "uuid": "ac58b022-a047-4931-ba25-f63bb250c058", "value": "7c05edd8458b71e9750e2b519ee2bcccc461eb924a31a4799d316163cb9ddfcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805469", "to_ids": true, "type": "ssdeep", "uuid": "0c91cfb5-4f1e-4717-931d-5b91d3cda40a", "value": "12288:ayT9Pgxtt9n6flB6tnccHgZWX2dvnKdEO9DglAAK1o9gOGyjX0oIj2iNz1fyphi/:t5gCqdXgW6lAygOhX8/1UAjjYO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805469", "to_ids": false, "type": "size-in-bytes", "uuid": "15fd0bb1-2a89-41f9-85bc-e41ee7c73e42", "value": "901251" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805469", "to_ids": true, "type": "vhash", "uuid": "8bdc124f-7a3a-478e-b10b-c7902c646a59", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805469", "to_ids": true, "type": "filename", "uuid": "cd18829e-1ab9-4743-af52-ef615bac3225", "value": "91121edc5ccbdf2311de426df8c47e1e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805469", "to_ids": false, "type": "text", "uuid": "8172cfc0-242d-42a9-b69f-59d1334f0ab1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859792", "uuid": "aaa7b4d9-f312-4642-b3a7-7359f0505b81", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859792", "to_ids": true, "type": "md5", "uuid": "61511e99-74ef-4d91-b9e6-f4b0b4842371", "value": "a2ec563bf7fa6ebd251e5a826e13a15b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859792", "to_ids": true, "type": "sha1", "uuid": "a5b12a7b-fc18-4ed6-911b-3db84607e5f0", "value": "c786a0c3d8b948355efce786044b4c6849296683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859792", "to_ids": true, "type": "sha256", "uuid": "fbb9c9b8-8d3f-4912-aaf1-19677e14e43d", "value": "bac1bc2f4fb617f452f7bfd07d607c16fce39f0f32838786f43d0459107ca84b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805490", "to_ids": true, "type": "ssdeep", "uuid": "d3718ab6-8a57-40e0-b472-2522f6b7f890", "value": "12288:MyT9Pgxtt9n6flB6tnccHgZWX2dvnKdPLik+gIgbyjX0oIj2iNz1fyphijXLQNA:P5gCqdXgFk+g7yX8/1UAjbQO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805490", "to_ids": false, "type": "size-in-bytes", "uuid": "720309f6-1681-4252-a853-cbdfde7d41e5", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805490", "to_ids": true, "type": "vhash", "uuid": "4c85e5e6-7894-488a-b06b-a87d0edc8c63", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805491", "to_ids": true, "type": "filename", "uuid": "388fb55b-7a3a-4762-96d1-f1cf486d3c86", "value": "a2ec563bf7fa6ebd251e5a826e13a15b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805491", "to_ids": false, "type": "text", "uuid": "ca33b073-bade-4af5-abec-2ce307283f29", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859793", "uuid": "d6549931-9607-4557-8f9b-c769dfe6823f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859793", "to_ids": true, "type": "md5", "uuid": "3582a1c1-93d6-4d20-bb41-79cb0ff32e10", "value": "49d09ebeb890d11baf655265441d876f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859793", "to_ids": true, "type": "sha1", "uuid": "64d9a0ca-7174-4aa4-91b9-b9802b772e48", "value": "30956798391f50db7d1780726f2180ef927df33b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859793", "to_ids": true, "type": "sha256", "uuid": "5ef5a093-2ee9-4f1d-a5c9-083a6631429f", "value": "6ac9c5e52c286bd85689c189d3265a855cc709117ce324217fcfb1532dd06726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805512", "to_ids": true, "type": "ssdeep", "uuid": "6e033a4b-7e64-4675-858d-9ce14f872242", "value": "12288:iN9C4SsGhGEzlT9EDJiq0ojkyBXXKdcxknxc76sBaEy6IqyAF0NLqQz:iLqlbQ4qZXpxUxcesBaEBj2qe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805512", "to_ids": false, "type": "size-in-bytes", "uuid": "41cf93b1-ca01-478b-85cb-1cda2eb383cd", "value": "643217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805512", "to_ids": true, "type": "vhash", "uuid": "d81a9d38-696e-4162-ac38-396ad9b77056", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805512", "to_ids": true, "type": "filename", "uuid": "f6ad30b4-66d5-49f4-aec6-a3ad49354c0e", "value": "49d09ebeb890d11baf655265441d876f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805512", "to_ids": false, "type": "text", "uuid": "a9648d12-aa6b-47a8-a09e-45e35e921840", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859795", "uuid": "74ecdfa6-504b-4ab3-a7ce-3a187f3b9fb5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859794", "to_ids": true, "type": "md5", "uuid": "373f9b66-b99b-4a42-b972-891f7790934c", "value": "23db0fa8f668e9768634b1d75a55c2fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859794", "to_ids": true, "type": "sha1", "uuid": "4fbe1af0-77f9-49be-9f82-ac2abfe10865", "value": "573694de1b67c6b6b830bc1e59c9e89a8a429286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859795", "to_ids": true, "type": "sha256", "uuid": "6a61d916-7030-4c7e-bdda-fa60ad5d1a7d", "value": "cdb0b0f011752b65733886e9bb2d710a305012b8fd1203d1c7442b4958a422e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805533", "to_ids": true, "type": "ssdeep", "uuid": "ffd7f6a5-bbd2-4868-a49a-2e46ac94930e", "value": "12288:DKyT9Pgxtt9n6flB6tnccHgZWX2dvnKdFxT7JZbVIUk32c9g5mYCuKyjX0oIj2i2:55gCqdXgYxPDZu3z9j1OX8/1UAj3Up" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805533", "to_ids": false, "type": "size-in-bytes", "uuid": "4b4891fc-62c5-4574-9ebe-93f1bc86c445", "value": "901256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805533", "to_ids": true, "type": "vhash", "uuid": "92674543-2585-40c1-b2f3-a6e05353b10a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805533", "to_ids": true, "type": "filename", "uuid": "76807f24-1d9e-43c9-b868-e72ee2237787", "value": "23db0fa8f668e9768634b1d75a55c2fa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805533", "to_ids": false, "type": "text", "uuid": "a62ec647-8c0f-4f6f-8c42-c77ed98ea4c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859796", "uuid": "14a0cdd6-06b4-4db9-ba8e-b43d12da1e29", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859796", "to_ids": true, "type": "md5", "uuid": "30bdbccb-2c92-4066-8fc7-f951ae503865", "value": "ceb86628fd343895aad1ca38ab455f83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859796", "to_ids": true, "type": "sha1", "uuid": "c37e914c-9cac-4727-84c9-f4af8e2ae502", "value": "18c5b08098dc89d0289b6de5d48f10e7a59c421f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859796", "to_ids": true, "type": "sha256", "uuid": "5d12bcfa-4e76-4943-9f9a-dc8f679fbdae", "value": "c0488857baab3f7964c873a0641f2303cb4d6059960bdaf66ed3619efd3ba341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805554", "to_ids": true, "type": "ssdeep", "uuid": "e4debc9b-0e1c-4560-ae39-01db5645495f", "value": "12288:3/yT9Pgxtt9n6flB6tnccHgZWX2dvnKdFOKi6d7Qa/kyjX0oIj2iNz1fyphijpL/:3K5gCqdXgcOKA6X8/1UAj5SuV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805554", "to_ids": false, "type": "size-in-bytes", "uuid": "de830c17-a564-4486-8305-4c21f8355fb1", "value": "901253" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805554", "to_ids": true, "type": "vhash", "uuid": "9d7d6f05-ee69-4e59-8aac-721ff90de633", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805554", "to_ids": true, "type": "filename", "uuid": "8118fb67-e0e4-4cf8-8e89-55ee6d2bc0e3", "value": "ceb86628fd343895aad1ca38ab455f83.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805554", "to_ids": false, "type": "text", "uuid": "94913a6e-266d-43cd-b42c-688ea5607713", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859797", "uuid": "639675b8-b669-450d-958f-37a5e4bb43e0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859797", "to_ids": true, "type": "md5", "uuid": "7735ede5-7439-4850-bcf9-a51017f2d8c1", "value": "f2e11fd7d13f3b6317fca1972d934766", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859797", "to_ids": true, "type": "sha1", "uuid": "757c63eb-0bd8-4454-9698-2377d99ea8ce", "value": "5ca705c564fc19bbde36de7442eb90555593cbf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859797", "to_ids": true, "type": "sha256", "uuid": "346ddcad-3093-410a-b213-4dcb1eb45e73", "value": "3cb4347e15bf1a867daeb55cb525b55174640c9b107d7348ade2455c26b50875", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805576", "to_ids": true, "type": "ssdeep", "uuid": "61151801-6797-400d-b80d-f30a182c4231", "value": "12288:GyT9Pgxtt9n6flB6tnccHgZWX2dvnKd1hTfpZ0SKVilkVyjX0oIj2iNz1fyphij5:x5gCqdXgUhTfpZ0ulRX8/1UAjH8c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805576", "to_ids": false, "type": "size-in-bytes", "uuid": "fa6bd3cb-681c-4c4b-a701-6c144bcec9a3", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805576", "to_ids": true, "type": "vhash", "uuid": "0129c69b-987d-4851-b038-c2d5f9702b0a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805576", "to_ids": true, "type": "filename", "uuid": "da39f982-f8d0-4717-8d2c-cea2f4d8b4f9", "value": "f2e11fd7d13f3b6317fca1972d934766.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805576", "to_ids": false, "type": "text", "uuid": "04f01159-bc79-4242-b8ad-175e6b56a547", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859798", "uuid": "3d74b74a-cd48-4fbd-9853-88dd30063056", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859798", "to_ids": true, "type": "md5", "uuid": "812fb35e-412c-4f63-b2df-0d0882d4b798", "value": "b58deab6e744ec4a48f5357b4173881d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859798", "to_ids": true, "type": "sha1", "uuid": "461a7726-71d8-4201-922c-b82e05a6eeb3", "value": "0eb4c90c5eaa7a2dd162dad524ac80b7155298ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859798", "to_ids": true, "type": "sha256", "uuid": "1ea27940-4347-4a78-9504-ab2710e4a4eb", "value": "cebd882828823cd10a71ff35d19d5debfc2674ff7c82836bde36d01eca5b3961", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805597", "to_ids": true, "type": "ssdeep", "uuid": "ba15c07f-7879-47d5-bbe5-6ea45fa82339", "value": "12288:nyT9Pgxtt9n6flB6tnccHgZWX2dvnKdbrNlE23mJ1o1JZ/BVtFfEuyjX0oIj2iNW:y5gCqdXgeZlE23mJKhBhfEX8/1UAjwWu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805597", "to_ids": false, "type": "size-in-bytes", "uuid": "6e664cca-476e-4b8b-9f9c-7027bb84de5f", "value": "901250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805597", "to_ids": true, "type": "vhash", "uuid": "f2a57cca-82ba-4c7d-8837-0673c5bd9b39", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805597", "to_ids": true, "type": "filename", "uuid": "fd75b2db-f09f-4b8b-86a7-5e6bfc1aaf5e", "value": "b58deab6e744ec4a48f5357b4173881d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805597", "to_ids": false, "type": "text", "uuid": "1b735eff-9468-4061-88db-4c5faad225ec", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859799", "uuid": "3523772e-dbbb-470a-bd65-ef5b49f2f10b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859799", "to_ids": true, "type": "md5", "uuid": "190438d4-6344-43b6-bdb4-95e9b6f5dd4e", "value": "251b60f8f61e6a6da2161cdb403c08dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859799", "to_ids": true, "type": "sha1", "uuid": "64b0006a-4645-4cb2-b3ac-523d411eb18f", "value": "f93a527f00f5168022dc37d0369ee22b644caf13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859799", "to_ids": true, "type": "sha256", "uuid": "0b0767fc-0bf2-43b4-a1fe-2e1389eb28c2", "value": "08ba23a456765a1217934ca76e034f0bf7d361977cdba504e8c739da8413a292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805618", "to_ids": true, "type": "ssdeep", "uuid": "2254f42d-fd36-4e2a-bb86-c5ce90bc76df", "value": "12288:AyT9Pgxtt9n6flB6tnccHgZWX2dvnKdNhTfpZ0SKVilkWyjX0oIj2iNz1fyphijM:r5gCqdXgMhTfpZ0ul4X8/1UAjgC4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805618", "to_ids": false, "type": "size-in-bytes", "uuid": "3fa2043d-8958-408d-b38e-1c8933040770", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805618", "to_ids": true, "type": "vhash", "uuid": "c547e768-1e15-4abe-8521-18da3cff556f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805618", "to_ids": true, "type": "filename", "uuid": "acdb060d-b7d0-4d8a-9224-eac057007729", "value": "251b60f8f61e6a6da2161cdb403c08dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805618", "to_ids": false, "type": "text", "uuid": "fdf7e17b-4c5b-4db9-bb00-3014e249c862", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859801", "uuid": "f1c90e09-9773-46b0-8705-5ab129170364", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859800", "to_ids": true, "type": "md5", "uuid": "96dca6c3-bcd2-4732-97e6-a91d5eb9951f", "value": "efc391ac8eeec42bbe3b4a29920dac11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859800", "to_ids": true, "type": "sha1", "uuid": "75e965ea-e7df-48bc-8884-b56c0696c2da", "value": "5216af5348dea834b8b771afd4bac9b76923cbcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859801", "to_ids": true, "type": "sha256", "uuid": "2c8d8ea8-0d3d-4d0f-9c5f-445ab4bfccef", "value": "8b2cd45163a7673d383494c34bd0eaf290ac0aec25592d538223533d895374b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805640", "to_ids": true, "type": "ssdeep", "uuid": "0adcc3b7-3add-47e7-8775-cb3a573bfbed", "value": "12288:iyT9Pgxtt9n6flB6tnccHgZWX2dvnKd3gGs+OvTPg5iv6LZHw66yjX0oIj2iNz1w:V5gCqdXg7vrgov69bdX8/1UAj6eo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805640", "to_ids": false, "type": "size-in-bytes", "uuid": "278fbee9-e21b-4f8c-80ad-05257df6ad10", "value": "901248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805640", "to_ids": true, "type": "vhash", "uuid": "fc217270-ca68-465e-96e5-4d9b86640d62", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805640", "to_ids": true, "type": "filename", "uuid": "2319bce4-9562-4eff-a0c0-57bd567ef081", "value": "efc391ac8eeec42bbe3b4a29920dac11.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805640", "to_ids": false, "type": "text", "uuid": "527e13aa-c985-4ea5-bce5-261992560163", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859802", "uuid": "f5f519d2-2268-4e3b-a873-c17cfd3014b4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859801", "to_ids": true, "type": "md5", "uuid": "deb03c99-9311-4784-b97d-1a84ce3c97cd", "value": "456417ea583a5290d463cd80bfaa2ea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859802", "to_ids": true, "type": "sha1", "uuid": "94c56a72-11b2-4f14-b907-92e971eee94e", "value": "56f830e46de2d74733833b490eca7f2c60dbc6c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859802", "to_ids": true, "type": "sha256", "uuid": "47eb4bbd-3d51-49a7-91a8-00a24db6368f", "value": "ee1308ccd5c79dd64a468ac8e1cf31a4ca3e6ff9edb1642356726bee2c2647e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805661", "to_ids": true, "type": "ssdeep", "uuid": "3c96b990-bdad-4777-9a23-c3f3caf24ad7", "value": "12288:EyT9Pgxtt9n6flB6tnccHgZWX2dvnKdZp+Mwj65L5UZsLb1ZyjX0oIj2iNz1fyp4:H5gCqdXgtMwj6Z50sLb1MX8/1UAj4Sf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805661", "to_ids": false, "type": "size-in-bytes", "uuid": "a173ac1a-be4a-4190-a320-1cbc24010ec4", "value": "901248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805661", "to_ids": true, "type": "vhash", "uuid": "64e75ddc-8298-4db3-bbf1-533c4539954f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805661", "to_ids": true, "type": "filename", "uuid": "7fa3bfcf-eaba-4bc0-97cb-57bda630f166", "value": "456417ea583a5290d463cd80bfaa2ea1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805661", "to_ids": false, "type": "text", "uuid": "f7db0bf4-9ea3-4d43-8f10-505f9708eea8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859803", "uuid": "33d43b99-8471-4527-85ae-b34da0668a6a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859803", "to_ids": true, "type": "md5", "uuid": "a0ad1c46-4263-4029-b6c2-db61b49f775d", "value": "ec1788a74b78c30d8ca2f13c62d47b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859803", "to_ids": true, "type": "sha1", "uuid": "35bb2f36-32d1-465a-86fc-01ae1d85d76c", "value": "baef09335afb61c134b35359f15bd88dc1acea87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859803", "to_ids": true, "type": "sha256", "uuid": "2b7031e4-bf51-4bb4-8109-2173f0598ba0", "value": "7dbf984be8bffbc51799d393e24bdac7399263ad8cad7e56bdea2e4a96540c03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805682", "to_ids": true, "type": "ssdeep", "uuid": "4e861c27-e4b1-4413-9649-4b2372f891c3", "value": "12288:9yT9Pgxtt9n6flB6tnccHgZWX2dvnKdchTfpZ0SKVilkRyjX0oIj2iNz1fyphijb:A5gCqdXghhTfpZ0ulZX8/1UAj3Ei" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805682", "to_ids": false, "type": "size-in-bytes", "uuid": "354a07f9-cad1-4121-aec5-7eb416ad4bfe", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805682", "to_ids": true, "type": "vhash", "uuid": "47f2daa0-557b-4f71-a689-c796aa6daedd", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805682", "to_ids": true, "type": "filename", "uuid": "549a5644-daa9-457c-854a-3d67332d4133", "value": "ec1788a74b78c30d8ca2f13c62d47b00.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805682", "to_ids": false, "type": "text", "uuid": "bf527731-531d-47ec-8819-71c074624957", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859804", "uuid": "ce91321e-11fd-4249-9b6c-afd25d98bb72", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859804", "to_ids": true, "type": "md5", "uuid": "0ef2404d-54cd-4aff-9c86-bc5f5f8feebc", "value": "afcfd0f1f8ba6a3ed8449f07c768aa47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859804", "to_ids": true, "type": "sha1", "uuid": "e3913d10-7ec1-4885-8e1e-00dcfd9f32f2", "value": "7dd50d88b015b3c8cc10a8ee3b8c4d6eb9dec876", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859804", "to_ids": true, "type": "sha256", "uuid": "37ca9bad-be21-4bd5-84a3-ee3aea44aabc", "value": "8b626a3246e673bbeba36302d94f1d3d4bef727895ea2bb764a39cfdf2aca6fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805703", "to_ids": true, "type": "ssdeep", "uuid": "949b04fc-9c8e-493f-ae73-86bf16e5608d", "value": "12288:jyT9Pgxtt9n6flB6tnccHgZWX2dvnKdohTfpZ0SKVilkVyjX0oIj2iNz1fyphijp:G5gCqdXglhTfpZ0ul9X8/1UAjD26" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805703", "to_ids": false, "type": "size-in-bytes", "uuid": "14cf3230-6bf6-4b36-97cf-472898b668ef", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805703", "to_ids": true, "type": "vhash", "uuid": "2440e2e0-cc85-4541-979f-ed73b007220c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805703", "to_ids": true, "type": "filename", "uuid": "7c770db7-ac6a-474f-822e-dfe858fd6208", "value": "afcfd0f1f8ba6a3ed8449f07c768aa47.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805703", "to_ids": false, "type": "text", "uuid": "886e6e8a-2224-4abd-ac61-8644f4410e70", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859805", "uuid": "1f7ae969-6e83-4566-aafd-c7ce832cd78e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859805", "to_ids": true, "type": "md5", "uuid": "b14461ff-075e-4848-b435-76d2ac22bd3f", "value": "cb06bf8a05c872c9b1f727c695f9c8a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859805", "to_ids": true, "type": "sha1", "uuid": "3f625d76-2402-4dfe-9cf3-51714ddf09c5", "value": "4d086e38fca7fa1146408a9532809fc9db3022ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859805", "to_ids": true, "type": "sha256", "uuid": "bf324ec4-538e-474d-8dd2-d9eb8b85932c", "value": "574df1b78f901adceeb135ac0f4cd8b67cbff9c2204038f2585ae29db9bb1c41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805725", "to_ids": true, "type": "ssdeep", "uuid": "739b2f45-c678-40b4-93d6-aec8e8f19e50", "value": "12288:oyT9Pgxtt9n6flB6tnccHgZWX2dvnKdYrNlE23mJ1o1JZ/BVtFfEjyjX0oIj2iN/:T5gCqdXg5ZlE23mJKhBhfrX8/1UAj58U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805725", "to_ids": false, "type": "size-in-bytes", "uuid": "1d1f02b3-959c-4a55-b8da-cd01de345a0b", "value": "901250" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805725", "to_ids": true, "type": "vhash", "uuid": "7aced85a-8464-4ad1-9199-5d390a808eac", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805725", "to_ids": true, "type": "filename", "uuid": "c1431aee-9f2d-42d6-8721-5e7b2e8b7ec6", "value": "cb06bf8a05c872c9b1f727c695f9c8a7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805725", "to_ids": false, "type": "text", "uuid": "b834f66c-f4ea-4154-93be-a5a2b1fd22bd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859807", "uuid": "09cbd23a-4c96-4ea1-9677-355ac145f23d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859806", "to_ids": true, "type": "md5", "uuid": "e1388e96-8cb3-4ecb-bee2-848787d6194a", "value": "64410880efd033212254e12c46630c8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859806", "to_ids": true, "type": "sha1", "uuid": "39290afd-42f3-43b2-92a4-9b4d96ad21d1", "value": "9b3bb7353cb1b6ae986d0ec4fa4ad382275d1b6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859807", "to_ids": true, "type": "sha256", "uuid": "b0e580ad-6e3d-43fa-8a50-5a439029332b", "value": "b0ad3d6c2d9215888f06a947c1823eec4c2762e45605afba7f1bdda7bc389257", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805746", "to_ids": true, "type": "ssdeep", "uuid": "702df38d-ea48-4622-908d-8081a513b60e", "value": "12288:dyT9Pgxtt9n6flB6tnccHgZWX2dvnKdLqVHCfBqTHnNCFyjX0oIj2iNz1fyphijN:g5gCqdXgZifSHn4AX8/1UAjUKN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805746", "to_ids": false, "type": "size-in-bytes", "uuid": "ecd05183-e297-4a39-8aae-a31598efb3f3", "value": "901265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805746", "to_ids": true, "type": "vhash", "uuid": "a2a71c5e-8e73-4c85-8f0c-0e7fd667825c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805746", "to_ids": true, "type": "filename", "uuid": "e0913655-7283-4f6c-b411-e3640a52d0a6", "value": "64410880efd033212254e12c46630c8a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805746", "to_ids": false, "type": "text", "uuid": "a8cc3244-c26c-437c-acef-65f23f5bdca0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:23/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859808", "uuid": "312f2eef-b430-49bd-b0d3-af5df3b52d09", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859807", "to_ids": true, "type": "md5", "uuid": "c566469b-b088-4786-8da6-118ca926542f", "value": "0b867aed8c3a6f2d34e758f02c07abe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859808", "to_ids": true, "type": "sha1", "uuid": "a35271b3-0aed-4382-8d22-e4cb43f78c46", "value": "93955ff5d71e4964da3e22a1e039119bfefbd06b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859808", "to_ids": true, "type": "sha256", "uuid": "6aa2715b-425d-4aff-a500-a2587a396326", "value": "c13b7aeeca4ddb353b245030de99a9f06952a78647b8a6e656fca92a8027111a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805767", "to_ids": true, "type": "ssdeep", "uuid": "a36125bf-0e37-4c12-8025-3297935de383", "value": "12288:oyT9Pgxtt9n6flB6tnccHgZWX2dvnKdQqVHCfBqTHnNCeyjX0oIj2iNz1fyphijC:T5gCqdXgeifSHn4ZX8/1UAjbID" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805767", "to_ids": false, "type": "size-in-bytes", "uuid": "7f0967c8-d28a-48a7-b036-22e981583de2", "value": "901265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805767", "to_ids": true, "type": "vhash", "uuid": "dc547089-7bc1-4f5a-b05c-5dee19fe5ca6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805768", "to_ids": true, "type": "filename", "uuid": "33365222-6a5f-4999-b1e9-09dc9fd2ff53", "value": "0b867aed8c3a6f2d34e758f02c07abe9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805768", "to_ids": false, "type": "text", "uuid": "2020fa74-d1a8-4dab-aac3-20681bb8a96e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859809", "uuid": "0d7fc9bc-00a0-49b1-94d7-05a7bfe048f7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859809", "to_ids": true, "type": "md5", "uuid": "92057c75-5aad-4f9b-beb9-11f0f61f8549", "value": "ae50abb67802204d3e80b0b7fad11ecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859809", "to_ids": true, "type": "sha1", "uuid": "43917d77-82f5-4774-b5b4-f616c7f1e947", "value": "a807a0ab709871bfe06b3e337e5dc9e83674d232", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859809", "to_ids": true, "type": "sha256", "uuid": "034f4cfb-d15b-415f-9c3d-f1ea3a4e1d8d", "value": "7e9097b242561c4bbc11dea1c1c115c916e97f41fe34fd7c75c18e75c6a99e74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805789", "to_ids": true, "type": "ssdeep", "uuid": "3a0172db-c444-4803-9908-0f42530881f3", "value": "12288:dUyT9Pgxtt9n6flB6tnccHgZWX2dvnKdzm4L/zMHOO7pCTUyyjX0oIj2iNz1fypz:d35gCqdXgMm47zjONrX8/1UAjfUZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805789", "to_ids": false, "type": "size-in-bytes", "uuid": "df37eabc-4cc0-4354-9241-9ac22ad2b89c", "value": "901265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805789", "to_ids": true, "type": "vhash", "uuid": "756d1f9b-53a3-4f1a-aadc-23178040cc21", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805789", "to_ids": true, "type": "filename", "uuid": "5a16dcaf-c3fc-4346-8c47-2d524c4d25cc", "value": "ae50abb67802204d3e80b0b7fad11ecb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805789", "to_ids": false, "type": "text", "uuid": "f9a57f08-5abb-43e9-bb8b-498e5723831b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859810", "uuid": "ae664e3f-4f71-4c14-82e6-0302e0b92570", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859810", "to_ids": true, "type": "md5", "uuid": "e5f9d1d3-bbca-41e1-b098-7adda5e08ce9", "value": "a2e99b11ccc77e152fc5df361103a370", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859810", "to_ids": true, "type": "sha1", "uuid": "06e761eb-dd85-4529-a0c3-4979300b3a1c", "value": "f8aea398bd66be254ccb72f10c872eefd8d58dc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859810", "to_ids": true, "type": "sha256", "uuid": "af38e128-9ff4-40e6-945e-dea376e20e56", "value": "3db42aded3602e23175e084b8bcdf80472f992fef83702a4ca579f03223e5d4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805810", "to_ids": true, "type": "ssdeep", "uuid": "74dc7693-8421-4812-aeb8-b3c53471e286", "value": "12288:JyT9Pgxtt9n6flB6tnccHgZWX2dvnKd4hTfpZ0SKVilkVyjX0oIj2iNz1fyphijn:k5gCqdXgRhTfpZ0ul5X8/1UAjviM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805810", "to_ids": false, "type": "size-in-bytes", "uuid": "02fe5c7d-c998-4a1c-897f-bc09dd147994", "value": "901249" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805810", "to_ids": true, "type": "vhash", "uuid": "b209403e-d900-4ee0-9de1-adc96733e539", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805810", "to_ids": true, "type": "filename", "uuid": "b49dccb3-3bef-4229-b592-d5759305e357", "value": "a2e99b11ccc77e152fc5df361103a370.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805810", "to_ids": false, "type": "text", "uuid": "c304563a-de35-4d83-8bfe-75bd2f74d4dd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859811", "uuid": "0564a1c6-2ad0-4c98-a4fe-1e8ac0b592d6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859811", "to_ids": true, "type": "md5", "uuid": "d155e7ad-0747-4ae7-92a7-86c32b5513b5", "value": "19b1184374591d6d45dbe5274d573d71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859811", "to_ids": true, "type": "sha1", "uuid": "89b9726b-8633-46d3-9ea3-b3d33f1a1439", "value": "52fd86264619a214051407ea9653c60569e22b03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859811", "to_ids": true, "type": "sha256", "uuid": "f4ea0d4c-f07a-494b-a559-160489caf602", "value": "4c48a7bab99be281f22b67006372bf1c87ec10098985b9efd1754773c9e3ed68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805832", "to_ids": true, "type": "ssdeep", "uuid": "2e109e43-d246-4531-895b-cc0205a339d3", "value": "12288:7yT9Pgxtt9n6flB6tnccHgZWX2dvnKdUFRqZt7fzJs0yjX0oIj2iNz1fyphijfL+:e5gCqdXg9LqZtLabX8/1UAjjsv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805832", "to_ids": false, "type": "size-in-bytes", "uuid": "d6831a43-ef16-46cc-8f29-e73ae5236116", "value": "901320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805832", "to_ids": true, "type": "vhash", "uuid": "cbf28d8c-b2ad-4107-b84a-4268e9df91ae", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805832", "to_ids": true, "type": "filename", "uuid": "0efb30b5-62ec-4a67-861b-67368d0dc019", "value": "19b1184374591d6d45dbe5274d573d71.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805832", "to_ids": false, "type": "text", "uuid": "a9739ef8-4360-4466-940c-8263167b5cc7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859812", "uuid": "16917fbb-876d-42ed-8405-e4286641fe28", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859812", "to_ids": true, "type": "md5", "uuid": "5301e801-e55c-43ea-bb53-c38f336d701b", "value": "45b6d55b58ccd701adbdf2c20905af82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859812", "to_ids": true, "type": "sha1", "uuid": "0d279c61-34a2-4e94-9451-931c77546fa6", "value": "c248bcd40bf276312e6e2ab0ff11aac32dfff864", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859812", "to_ids": true, "type": "sha256", "uuid": "4040a2ab-5bfd-438c-b990-3385dba4e8fa", "value": "5beff5f0b60e8a67f8dd88b5d9d784c2e133f07a410f9d7b7b3b53bbd44f9b97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805853", "to_ids": true, "type": "ssdeep", "uuid": "dddda2e3-189b-4d88-9dd7-7b8ee907b4da", "value": "12288:IOyT9Pgxtt9n6flB6tnccHgZWX2dvnKdBXEKhHx/4JHBmTlyjX0oIj2iNz1fyphp:e5gCqdXguXDRwHBm8X8/1UAjjUB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805853", "to_ids": false, "type": "size-in-bytes", "uuid": "5d5f7342-698d-40c0-975e-3cb224e4826b", "value": "901256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805853", "to_ids": true, "type": "vhash", "uuid": "8f487509-4b7a-4ef4-9629-4df4a52701e4", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805853", "to_ids": true, "type": "filename", "uuid": "78b22720-fdbb-46a6-96ba-8b86c5ba46dd", "value": "45b6d55b58ccd701adbdf2c20905af82.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805853", "to_ids": false, "type": "text", "uuid": "9fcc38be-5eb4-49e6-a6ee-59d668b5074b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:31/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859814", "uuid": "315f77cb-f4ed-4c2a-a4f7-5513b909ad84", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859813", "to_ids": true, "type": "md5", "uuid": "7906308d-af2d-4b70-bd3e-50b9eb5abb31", "value": "bb208826040bc87faf1b6bc3f178cc19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859813", "to_ids": true, "type": "sha1", "uuid": "eaaf069e-a8d7-4fb4-89b9-b5dbb77cb264", "value": "ecf439cf0e77cedb2934e144fba54a0e1b208541", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859814", "to_ids": true, "type": "sha256", "uuid": "912d6ec3-ed2d-4169-8d6e-1e0f6a23dd04", "value": "840dd6421f3c3decfdea5fd963f0e4cd61b7fbf28c80fe2b78aef1a8d494a0cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805874", "to_ids": true, "type": "ssdeep", "uuid": "6ca5422e-3c15-4cca-a465-7e4b4ede0763", "value": "12288:uyT9Pgxtt9n6flB6tnccHgZWX2dvnKdygGs+OvTPg5iv6LZHw6NyjX0oIj2iNz1a:55gCqdXg6vrgov69bIX8/1UAj5Mn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805874", "to_ids": false, "type": "size-in-bytes", "uuid": "6202cf96-8b88-4b5f-a385-0a6a693a8fcd", "value": "901248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805874", "to_ids": true, "type": "vhash", "uuid": "522d0ddc-7848-4aa1-adc2-71c1c8430e66", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805874", "to_ids": true, "type": "filename", "uuid": "3d98aee6-b773-4712-9f00-755f5bacc6b4", "value": "bb208826040bc87faf1b6bc3f178cc19.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805874", "to_ids": false, "type": "text", "uuid": "2722ed92-53db-4d59-ae95-01465ad363eb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859815", "uuid": "0e9310ca-8b2c-4626-ac01-95b6921c618f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859814", "to_ids": true, "type": "md5", "uuid": "fafbc147-e10d-48af-a698-fcfd99b476ef", "value": "482e23bbd4ab452ad274eb343d626641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859815", "to_ids": true, "type": "sha1", "uuid": "18d5c513-9c3b-4335-8317-f5303ebb5f3c", "value": "1a3cf34cb593a649f8795437f4fc6dfe9a84eb90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859815", "to_ids": true, "type": "sha256", "uuid": "29697422-ce86-4068-b4b8-6e0c62bae45f", "value": "1b0d2f85acdcef3437081d667fe9759b86697602d04b9161bd6c586e9f539474", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805896", "to_ids": true, "type": "ssdeep", "uuid": "ae58eec5-ca6c-4166-a7cb-e5c463a8b2e5", "value": "12288:OyT9Pgxtt9n6flB6tnccHgZWX2dvnKd2qVHCfBqTHnNCoyjX0oIj2iNz1fyphijk:Z5gCqdXgYifSHn43X8/1UAj983" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805896", "to_ids": false, "type": "size-in-bytes", "uuid": "47d0f4a0-afc0-4f24-83fe-9b4cd4e36d69", "value": "901265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805896", "to_ids": true, "type": "vhash", "uuid": "b42d770f-9447-42ea-a7e4-7beb9157c92a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805896", "to_ids": true, "type": "filename", "uuid": "d66e76dc-7541-4e85-8ddf-5ed05d0a3355", "value": "482e23bbd4ab452ad274eb343d626641.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805896", "to_ids": false, "type": "text", "uuid": "54302df1-661b-4031-badd-ba58c311efca", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859816", "uuid": "eb7fd87d-fd21-4b95-888b-d5850c758054", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859816", "to_ids": true, "type": "md5", "uuid": "50348c0b-e7ab-411a-8746-dd07a982999b", "value": "1e8e2c028f16b653e35dacb7388900f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859816", "to_ids": true, "type": "sha1", "uuid": "bea931d1-4b33-4205-8e2f-4d59852d0095", "value": "09e3b207bad6dcb00ca39c14b6a93cf97d4a7070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859816", "to_ids": true, "type": "sha256", "uuid": "287f885c-f806-481b-b2d1-2a35e36493cd", "value": "2f1762e41691af574ee2bcbaf40db85a16764c8c4827aa6681f8db61e44c567e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805917", "to_ids": true, "type": "ssdeep", "uuid": "64e9ea76-d7e6-45d0-8fd7-08007cc69aaf", "value": "24576:HTiShA5Eitx5kHGY7VFgcFC3jq5Ef4IC4NvNmADW7zauHVZt3LZ9KY:HTxhA5Eitx5kHGY7VFgcFC3vX5Nv7W7L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805917", "to_ids": false, "type": "size-in-bytes", "uuid": "4d116511-43b4-445e-8515-ba88254f8f8d", "value": "986752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805917", "to_ids": true, "type": "vhash", "uuid": "4bf196a4-f938-4d5f-890c-23d93d24c447", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805917", "to_ids": true, "type": "filename", "uuid": "45eb7901-c17a-4977-9840-7297c4c7d35e", "value": "1e8e2c028f16b653e35dacb7388900f6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805917", "to_ids": false, "type": "text", "uuid": "f590b18b-3016-4f25-9b78-fb18efc4132d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859817", "uuid": "ebaf2d33-3691-497d-b9af-aaa7b2bde6a3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859817", "to_ids": true, "type": "md5", "uuid": "5b300db4-dbee-4669-9dd7-0d98bf736107", "value": "853d8e30dd578dc70335c5bb4efeac3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859817", "to_ids": true, "type": "sha1", "uuid": "7ffba967-6b29-4e9c-b74a-298ae07ba799", "value": "620384ff65f7ac2f4ff20dd0ef27baa669bb7828", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859817", "to_ids": true, "type": "sha256", "uuid": "b8f7d9f2-acb2-4d84-b954-966f80a2dbda", "value": "c3e1268560dd8851de94bde4bc08ade6ee863f5f93633c3bfbf9c0065ad64235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805938", "to_ids": true, "type": "ssdeep", "uuid": "909ce0cd-1764-4302-8f5c-9156ad13baed", "value": "12288:WN9C4SsGhGEzlT9EDJiq0ojkyBXXKdPxknxc76sBaEy6IqyAF09L2Ai:WLqlbQ4qZXyxUxcesBaEBjG2T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805938", "to_ids": false, "type": "size-in-bytes", "uuid": "d5863008-41e5-49d1-bd1b-e2e0b74a07e5", "value": "643217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805938", "to_ids": true, "type": "vhash", "uuid": "3fde40cf-c410-4682-8ff3-426314c0b904", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805938", "to_ids": true, "type": "filename", "uuid": "0d296be2-174b-4e70-9c3d-e8a257d61706", "value": "853d8e30dd578dc70335c5bb4efeac3b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805938", "to_ids": false, "type": "text", "uuid": "023f0ab1-90b3-4af1-a4f1-fee54c14f400", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859818", "uuid": "ca6d6c27-2202-47a8-abcd-9ffb837ffeb2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859818", "to_ids": true, "type": "md5", "uuid": "60affb0a-e6a3-4298-9da7-82c3d8660112", "value": "1a1eabfa8001d9037ee6e32a27d4c13c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859818", "to_ids": true, "type": "sha1", "uuid": "4444d4aa-cfa2-484b-9949-f7c66dfb414f", "value": "dff29972e74dc4114dd93540aa421f37223fe166", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859818", "to_ids": true, "type": "sha256", "uuid": "dff913e1-b459-4c00-b913-63f0b5d9e178", "value": "3321e7f17dd468a49a1ce5dde9d4804e89cdf9a6682b45dc2f86f58df12fdeed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805960", "to_ids": true, "type": "ssdeep", "uuid": "19868621-a9ea-45ed-b945-e61c7a8cf2c3", "value": "12288:iN9C4SsGhGEzlT9EDJiq0ojkyBXXKd2ICjFTP2h4jfEamdGofJJFLc7l:iLqlbQ4qZX9IWTP2up7ofJJlcZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805960", "to_ids": false, "type": "size-in-bytes", "uuid": "2c4ee2b0-115f-4529-ae67-de5475ee5ab0", "value": "642783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805960", "to_ids": true, "type": "vhash", "uuid": "a1cab122-69e5-41b2-a70a-52e59a1bbbf9", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805960", "to_ids": true, "type": "filename", "uuid": "52cb6437-36fd-47bb-af5c-8517ed709ac6", "value": "1a1eabfa8001d9037ee6e32a27d4c13c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805960", "to_ids": false, "type": "text", "uuid": "38a0ae20-caff-4ce3-90bd-478d024fd542", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859820", "uuid": "d69ea7d5-fc39-4740-baed-dfae12d134e7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859819", "to_ids": true, "type": "md5", "uuid": "5d407cc5-2f1b-4258-baa0-ac071ea62d63", "value": "2e3eb8d22066513cf1db31df5654c5b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859819", "to_ids": true, "type": "sha1", "uuid": "d7711fc5-d021-442d-99b4-a330aa62d8f6", "value": "0296e4c9015a869fb42db167a3b9fca4f842cef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859820", "to_ids": true, "type": "sha256", "uuid": "8944c4a1-561a-435f-96ff-1b23d4905420", "value": "2c57c14150ee28e6a34127cf0b4b070dd76d4b207fa787add01e84d30d50bdc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740805981", "to_ids": true, "type": "ssdeep", "uuid": "c87bd834-c040-4339-89b5-dd861dfcb568", "value": "12288:tN9C4SsGhGEzlT9EDJiq0ojkyBXXKdNFZbvxB95+Nr/SpyPOmlDfsLMR7:tLqlbQ4qZXCbn95Dfq8MJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740805981", "to_ids": false, "type": "size-in-bytes", "uuid": "e1d5f205-4e6e-4522-9b76-0ff8259c31cc", "value": "643217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740805981", "to_ids": true, "type": "vhash", "uuid": "e38e48af-7699-40eb-ac62-01918d45de0b", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740805981", "to_ids": true, "type": "filename", "uuid": "2e944af3-d707-4089-b13b-2171ca6e8e3d", "value": "2e3eb8d22066513cf1db31df5654c5b6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740805981", "to_ids": false, "type": "text", "uuid": "d65d7e71-c36b-4081-9dee-1eac269eb0e5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859821", "uuid": "3358ff62-f36c-44d4-a249-00239e0052a0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859820", "to_ids": true, "type": "md5", "uuid": "ab15eb62-f728-4cd3-b0af-3cb91e1bcfa1", "value": "e80a1d219c21856fc21d5b1839af6b69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859821", "to_ids": true, "type": "sha1", "uuid": "941ed7a5-7d69-455b-91b4-9d6eb5afa2e5", "value": "008135dbfea63c36b03a5691e3db8b8df5ffff3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859821", "to_ids": true, "type": "sha256", "uuid": "1ff0b156-8b15-4c7a-ae9d-23311859d035", "value": "53463669e8f7acbf66d459929c401512b4b8a533232536d5962d0ab3479b7740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806002", "to_ids": true, "type": "ssdeep", "uuid": "3b4b026d-e975-4ec7-8139-f05b69084a83", "value": "12288:wN9C4SsGhGEzlT9EDJiq0ojkyBXXKdAXNexc76wvzsYeAJh8FL8XC:wLqlbQ4qZXLMxce0n8l8S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806002", "to_ids": false, "type": "size-in-bytes", "uuid": "f263858a-56dc-4c9b-b190-5f4d9d57f8b9", "value": "643215" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806002", "to_ids": true, "type": "vhash", "uuid": "6b088e9d-640f-4af5-b8b5-a7acb97b2c42", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806002", "to_ids": true, "type": "filename", "uuid": "36c69cfe-1188-4114-bb12-277ae05c2f7d", "value": "e80a1d219c21856fc21d5b1839af6b69.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806002", "to_ids": false, "type": "text", "uuid": "49a4b58e-bbe1-4a31-b2c0-83a2e7f0cff3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859822", "uuid": "1628148c-5c23-4054-a61a-23c1d0fc0c94", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859822", "to_ids": true, "type": "md5", "uuid": "38502fa8-50c3-469a-bdcc-71ee5a68dfd1", "value": "949f051ebd19f0b12532baff0652ed9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859822", "to_ids": true, "type": "sha1", "uuid": "3425e247-69e8-4174-9dcf-2a8bece7409b", "value": "eed5ca2b8bf72aee2e821aa8a627983b8092cc6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859822", "to_ids": true, "type": "sha256", "uuid": "c98e5be7-fffb-4216-9259-77516a786594", "value": "e6b1583463e5647fb363b4e22c5b68a412ef97fdcc69195fd0cf17f21911bf18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806024", "to_ids": true, "type": "ssdeep", "uuid": "49bea2af-7a1a-426c-a8a7-f9ebb1670383", "value": "12288:UN9C4SsGhGEzlT9EDJiq0ojkyBXXKdWFZbvxB95+Nr/SpyPOmlDf9LKQD:ULqlbQ4qZXZbn95DfqhKe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806024", "to_ids": false, "type": "size-in-bytes", "uuid": "0db2d1d2-908b-400f-b29a-c92154508ab2", "value": "643217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806024", "to_ids": true, "type": "vhash", "uuid": "600f3970-2308-4ed5-ad65-e273960aec49", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806024", "to_ids": true, "type": "filename", "uuid": "cbe8064d-2f8b-4af8-9ebc-93d2b1468579", "value": "949f051ebd19f0b12532baff0652ed9f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806024", "to_ids": false, "type": "text", "uuid": "d13c8cac-0406-4ced-905c-8793304efdf9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859823", "uuid": "5492d144-99f5-4a59-a825-cabf7132894c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859823", "to_ids": true, "type": "md5", "uuid": "8a15f098-f8b4-4fdc-83cd-c64718e5e21f", "value": "7c0dfe589c5be6165015f50c97eec038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859823", "to_ids": true, "type": "sha1", "uuid": "09d05ba1-e889-4771-831b-251b4125a3e0", "value": "1c9ca715d77867396b287466d56f18c6fdc41e4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859823", "to_ids": true, "type": "sha256", "uuid": "f81ab601-0201-4064-88fd-7b490fce464a", "value": "278734feab7fce1d753dfd04e38e5ace000afebff295f33e791f3d8cae2d7c48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806045", "to_ids": true, "type": "ssdeep", "uuid": "ad2e986b-f6c0-4827-8f4a-bcd313888943", "value": "12288:7N9C4SsGhGEzlT9EDJiq0ojkyBXXKdxFZbvxB95+Nr/SpyPOmlDfULAdp:7LqlbQ4qZXebn95DfqcA3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806045", "to_ids": false, "type": "size-in-bytes", "uuid": "3a0d5e87-d35e-49c9-91c0-03a47d2c4956", "value": "643217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806045", "to_ids": true, "type": "vhash", "uuid": "0dba1be8-76e6-4b8d-bada-7858369850ba", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806045", "to_ids": true, "type": "filename", "uuid": "1d3bf545-f330-4b16-8985-9b5d26f43719", "value": "7c0dfe589c5be6165015f50c97eec038.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806045", "to_ids": false, "type": "text", "uuid": "84badc70-a93a-436f-9d59-6b35eb044389", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859824", "uuid": "21e24a84-dc11-4055-9f59-41a7eecd5b4c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859824", "to_ids": true, "type": "md5", "uuid": "10a806f7-2684-4899-98af-340eb7d2088f", "value": "8358f89edf5f3fed20f4b4bf57f45fe8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859824", "to_ids": true, "type": "sha1", "uuid": "a6088c61-014f-4eb2-87d0-c75d8b540333", "value": "5856ef764eecb25bf6da2d3c48b8a5dfc0f34a66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859824", "to_ids": true, "type": "sha256", "uuid": "49a3b14f-bf6c-4c39-a41e-074856d2af65", "value": "1f88cd875fb7cc4e1ffd3b39a693d52d40934aa383c525a5161bfd626261bf9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806066", "to_ids": true, "type": "ssdeep", "uuid": "14065087-0f16-44ee-9cc7-93d638b0dca8", "value": "24576:pEL2uavqQhoE0CopZbe1Ouq05Bos6hIJRdYtn9Taf66WoW3JqW3JoW3Jdc:pdhiBZbe1RF5BoRKi5v33JR3J73Jdc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806066", "to_ids": false, "type": "size-in-bytes", "uuid": "e402899e-57ec-4f30-ac85-b4298d56021b", "value": "1916367" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806066", "to_ids": true, "type": "vhash", "uuid": "86eb8f4e-2eb2-44d3-ba51-6811ebba5881", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806066", "to_ids": true, "type": "filename", "uuid": "263b77b3-31df-4677-92dc-7fd76c3e9fc5", "value": "bd0c2f287c9162b4f8879925b67bac59b00a17b98a67cca6e0994cd51a63a5a6.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806066", "to_ids": false, "type": "text", "uuid": "b1542124-5087-4232-a0a0-88ab4a03ea8e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859825", "uuid": "e514a40c-c0db-4864-9c8a-e63238bdda8a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859825", "to_ids": true, "type": "md5", "uuid": "78d83814-0fae-4e7d-9352-5ee6ba96d96f", "value": "c159735cc1801156fe67fb3a5626ee84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859825", "to_ids": true, "type": "sha1", "uuid": "c8974d77-0a9e-40f7-8429-e7a991309dab", "value": "b353d88de53ed3b34926269fc6b8f803fa8acc02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859825", "to_ids": true, "type": "sha256", "uuid": "3932e099-ee13-49a2-88d2-d4d2460c615a", "value": "8233ece65c5f550692af551e8d04d4241334e8b5560751adff37fd97b56969d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806087", "to_ids": true, "type": "ssdeep", "uuid": "b88fbb36-91a4-4bbe-8ce0-6157cd0cc0b3", "value": "24576:rTiShA5EitL5kHGY7VFgcFC3jtOhC3CDeF268pYzvTFAH467Zt3LZ9Kx:rTxhA5EitL5kHGY7VFgcFC380w68pYvh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806087", "to_ids": false, "type": "size-in-bytes", "uuid": "9e5b706e-71e2-4673-9a94-6a2ee6147e20", "value": "994386" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806087", "to_ids": true, "type": "vhash", "uuid": "3977e054-92a6-41dd-bb10-f2299575452b", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806087", "to_ids": false, "type": "text", "uuid": "facaf8be-cdff-440e-b9f8-7c74cb410449", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859827", "uuid": "75ceaf09-4355-43b9-bc9f-938be5260008", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859826", "to_ids": true, "type": "md5", "uuid": "a3e117db-21e7-49c2-9d26-8f928b6dd971", "value": "7a31a964f903d8dda40523c42da0caf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859826", "to_ids": true, "type": "sha1", "uuid": "c470a6e4-0268-47f3-a1f6-f59a7ebbd0a1", "value": "0886795dccb94e4e34f2c04c6221ed35c2e706af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859827", "to_ids": true, "type": "sha256", "uuid": "f9dd220d-3c7c-4e3b-85ac-1a329981b32d", "value": "3a1dcc97014cbdca165f29c35e44c549fb77eeac9cae06329523540df2f83679", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806109", "to_ids": true, "type": "ssdeep", "uuid": "5abd6b3d-45cc-4de7-a3f0-dad701b65c36", "value": "24576:eCm3RNZq3QJAawIdFrvU2uhMJngJ34yHG/Y9X1IerO3WolPR8p+R:e13HJAabGhMZglyY9X1Ij3nEs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806109", "to_ids": false, "type": "size-in-bytes", "uuid": "4982ce8e-cbb6-44de-ab8e-d22a97eb0ebb", "value": "1211515" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806109", "to_ids": true, "type": "vhash", "uuid": "e7f02b49-7645-445e-9305-12afa8007c6d", "value": "3bd5ed57b56f59eaeacbd1e0af76a1fc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806109", "to_ids": false, "type": "text", "uuid": "b1aa62ff-af95-4c19-b07f-dd1e02af4a91", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859828", "uuid": "faa81c45-5e4a-4c1b-8d87-cd9bda8264fe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859827", "to_ids": true, "type": "md5", "uuid": "b332d801-7377-4ad0-81a2-6b0dbcb75dd0", "value": "1705ad40c6466b2ab3d84db01c73ddce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859828", "to_ids": true, "type": "sha1", "uuid": "35a9dda9-4ead-4f29-9a8b-341603c736e5", "value": "05b8c008ea72bd485d6de2c0c95e21e7de448235", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859828", "to_ids": true, "type": "sha256", "uuid": "610059de-d15a-4b61-bf12-1e90a01d6fa8", "value": "49c04f05c9f564a71e5a2a9cd1497b4b23830cb55bf510d77fbbc7e56e3c142a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806130", "to_ids": true, "type": "ssdeep", "uuid": "8b0cfb84-8da1-45a0-b7af-e9b4b24afbb7", "value": "3072:XC1ZbDu5QwviXglX8PULAfh2xZJ1y/DIJTSKV+G3vP5H7faXA/f0LLj9FONBkp9J:MwQwZ8UAfhb/Auur3vhHMmf0/juNBoV/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806130", "to_ids": false, "type": "size-in-bytes", "uuid": "ef50c568-b4bf-4bf0-840b-281166d12304", "value": "195136" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806130", "to_ids": true, "type": "vhash", "uuid": "7cf2df7e-4ee6-4fe3-bf63-c1f01f01f7cd", "value": "edc4b2179bf2b73872407c8bb833daa8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806130", "to_ids": false, "type": "text", "uuid": "ed639062-9fc0-48a8-a5d2-c22192256b77", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859829", "uuid": "f4b2aecd-2fa8-4d1c-be45-ef1f07f5c445", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859829", "to_ids": true, "type": "md5", "uuid": "39fae36a-37b7-45ec-b20c-40cfba423df3", "value": "c3379c84397d3e42418deaac85a12f99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859829", "to_ids": true, "type": "sha1", "uuid": "fafde83a-02ce-4c22-b0d9-2f14ca9ca2f3", "value": "d7d6e1446f2ffb9474cad04edca07d18f4eb6da5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859829", "to_ids": true, "type": "sha256", "uuid": "d62574ef-0c07-4cd4-952d-9037f2444fae", "value": "20d108a2ace97aafdee58864b4d416fd2194cedcd309f398acdf584d4da4e6d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806152", "to_ids": true, "type": "ssdeep", "uuid": "13135714-2692-4f56-980b-1b006c13988d", "value": "24576:TTiShA5Eitf5kHGY7VFgcFC3jd73DgRMpmvBf6APS/16gDiH1WiBZt3LZ9Ka:TTxhA5Eitf5kHGY7VFgcFC3V8R4096AF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806152", "to_ids": false, "type": "size-in-bytes", "uuid": "b0f19f7a-99f3-45e6-a0ab-45d6b2f25987", "value": "992733" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806152", "to_ids": true, "type": "vhash", "uuid": "6bf64edf-b065-4090-8c50-9e3f43508ff4", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806152", "to_ids": false, "type": "text", "uuid": "42b698a4-8329-4330-a887-738acb29e3b9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:22/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859830", "uuid": "c0834402-af2a-4727-b2e3-071a21838e01", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859830", "to_ids": true, "type": "md5", "uuid": "45a3dc61-a60b-49ff-92b9-b15527835bce", "value": "9654e6e036008c513590a3313219bc83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859830", "to_ids": true, "type": "sha1", "uuid": "cd426fce-3c4c-422e-871d-4e2975b90e1f", "value": "3f032b054a2634154914501e3234bf922cfdb384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859830", "to_ids": true, "type": "sha256", "uuid": "07abea90-8601-4e49-a07b-146039a4d4ad", "value": "af05bae5537c51e2a295e86e1415858ced87da78e96a4eb2a591cfe05e74bb44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806173", "to_ids": true, "type": "ssdeep", "uuid": "82679eb0-c9f9-4c1c-9132-f366daa894e7", "value": "24576:NRNZq3QJAagsTRXSVGi9RnBo6hRzjBtY8P3ozT5:NHJAalTRQGiznG6PzjRwJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806173", "to_ids": false, "type": "size-in-bytes", "uuid": "2176eae2-aed0-423b-aa9c-254436ee5ae2", "value": "1139833" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806173", "to_ids": true, "type": "vhash", "uuid": "f4376972-9091-4afe-a118-217c65fcf9c9", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806173", "to_ids": false, "type": "text", "uuid": "a4f28cef-512a-4bc9-90b2-988f5ba7e6ea", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859831", "uuid": "e01c7065-d1bd-411c-91e6-360137d8ffa9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859831", "to_ids": true, "type": "md5", "uuid": "6ce72f7d-29be-45c4-b5e2-e58f20fbeebb", "value": "b86dbf28ae2663e24ae973b71ef61790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859831", "to_ids": true, "type": "sha1", "uuid": "099ba611-53bd-4773-b0f0-a3a614d17d1e", "value": "206a2a7a9011f8020fa988aec43aa52cefe0699a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859831", "to_ids": true, "type": "sha256", "uuid": "07983a51-0706-430f-b7bd-2a1930a96b90", "value": "62f2c032dc9278734108835d7ed7f6c06ffa3668519b65120c02d46aedb590af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806194", "to_ids": true, "type": "ssdeep", "uuid": "686896ef-ccd5-4a0e-97cd-2f2061623595", "value": "24576:/TiShA5EitN5kHGY7VFgcFC3jl0cjvWNEJS/vpOZFHUHiT/MUaTBuZt3LZ9K1:/TxhA5EitN5kHGY7VFgcFC3NjvWNEJzS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806194", "to_ids": false, "type": "size-in-bytes", "uuid": "dec082fc-16f7-4898-a987-ee27b85e0929", "value": "992299" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806194", "to_ids": true, "type": "vhash", "uuid": "da84befb-9889-4a4a-ba46-8cb963eab2b9", "value": "b139ea8a989d5fdbd274bc956f09e3ab" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806194", "to_ids": true, "type": "filename", "uuid": "a7b0637f-be55-49d3-b0d6-5bc1fe4912a4", "value": "62f2c032dc9278734108835d7ed7f6c06ffa3668519b65120c02d46aedb590af.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806194", "to_ids": false, "type": "text", "uuid": "9987dd34-6bf5-45cd-9223-d4d425992899", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859832", "uuid": "4af8d50b-6b93-45e2-9db2-65a8778e57da", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859832", "to_ids": true, "type": "md5", "uuid": "5b15065c-5c10-4a4b-9d3c-7f4be5cf55bf", "value": "7c186c5e604e954855207c1f804fba0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859832", "to_ids": true, "type": "sha1", "uuid": "ae423412-4d83-4a15-af38-dac597fb9e1e", "value": "329164b6af83d0ea6b300bb874a9240925d0aed2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859832", "to_ids": true, "type": "sha256", "uuid": "0d838bef-36ce-4182-86bb-7307be99eb1c", "value": "65955bfe46c301c805761ab17076274d6b1b1f6158dfdd865fd20b520145f483", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806215", "to_ids": true, "type": "ssdeep", "uuid": "875de5c3-8863-44b3-935a-b59f90b8c235", "value": "24576:cEL2uavqQhoE0Cop0fI0gM/CbAchTPDmpW7bH8FvIdJHVHaTC8pyd:cdhiB0OM0AcxDmpW38FAdJHVHaTC8Yd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806215", "to_ids": false, "type": "size-in-bytes", "uuid": "747081a9-d595-4fdf-ac14-2b77462083aa", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806215", "to_ids": true, "type": "vhash", "uuid": "b1e7140c-432e-43fd-8e59-f5a40a217af0", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806215", "to_ids": false, "type": "text", "uuid": "769002c0-6285-4a5d-9844-bdb8c086cce5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:33/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859834", "uuid": "d5f73b60-7629-49d7-bf8b-c69a80b4c026", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859833", "to_ids": true, "type": "md5", "uuid": "5ba2a262-0f34-4242-8c40-c8402b8dc504", "value": "17f209b00aa79d6ac2383636c38960ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859833", "to_ids": true, "type": "sha1", "uuid": "c2b29a0a-c526-4cdf-8800-1ef12a531f44", "value": "0788a429e6223c9836f5e46bcfca59a4f07ec091", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859834", "to_ids": true, "type": "sha256", "uuid": "340d639e-83f1-4240-bb31-8e014ea35788", "value": "1bd83ec930ca7082b82a9d9dc8772be9f137489cf7899f4389266d2cc2f6e9fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806237", "to_ids": true, "type": "ssdeep", "uuid": "5ed16bd8-77e5-4222-a3de-a088878d8e09", "value": "12288:PoN9C4SsGhGEzlT9EDJiq0ojkyBXXKdxVgZIGC3MBHOOzJaRsOE2vLcDG:QLqlbQ4qZXLtCAHOOdaRsyTcy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806237", "to_ids": false, "type": "size-in-bytes", "uuid": "09f8094b-dbff-4ed6-9248-5e564a3d4974", "value": "642790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806237", "to_ids": true, "type": "vhash", "uuid": "b7378624-b175-43a0-8087-0aa4d24d72aa", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806237", "to_ids": true, "type": "filename", "uuid": "2af581a2-b952-4a77-809a-53a1b999ea82", "value": "17f209b00aa79d6ac2383636c38960ce.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806237", "to_ids": false, "type": "text", "uuid": "b3f6869c-2f10-430d-a1e9-344bce6936ac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859835", "uuid": "03ca4eb5-adad-4b7e-985c-75867c66fbec", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859834", "to_ids": true, "type": "md5", "uuid": "1011e91a-e4a1-4ab3-b2ee-24913fc6410d", "value": "396dd2adada238cdaacaf21ce47d9a3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859835", "to_ids": true, "type": "sha1", "uuid": "1863ad93-13b6-41c6-8579-cecd0f665cd0", "value": "2047eb02c07341340e1f82a7f3444d4d25f434d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859835", "to_ids": true, "type": "sha256", "uuid": "1ec39ff2-793c-4d91-a644-f7b90f4dc507", "value": "2b5198d13b8e2f2dc4d8e60fd07cdbf999e3a307902909b857e25b41c0e23215", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806258", "to_ids": true, "type": "ssdeep", "uuid": "5e9bed6f-ea21-4f7a-9cd7-63a63d63242f", "value": "12288:9N9C4SsGhGEzlT9EDJiq0ojkyBXXKdhEjYSWW6trJBBBLMXN:9LqlbQ4qZXweWW6hJTRM9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806258", "to_ids": false, "type": "size-in-bytes", "uuid": "c3622d76-2270-43b3-b5d9-aedb08c438af", "value": "642787" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806258", "to_ids": true, "type": "vhash", "uuid": "86e8de2a-56cb-46bb-892f-5e6d0b096e90", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806258", "to_ids": true, "type": "filename", "uuid": "fd7614b5-24c1-4434-bd91-994cb55ae4a3", "value": "396dd2adada238cdaacaf21ce47d9a3c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806258", "to_ids": false, "type": "text", "uuid": "82382d58-a04c-4731-91fc-bd8b2646f4e3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859836", "uuid": "7afeac77-e707-4d84-8695-f08743ebe62d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859836", "to_ids": true, "type": "md5", "uuid": "29a7128f-34b1-4603-bf4c-5e8d64a9d7c6", "value": "a8394576535da14b6bdc4479f7dba9de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859836", "to_ids": true, "type": "sha1", "uuid": "591f4192-5e81-4624-a775-f4eed4159032", "value": "d932f5f078422b2ca16899b90ec4f6a4abc36969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859836", "to_ids": true, "type": "sha256", "uuid": "e4716e79-fb9c-4ddc-833d-4ffe9a194331", "value": "c0514ee3b7f36aec9e56a3bcc1cc9a3dd4d999c1e248105ae2f99b244074485f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806280", "to_ids": true, "type": "ssdeep", "uuid": "1a7c245a-d336-4606-b414-a7c84fb1e210", "value": "12288:vcN9C4SsGhGEzlT9EDJiq0ojkyBXXKdTak2C3MBH0EqmVGou+LMRX:ELqlbQ4qZXS2CAH0lHo3M1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806280", "to_ids": false, "type": "size-in-bytes", "uuid": "cc56d9c0-483a-4c0f-b77a-03f8f2d09c94", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806280", "to_ids": true, "type": "vhash", "uuid": "07d16b11-1cf0-4eb8-b730-71df08c53b12", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806280", "to_ids": true, "type": "filename", "uuid": "e74b275b-0647-4872-9b04-5de4dc0c83d4", "value": "a8394576535da14b6bdc4479f7dba9de.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806280", "to_ids": false, "type": "text", "uuid": "07b012b9-8318-4603-83ba-bf205948c525", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859837", "uuid": "3559de59-8098-43c4-a248-c5ea247932b5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859837", "to_ids": true, "type": "md5", "uuid": "c81425de-b9fa-46bb-b2ce-73f8a4e284b5", "value": "9e92c463523262fd2f603440cff51945", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859837", "to_ids": true, "type": "sha1", "uuid": "df60e662-a5fa-4b53-82fa-c4454fd5fd33", "value": "1579f00f41e4644ff6df25d4284fd8e2d70fcb5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859837", "to_ids": true, "type": "sha256", "uuid": "25faa513-0fb5-4f9e-9fb1-cc77f2e7efd1", "value": "f9bf2b1e7eb75cbc4721943f8c2aa3424b999172afbcd24fd171c250d930831c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806301", "to_ids": true, "type": "ssdeep", "uuid": "49928596-33a9-4724-bb00-4ac6d92b178c", "value": "12288:6bN9C4SsGhGEzlT9EDJiq0ojkyBXXKdNak2C3MBH0EqmVGoujLSwr:ILqlbQ4qZXg2CAH0lHo2Sm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806301", "to_ids": false, "type": "size-in-bytes", "uuid": "4c6e6c59-0ee9-40a5-aa4b-ea08eca9f187", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806301", "to_ids": true, "type": "vhash", "uuid": "f517a292-5ebb-418a-8b25-9fbfbf438252", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806301", "to_ids": true, "type": "filename", "uuid": "9d7ac194-b716-4403-a6a5-61d5ea01a2d2", "value": "9e92c463523262fd2f603440cff51945.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806301", "to_ids": false, "type": "text", "uuid": "7580a7bf-e312-4c11-ab3a-9be76fc28e2e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859839", "uuid": "2284497c-10c7-45d0-b3ec-d8f03e99e907", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859838", "to_ids": true, "type": "md5", "uuid": "3cf5710f-b48a-417a-923f-461aadedfa6b", "value": "76e60e6df353b38d453a8cc61243151a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859839", "to_ids": true, "type": "sha1", "uuid": "85b87b7e-5c6f-4c86-bbf3-c225b9b5c172", "value": "43d3731329fc78c45a43d4e89126d3777fcbe383", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859839", "to_ids": true, "type": "sha256", "uuid": "5481da0e-16bd-4cce-9fe0-13e931c697db", "value": "e78dee5876963bbf1bfe251568914617f38b726be1d6f15539ac926d857c005c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806322", "to_ids": true, "type": "ssdeep", "uuid": "c3ca2070-f878-4a67-a47a-bcdae94106f4", "value": "12288:mGN9C4SsGhGEzlT9EDJiq0ojkyBXXKdFak2C3MBH0EqmVGouvLqcW:9LqlbQ4qZXw2CAH0lHoiqj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806322", "to_ids": false, "type": "size-in-bytes", "uuid": "4c9adcfd-4647-45bf-804b-dca6b65019b0", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806322", "to_ids": true, "type": "vhash", "uuid": "f268e664-e384-49cc-81df-331359457678", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806322", "to_ids": true, "type": "filename", "uuid": "8f7267ce-4723-4021-b90d-d537708b96cd", "value": "76e60e6df353b38d453a8cc61243151a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806322", "to_ids": false, "type": "text", "uuid": "2380e234-0db1-4ed3-bbd8-41c6db1bdc15", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859840", "uuid": "343fd6cb-725a-4bd0-a98a-54da117def5d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859840", "to_ids": true, "type": "md5", "uuid": "60a57e5b-d2e0-43e9-a445-cb8f6602587a", "value": "da69b956acdc75e8a93b8fd7a165503d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859840", "to_ids": true, "type": "sha1", "uuid": "33274e09-013e-407c-9a20-80bd543ec38e", "value": "3308d260cd2e3cf2a856a357df41e93b4d97ec1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859840", "to_ids": true, "type": "sha256", "uuid": "f1db26f1-fc65-40b8-bb44-75af0204f417", "value": "dd4a403c3b14d0700e11bf5799b06c90498c8ffb82c61e962e2bff10bced1ca3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806344", "to_ids": true, "type": "ssdeep", "uuid": "1bf1c5cb-8aa6-48c3-8119-588df6dd97db", "value": "12288:zAN9C4SsGhGEzlT9EDJiq0ojkyBXXKd/ak2C3MBH0EqmVGouiLo1n:kLqlbQ4qZXW2CAH0lHo7oZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806344", "to_ids": false, "type": "size-in-bytes", "uuid": "9ea8f362-3e41-46b4-9cc8-7af044d3fbbb", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806344", "to_ids": true, "type": "vhash", "uuid": "843b82e7-4135-4c52-84c6-57d47dfa4085", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806344", "to_ids": true, "type": "filename", "uuid": "c489207e-8778-4de7-ae46-f444f2c83296", "value": "da69b956acdc75e8a93b8fd7a165503d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806344", "to_ids": false, "type": "text", "uuid": "d191502d-eafe-43c7-a2ee-a4ec3825f04f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859841", "uuid": "99f229d7-8947-4146-b35b-c9442a0b869f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859841", "to_ids": true, "type": "md5", "uuid": "e3b43b75-1762-406a-9833-e8219545f950", "value": "21660d2c63816b7e7ab54815d985bf6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859841", "to_ids": true, "type": "sha1", "uuid": "18e1d7e7-86d0-4098-9acc-636ec4ba90ab", "value": "ba9fa9557636a9238c7fbd7a79cf3cb5d399d3c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859841", "to_ids": true, "type": "sha256", "uuid": "3cc5146d-5c85-4765-a738-f9ddcef5371e", "value": "56724d5a20802509282c58599fa5c488c2f743412c109e924e3fbbb85d0bcf2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806365", "to_ids": true, "type": "ssdeep", "uuid": "1ac1b519-1947-45ed-81f0-d4701767ea4b", "value": "6144:pt3wY1iZFI52Jy0fJyVRoYFDD57+ZgOWSCgWwvjnGNrOtMaF9hPgDF6xmLrsa2Kc:pGYuU2k0feNlD5sLWghjGfXLQaUbCEIU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806365", "to_ids": false, "type": "size-in-bytes", "uuid": "b71ac85c-af12-40ae-98ef-e1f2f7d6c0e4", "value": "605315" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806365", "to_ids": true, "type": "vhash", "uuid": "02a1b04a-25e5-4cd4-8f47-25779e6f9577", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806365", "to_ids": true, "type": "filename", "uuid": "ed8d1ed3-7015-4ab5-b558-a6e9bd6c5bf5", "value": "21660d2c63816b7e7ab54815d985bf6a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806365", "to_ids": false, "type": "text", "uuid": "6767da72-92d2-48c0-a4aa-e616cfcfcdff", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859842", "uuid": "58c519da-3baa-419e-8d53-7009fc45746b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859842", "to_ids": true, "type": "md5", "uuid": "21e331c6-9048-4ab9-b527-10032f25e66e", "value": "c7bdf9ce28e7b494852b27ef1b2293c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859842", "to_ids": true, "type": "sha1", "uuid": "7402d09a-aa05-465b-a948-b78c866bcb32", "value": "56e469b9a72fc6d8ca1500582dff77eea6b1f4ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859842", "to_ids": true, "type": "sha256", "uuid": "04b0ebbe-6c07-43b8-8c70-0a7ecf300fd7", "value": "932f2771b04783c375124ba21f1f0e20c0dcebe5c030e1f57d9297a99c8eda93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806386", "to_ids": true, "type": "ssdeep", "uuid": "dff26a1e-3d17-43d0-ae12-f6a6daf73d85", "value": "12288:K7N9C4SsGhGEzlT9EDJiq0ojkyBXXKddak2C3MBH0EqmVGouTLSgr:YLqlbQ4qZXQ2CAH0lHoGSW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806386", "to_ids": false, "type": "size-in-bytes", "uuid": "19e20afc-015d-4dc8-9f1d-721d1962a31e", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806386", "to_ids": true, "type": "vhash", "uuid": "7299677a-cab6-4130-91e8-b2fda82e1dc4", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806386", "to_ids": true, "type": "filename", "uuid": "edd4ddf6-38f2-4e23-8980-0f3061a5071e", "value": "c7bdf9ce28e7b494852b27ef1b2293c6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806386", "to_ids": false, "type": "text", "uuid": "40537f96-924b-4b31-8340-930693817d67", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859843", "uuid": "6bc111ba-9cfd-4850-941b-ccd4c5d1110e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859843", "to_ids": true, "type": "md5", "uuid": "62636202-b39a-4196-96ff-c24e53fb22a1", "value": "a8d5e183bcbde05f6c8d6d371d1bbee6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859843", "to_ids": true, "type": "sha1", "uuid": "214ff3b0-2083-4b81-891c-b19bdb683731", "value": "4cb374f7e1f91b2691e58022a74b266aafa54b67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859843", "to_ids": true, "type": "sha256", "uuid": "e68257d1-e3b0-4ae7-b435-ec6770a7b4e5", "value": "f04a7495c309e3ca02a1306bc6a200ef0b882d884f24fd27510cc74b40c6d391", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806408", "to_ids": true, "type": "ssdeep", "uuid": "3942bc5e-d432-4e60-923a-a98eb7e973a5", "value": "12288:ToN9C4SsGhGEzlT9EDJiq0ojkyBXXKdAak2C3MBH0EqmVGouiL81K:MLqlbQ4qZX92CAH0lHob80" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806408", "to_ids": false, "type": "size-in-bytes", "uuid": "85e5a762-15b0-4d7b-befd-63ef2ad7e7ea", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806408", "to_ids": true, "type": "vhash", "uuid": "057b283b-ee88-4439-9f65-9ad81d877f82", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806408", "to_ids": true, "type": "filename", "uuid": "6519cdbe-e8c1-4436-8a30-b961e8a3c7b7", "value": "a8d5e183bcbde05f6c8d6d371d1bbee6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806408", "to_ids": false, "type": "text", "uuid": "d9c43da2-5a55-4472-a917-46c983d8ae1b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859845", "uuid": "ac7ffb25-0820-4f84-8522-6e81ab1406ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859844", "to_ids": true, "type": "md5", "uuid": "94dacda6-abdb-4709-9359-88c5847a20f6", "value": "f83d81ebdf82d679524875d374c79b34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859844", "to_ids": true, "type": "sha1", "uuid": "f3214712-b3a9-49b5-a4b2-f5afeb8ece2c", "value": "e9a88dfb490cc0b083bee1119b4796e5cf39b925", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859845", "to_ids": true, "type": "sha256", "uuid": "6498f50e-03b9-4e5a-9cbf-9eb0db107ab9", "value": "521f9719c7eaf69c49ca4d18b3902e07f34398ba37750ce44952ab4f4a41db2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806429", "to_ids": true, "type": "ssdeep", "uuid": "0c97a378-cd7c-4051-bd9f-902dccbf2138", "value": "12288:pyN9C4SsGhGEzlT9EDJiq0ojkyBXXKdQak2C3MBH0EqmVGouQLM72:MLqlbQ4qZX92CAH0lHoZMC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806429", "to_ids": false, "type": "size-in-bytes", "uuid": "74ac58e2-43f2-4706-b790-4245ba844d73", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806429", "to_ids": true, "type": "vhash", "uuid": "8971e4bc-433f-4c88-9891-b7401e51ac55", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806429", "to_ids": true, "type": "filename", "uuid": "0abc836a-3c8f-49df-8e82-030d614eb88a", "value": "f83d81ebdf82d679524875d374c79b34.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806429", "to_ids": false, "type": "text", "uuid": "db6d7f51-a77f-4e21-9208-51b396113827", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859846", "uuid": "611ed0d2-5884-4558-a2a8-4197e96c2a4f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859845", "to_ids": true, "type": "md5", "uuid": "47ee744b-7c69-45ca-ba45-000316c22dba", "value": "48339dfb70be10f0bca63febf9b95ccc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859846", "to_ids": true, "type": "sha1", "uuid": "da5b4871-1d5f-438d-a0c0-bd24342e4f13", "value": "22de053ea12f57055c09558761b0dadf3da57b46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859846", "to_ids": true, "type": "sha256", "uuid": "e11e00f1-70ca-4fe9-9c57-ad3d4231c94a", "value": "5e3ee383720cb1a9b84a2bf22ae6e4f677dba40304ed2bc74b3b7a567e1442ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806450", "to_ids": true, "type": "ssdeep", "uuid": "ce8e3104-be4d-4689-9779-a013e116a207", "value": "12288:gN9C4SsGhGEzlT9EDJiq0ojkyBXXKdpVgZIGC3MBHOOzJaRsOE2ULyPILL:gLqlbQ4qZXftCAHOOdaRsyoWm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806450", "to_ids": false, "type": "size-in-bytes", "uuid": "b78577b1-ef58-48b3-a5fd-89e59e3cd674", "value": "642800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806451", "to_ids": true, "type": "vhash", "uuid": "87c356d2-c49f-4d44-b593-a2ec17594a03", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806451", "to_ids": true, "type": "filename", "uuid": "813358c4-83b1-4aa8-9be0-b855718cafcd", "value": "48339dfb70be10f0bca63febf9b95ccc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806451", "to_ids": false, "type": "text", "uuid": "208d96f6-3589-49c6-8118-68786f3da36e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859847", "uuid": "744e5bd8-5c98-464e-ad6b-8a54e36e55af", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859847", "to_ids": true, "type": "md5", "uuid": "c7e8fcaf-799c-4fa8-9780-53225ff6f4b2", "value": "6f8b8c0439df0ef27e35d6f5f7a3bba8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859847", "to_ids": true, "type": "sha1", "uuid": "8cd805bf-3bbc-4265-8699-4172a2fe8d0c", "value": "58258eff3e5d9c9f61b740fccf086bfae5fe7454", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859847", "to_ids": true, "type": "sha256", "uuid": "063637b9-2ec9-44de-a3a8-a92490ed0c55", "value": "bd0c2f287c9162b4f8879925b67bac59b00a17b98a67cca6e0994cd51a63a5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806472", "to_ids": true, "type": "ssdeep", "uuid": "81841892-07c3-495f-a6ae-0ba222866ec6", "value": "24576:pEL2uavqQhoE0Cop0fIPgM/CbAchTPDmpW7bH8FvIdJHVHaTC8pyT:pdhiB0xM0AcxDmpW38FAdJHVHaTC8YT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806472", "to_ids": false, "type": "size-in-bytes", "uuid": "66910ad8-5f81-47b0-8423-3bc738f605da", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806472", "to_ids": true, "type": "vhash", "uuid": "83779c00-18c5-43d3-92fe-10eea9dfe455", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806472", "to_ids": false, "type": "text", "uuid": "06e38910-c379-4996-b4e2-9e70c2fa817a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dakkatoni.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859848", "uuid": "925f54d7-64fd-40cf-bb50-0c800dbee0e5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859848", "to_ids": true, "type": "md5", "uuid": "e9daeab6-26e3-4ca7-944e-d02bd844ecdf", "value": "2a4939611bf3b78c4a3022fce437ce67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859848", "to_ids": true, "type": "sha1", "uuid": "5c5e4c11-6ddd-452e-b887-227058e4f68b", "value": "6879b2f6cda5da2916f069ba8fd6222a3d21874a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859848", "to_ids": true, "type": "sha256", "uuid": "83b3d0da-1698-4adf-88c5-5faa7ebb35ad", "value": "f84bcbde0c9457facac63a9e7f588cfdf69eda03516ebb769fdfaa40cf6bbff6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806493", "to_ids": true, "type": "ssdeep", "uuid": "151680e1-b98f-4b00-ab03-890db5d381a0", "value": "24576:uEL2uavqQhoE0Cop0fI+gM/CbAchTPDmpW7bH8FvIdJHVHaTC8py9:udhiB0UM0AcxDmpW38FAdJHVHaTC8Y9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806493", "to_ids": false, "type": "size-in-bytes", "uuid": "83206d31-cac0-428a-9807-ac31922b0fdb", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806493", "to_ids": true, "type": "vhash", "uuid": "78762007-3dd2-4112-b08b-7df780a89542", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806493", "to_ids": false, "type": "text", "uuid": "2f601b4a-8a71-425e-aef6-f8f5d65d3858", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859849", "uuid": "0ff317be-89a4-4b5a-8825-6198866b7f48", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859849", "to_ids": true, "type": "md5", "uuid": "231aac32-998c-41db-8b0a-230759b965eb", "value": "13d2a6e529fcbbcbbc44398858fc5b1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859849", "to_ids": true, "type": "sha1", "uuid": "668e1a1f-6a3b-4967-bc89-1c02cd8c5dc4", "value": "0299fe126b104502f34d4ef7a964771c5d36ddee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859849", "to_ids": true, "type": "sha256", "uuid": "8a1eea36-d4bc-430b-9d6b-d1589ed037b6", "value": "c3de1e898de038dd5db48bede2c97cc77c14795583a956ad10d9f54fe89ecb32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806515", "to_ids": true, "type": "ssdeep", "uuid": "0ae52a43-9055-406e-a512-15d45cb3fc30", "value": "12288:6N9C4SsGhGEzlT9EDJiq0ojkyBXXKdetXEC3MBHxM4XJNPZOr+7BXLMDT:6LqlbQ4qZX1XECAHi4XJNPZOMbMP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806515", "to_ids": false, "type": "size-in-bytes", "uuid": "4727edac-14ef-4513-9296-492f8c1c20bc", "value": "642778" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806515", "to_ids": true, "type": "vhash", "uuid": "6ae021ca-2b60-4b8f-aab1-8d6397fe93c9", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806515", "to_ids": true, "type": "filename", "uuid": "fc115f02-b7c1-43ee-96d1-3550a44d5c72", "value": "13d2a6e529fcbbcbbc44398858fc5b1c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806515", "to_ids": false, "type": "text", "uuid": "01f64a9e-8c2f-497b-a57a-6c49d3167ddb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859850", "uuid": "ea064e4c-3208-4641-8235-e68aee0f8dbe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859850", "to_ids": true, "type": "md5", "uuid": "94c2dd4c-d5be-41be-9226-e8a1fc7e36a7", "value": "29c0cc17b54dedaa5a5abd03f10018f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859850", "to_ids": true, "type": "sha1", "uuid": "490e1d25-ba78-4cdd-9352-2520f5359c6f", "value": "e88ab7bb2b418e98c7560354759d15152115de6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859850", "to_ids": true, "type": "sha256", "uuid": "e59794b3-1399-42fd-9a5a-c617a93eb840", "value": "b4d4595a85dd59e90f65d2c37ae3a7a75e6d6f6c334ab16c45b51c4d1826d66f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806536", "to_ids": true, "type": "ssdeep", "uuid": "8b21e795-7bd0-4277-84ee-a087d2e60902", "value": "12288:SpoiDZ35+AcKBYqJH+9e5BcrcU69hjMzpTs58GWpJKOE5FPbtM:SJN30fAxzfrh9hjMz7ElFzW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806536", "to_ids": false, "type": "size-in-bytes", "uuid": "62919356-6173-40f6-a78a-8ffae4d38111", "value": "605316" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806536", "to_ids": true, "type": "vhash", "uuid": "e44eb6df-720d-4f5e-8c24-b6b32d14bc28", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806536", "to_ids": true, "type": "filename", "uuid": "a5abc227-5a01-4600-9d17-4222087ab9e6", "value": "29c0cc17b54dedaa5a5abd03f10018f6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806536", "to_ids": false, "type": "text", "uuid": "e6e8c54b-4db6-4f6a-9ea7-900e04912f34", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859851", "uuid": "39ebbcd7-805e-40a0-94c0-b84300ca7b33", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859851", "to_ids": true, "type": "md5", "uuid": "8724c2cd-8a00-4a29-a5bd-9cbc3f7d2856", "value": "bc88897afad165c32e454c936b0470bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859851", "to_ids": true, "type": "sha1", "uuid": "7d8e85a0-0218-43e2-a996-f00dcd3e5d21", "value": "11ab33efbc0b70c9bcbbab42995dc76e822d5ab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859851", "to_ids": true, "type": "sha256", "uuid": "8016c798-fb93-4a00-8564-ad2a692ecad0", "value": "8c6197d5119b08b3e6ada6072d087e0c380835d20671d23424ca4382c094d6ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806558", "to_ids": true, "type": "ssdeep", "uuid": "6afa8396-5ce1-4b00-aff4-700e86383eae", "value": "12288:iN9C4SsGhGEzlT9EDJiq0ojkyBXXKdK95aL0R17yEuSCMRo8VfBhLOyM:iLqlbQ4qZXuLaydMRP5xOn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806558", "to_ids": false, "type": "size-in-bytes", "uuid": "545d3bcc-6b38-4ff1-a046-96fe737a6ed7", "value": "642782" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806558", "to_ids": true, "type": "vhash", "uuid": "ac2d7ebb-16ef-481c-91b8-6d04bde26f7b", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806558", "to_ids": true, "type": "filename", "uuid": "0c85bf60-a808-4f2c-b519-819c69ae1db8", "value": "bc88897afad165c32e454c936b0470bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806558", "to_ids": false, "type": "text", "uuid": "2d3baf81-9f2d-450e-802a-a21616e990fb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859853", "uuid": "f6b7b8f5-c722-443a-950a-377b5ed4c216", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859852", "to_ids": true, "type": "md5", "uuid": "c6bc2dd8-3837-4044-9774-9aec856d4b52", "value": "e448f32bb187dc6c2c67499d285b7f55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859852", "to_ids": true, "type": "sha1", "uuid": "163f6ecd-d8b7-41b6-be62-3e104998bdf7", "value": "28e691b578115a2171adf7654a681374553f5c57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859853", "to_ids": true, "type": "sha256", "uuid": "a19724e5-5e9b-4832-92ca-83a46d9665ea", "value": "fd608b225c487d7216487138ce88e6d0573d210a9c69f57c23de40c72f9dd626", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806579", "to_ids": true, "type": "ssdeep", "uuid": "3d5170b1-892c-4d6b-a6a0-4bbb9e23cb82", "value": "12288:vN9C4SsGhGEzlT9EDJiq0ojkyBXXKdRX3U9UUp2VfBSLeUL:vLqlbQ4qZXKE9UR5ieu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806579", "to_ids": false, "type": "size-in-bytes", "uuid": "69947761-e80a-40a0-953b-a2bed9f2e735", "value": "642781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806579", "to_ids": true, "type": "vhash", "uuid": "1026d9b9-9cd8-481c-a7e9-dfef2fbcf4cc", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806579", "to_ids": true, "type": "filename", "uuid": "2abd5226-b095-464f-8746-00c0ee557bd2", "value": "e448f32bb187dc6c2c67499d285b7f55.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806579", "to_ids": false, "type": "text", "uuid": "87c4a627-8d0a-4db9-88c1-738ac91e3d5b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859854", "uuid": "dcd47c09-b6ce-429b-8cfa-71b244f9ce98", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859853", "to_ids": true, "type": "md5", "uuid": "687cb44e-a62b-4dd9-b9b1-f8f51571a5eb", "value": "63153046c6b370e892fd19ad407139a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859854", "to_ids": true, "type": "sha1", "uuid": "492c3150-dd64-4b66-a741-12642ce8d43e", "value": "71a19e54e8bf46c35cd79a7078c1841207229787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859854", "to_ids": true, "type": "sha256", "uuid": "fa21d6a1-604f-46e9-acc4-66c2ab439977", "value": "6413602700c1299415858c0b6c3ea797f7ab5f56340cecb50152c8471b5b6005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806600", "to_ids": true, "type": "ssdeep", "uuid": "bd030097-84d2-4a84-8f77-c681d73997b6", "value": "196608:20KZmWTe2bpCx4t/xdM1kMceiJ/CJPxMmYWGr8:2CWTmS/3M1kMcf/kJYWGA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806600", "to_ids": false, "type": "size-in-bytes", "uuid": "35c14499-a22c-4c9b-b54d-75bcad437056", "value": "6518065" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806600", "to_ids": true, "type": "vhash", "uuid": "d518d02e-53dd-4a0a-af67-11dc1b6c0b19", "value": "eeee29802edbca2604f86a55321bafa8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806600", "to_ids": true, "type": "filename", "uuid": "f31279e9-d0d0-4468-84fd-2f91bd6c4cf4", "value": "63153046c6b370e892fd19ad407139a9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806600", "to_ids": false, "type": "text", "uuid": "7f1e4d6d-a0dd-443f-9808-14cfaa58fe0d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859855", "uuid": "4e6d9478-fcc7-4df1-8ec7-d9009ea59d01", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859854", "to_ids": true, "type": "md5", "uuid": "48d9915d-e8fb-46f8-8f2c-101d6cb7a97a", "value": "91a6b3f25117714449cb383420940153", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859855", "to_ids": true, "type": "sha1", "uuid": "7ebb210b-967e-4ff2-8676-ff6c6fa7dbd3", "value": "ab3d1f5aba9ee8153e97459ae77042af908cf418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859855", "to_ids": true, "type": "sha256", "uuid": "511dd348-b86e-4f03-ac03-8ceebccb864a", "value": "0fdb614c960116d882804c15f990f3447e1640d164ca4c55b25fa9cc1eabfa0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806622", "to_ids": true, "type": "ssdeep", "uuid": "0a72d31c-b5c8-4f52-864f-c5d1fc01b071", "value": "12288:bN9C4SsGhGEzlT9EDJiq0ojkyBXXKd0X3U9UUp2VfBjL4J6:bLqlbQ4qZXjE9UR5H4o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806622", "to_ids": false, "type": "size-in-bytes", "uuid": "63c437dd-4017-4299-bf29-845a8aa576d3", "value": "642781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806622", "to_ids": true, "type": "vhash", "uuid": "4ba50a3c-7ee5-4d25-b469-1ce3aa5a3ca2", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806622", "to_ids": true, "type": "filename", "uuid": "aaff0c82-adff-4d63-9ff4-c3c3417dec23", "value": "91a6b3f25117714449cb383420940153.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806622", "to_ids": false, "type": "text", "uuid": "a55817ac-2e80-4850-bcd4-afcc360d9486", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859856", "uuid": "588a15b0-b34e-4dfb-8e52-b3aafbcc5462", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859856", "to_ids": true, "type": "md5", "uuid": "4a805e1d-0186-42e5-bad3-30431b8a8237", "value": "f96b6d4def31ef013e56ddc487bfe125", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859856", "to_ids": true, "type": "sha1", "uuid": "99c02b35-0fac-42d1-abbf-52783b574cdf", "value": "7d628596470cacc66bd1faa1fb175d9e1bf6c126", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859856", "to_ids": true, "type": "sha256", "uuid": "10d4c8d6-6ffb-40a9-8229-64d40146aaf4", "value": "e0b5ccebef8366bef794969275b483eae67eaff9b55f51d20a416e8311588b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806643", "to_ids": true, "type": "ssdeep", "uuid": "ed39a6f6-6f76-4a06-966d-4374c77fa535", "value": "12288:GiN9C4SsGhGEzlT9EDJiq0ojkyBXXKdkVgZIGC3MBHOOzJaRsOE2TLMjA:lLqlbQ4qZXEtCAHOOdaRsyXMU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806643", "to_ids": false, "type": "size-in-bytes", "uuid": "57021e68-db4f-48fd-a615-368289403f72", "value": "642790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806643", "to_ids": true, "type": "vhash", "uuid": "31db02e5-fe05-4400-8663-1e90596958cc", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806643", "to_ids": true, "type": "filename", "uuid": "40c64a1c-9965-4b20-9c0a-8fa23108c78d", "value": "f96b6d4def31ef013e56ddc487bfe125.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806643", "to_ids": false, "type": "text", "uuid": "ba712d36-39ef-45a9-b2da-52e2110cc307", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859857", "uuid": "62e6849d-e853-47d5-8f3d-401c4e4ea590", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859857", "to_ids": true, "type": "md5", "uuid": "6fa65d4c-ebdd-461c-9970-41d37e47e01f", "value": "be76cdf460a42a5662c0ac92b93786dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859857", "to_ids": true, "type": "sha1", "uuid": "85b32ca3-a43a-444f-a304-ff6a96382976", "value": "bf52ce3a2f91fcc5de550aaa4cc9b60cef6bd6fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859857", "to_ids": true, "type": "sha256", "uuid": "d56848b5-65e2-4059-a719-428daf1e2626", "value": "d96b76060f5a32bfde2d56abde1750e0a7c0d73dab74988093a8dbde60efc9cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806664", "to_ids": true, "type": "ssdeep", "uuid": "bca7c709-ce1d-41ad-b1c8-5c9e604deb3c", "value": "24576:lEL2uavqQhoE0Cop0fILgM/CbAchTPDmpW7bH8FvIdJHVHaTC8pyj:ldhiB0VM0AcxDmpW38FAdJHVHaTC8Yj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806664", "to_ids": false, "type": "size-in-bytes", "uuid": "1c1052a0-c53a-4dce-8ff1-67a6b9094fc1", "value": "1339620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806664", "to_ids": true, "type": "vhash", "uuid": "525933bd-539f-492e-82b8-c30f43d055c3", "value": "57a45b275f60a6a66eb5be04742c30b4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806664", "to_ids": true, "type": "filename", "uuid": "3909d935-f899-48c6-b9f3-93ab6f82ba56", "value": "be76cdf460a42a5662c0ac92b93786dd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806664", "to_ids": false, "type": "text", "uuid": "563c48ce-f25e-42e1-8465-99f6bd4431a1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859858", "uuid": "00a97760-76fd-44ee-a269-7dd325b57a65", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859858", "to_ids": true, "type": "md5", "uuid": "8ded3678-5d72-4de9-95c6-d20b21da8946", "value": "51f04cef4ed40cf7d5afaca9dcc16803", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859858", "to_ids": true, "type": "sha1", "uuid": "5b8b06ea-0ecf-4c55-8e00-cf3cfc216500", "value": "5ad8264755033050d423da1edf21c012d8d49c00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859858", "to_ids": true, "type": "sha256", "uuid": "5121ce9c-4193-4c68-a20a-df7754ee05f8", "value": "c463a81a569c54cf03a9afa12fedbd87c728969657034f587bd5e65208b11993", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806686", "to_ids": true, "type": "ssdeep", "uuid": "e08bd21c-3278-45f8-a674-19b329decdb8", "value": "768:WIt03WP8OdaPWSbFuW7/Xyz6PXQ0YwDCyJzjHYbxsQcZULe+vop5tLcD/JGJms9J:WNwEbF6zoXXYwuyJzjkW3UXwpaRG7xJB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806686", "to_ids": false, "type": "size-in-bytes", "uuid": "31b6a05a-31d9-44af-9500-a0bcff8b37ae", "value": "45353" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806686", "to_ids": true, "type": "vhash", "uuid": "6b0a4bd4-5358-417b-a40e-e712aed15d79", "value": "51db5dc49dce899814d0903922349b83" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806686", "to_ids": true, "type": "filename", "uuid": "956ad5ef-57d0-41a8-8506-7a7aacac5a22", "value": "plugin.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806686", "to_ids": false, "type": "text", "uuid": "c9353109-109a-4d39-abfa-74df99afee2d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859859", "uuid": "fea83f12-3144-4274-bb42-001585ffcd67", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859859", "to_ids": true, "type": "md5", "uuid": "1d380a35-ee33-478d-85dd-faaae9534ad3", "value": "191d05f987c33bc66beeec7a10cbb610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859859", "to_ids": true, "type": "sha1", "uuid": "6f8c0441-93c7-4c74-9b88-0c7696298286", "value": "f28122340fc2ca3e79dbff5449914b2516a61bc3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859859", "to_ids": true, "type": "sha256", "uuid": "d257ebd5-d33c-4e27-8b91-b04051140202", "value": "fbf3c0cb5c877f551156abea20495a70f7ffe2f4213521570206a89081b9424e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806707", "to_ids": true, "type": "ssdeep", "uuid": "45923678-21f9-465c-ae9d-88bca554bb9d", "value": "12288:YN9C4SsGhGEzlT9EDJiq0ojkyBXXKdQvupzXF2NCU+hEpX7L4xm:YLqlbQ4qZXq1gCtu/48" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806707", "to_ids": false, "type": "size-in-bytes", "uuid": "1971a7ce-04fc-464d-9715-e848692407c4", "value": "642785" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806707", "to_ids": true, "type": "vhash", "uuid": "01e49a95-945b-4785-b76e-89e3b1768fa7", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806707", "to_ids": true, "type": "filename", "uuid": "8a2ab347-b7bd-475d-9482-267699de0b66", "value": "191d05f987c33bc66beeec7a10cbb610.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806707", "to_ids": false, "type": "text", "uuid": "4f20e38f-740c-47ea-98b9-ebb9e70edf9e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859861", "uuid": "14d92ce4-9909-4fc9-9e02-d3a58d164acc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859860", "to_ids": true, "type": "md5", "uuid": "27d53b5b-f066-4984-99a3-4f1187d801d4", "value": "c3c02e3cc972cc466e47bb13862a2400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859860", "to_ids": true, "type": "sha1", "uuid": "21c96405-076e-40a0-9ff2-1a757e567182", "value": "3b369ff510e0098edf7ed88464d095447d1f8ca3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859861", "to_ids": true, "type": "sha256", "uuid": "7a8ecb4b-7f6f-4fe4-bd38-d7490bca7397", "value": "b90b824525aaf9039c1254eb7e2092d1050121daa575cd161ba3e384176bc6bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806728", "to_ids": true, "type": "ssdeep", "uuid": "5513293b-ce00-4f81-aca5-d6536868d751", "value": "12288:rN9C4SsGhGEzlT9EDJiq0ojkyBXXKdMX3U9UUp2VfBtLc3W:rLqlbQ4qZXnE9UR5NcG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806728", "to_ids": false, "type": "size-in-bytes", "uuid": "df0a0dc0-ca58-4f0d-83ff-d129e1f72282", "value": "642781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806728", "to_ids": true, "type": "vhash", "uuid": "73a12016-1a7c-4d57-94f1-f0a94633722e", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806728", "to_ids": true, "type": "filename", "uuid": "a867f627-a596-4962-80e7-39a00c264555", "value": "c3c02e3cc972cc466e47bb13862a2400.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806728", "to_ids": false, "type": "text", "uuid": "aa08a9b8-b6ff-45b0-a683-47a00ae68a4a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859862", "uuid": "daae9cd3-baca-48ce-be57-e91113baf84b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859861", "to_ids": true, "type": "md5", "uuid": "088f1b88-254d-49f5-99c3-a1fd83680bf2", "value": "88399258e3db8b2b6fc32c96456d6f5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859862", "to_ids": true, "type": "sha1", "uuid": "96d4754a-3fae-4e1d-bce1-1295705fa985", "value": "3dbf54a86c8f1aa26c37961fe6b4a2283d1abad9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859862", "to_ids": true, "type": "sha256", "uuid": "f7374b3f-a379-401e-814e-9286d9ceb607", "value": "5746277115f0a4b202cb6ce2455d0379790d31a9119f3add31641d6ae5c3797a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806750", "to_ids": true, "type": "ssdeep", "uuid": "85976f98-d70e-47e2-b076-aee7e6f04ddd", "value": "12288:cN9C4SsGhGEzlT9EDJiq0ojkyBXXKddX3U9UUp2VfBpL8jA:cLqlbQ4qZXSE9UR558U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806750", "to_ids": false, "type": "size-in-bytes", "uuid": "8eb8553b-f4be-4be0-a290-5f9e09307f22", "value": "642781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806750", "to_ids": true, "type": "vhash", "uuid": "5c8e65b1-46ec-4cc7-b5a7-2ee907cc0402", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806750", "to_ids": true, "type": "filename", "uuid": "75854c82-cb39-412d-ac0c-d84f93dde657", "value": "88399258e3db8b2b6fc32c96456d6f5b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806750", "to_ids": false, "type": "text", "uuid": "19c443c6-01a3-46b7-86ee-5751abbc0e0e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859863", "uuid": "7e6663fe-e2af-4dae-bf54-bfa8d2b5c731", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859862", "to_ids": true, "type": "md5", "uuid": "d02fbdcd-2182-4180-8b65-ee901fa7bc65", "value": "9f441777dd2b85de01d01b60909b10e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859863", "to_ids": true, "type": "sha1", "uuid": "aa2f78f8-fff1-4aca-b461-c727ed656ad1", "value": "24ff8f9fcef0bff883cb4dbf37e2202468d13a91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859863", "to_ids": true, "type": "sha256", "uuid": "3c4acb12-c3f2-45a8-9986-ef131ffeb9b6", "value": "084c6b14c35f9634cb1a364dea936b31d77f4c84c3a90da104f9f6cd697fee35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806771", "to_ids": true, "type": "ssdeep", "uuid": "1f96b096-128d-4949-82b4-719c51d9e24f", "value": "12288:6N9C4SsGhGEzlT9EDJiq0ojkyBXXKdqX3U9UUp2VfBgLeGp:6LqlbQ4qZXBE9UR5keu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806771", "to_ids": false, "type": "size-in-bytes", "uuid": "c8fa2313-c6d5-4ea6-b782-e0e3c9ebf890", "value": "642781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806771", "to_ids": true, "type": "vhash", "uuid": "314785a7-e281-4493-8c47-3a7b4a4529e2", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806771", "to_ids": true, "type": "filename", "uuid": "e35d1a2c-d519-4621-875c-25e4aa4da8de", "value": "24ff8f9fcef0bff883cb4dbf37e2202468d13a91.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806771", "to_ids": false, "type": "text", "uuid": "4d5d262f-bf34-4991-9fc5-1f866c5c1f47", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859864", "uuid": "11d54e09-0052-4ecc-a8df-187aedf2453e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859864", "to_ids": true, "type": "md5", "uuid": "6bb20e43-79ae-4b82-afb8-644ff6162c19", "value": "72342843918b028d6c10edd5ced6780c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859864", "to_ids": true, "type": "sha1", "uuid": "acaa71cc-c777-45b7-bae5-98acc3ce8fbf", "value": "4056e7862be099690100548c0918783c4de7004e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859864", "to_ids": true, "type": "sha256", "uuid": "c017d48e-a9d8-4088-a37f-23ecafa55e8a", "value": "5472b1a879f3d2a26e22d9ba09f4f81ee14c7a6b2be3ccd82cb4968e643cd951", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806792", "to_ids": true, "type": "ssdeep", "uuid": "afc90700-5e18-4314-885c-a407ddfa810e", "value": "786432:uG7pT8HvkeagyPVEa3FuqKH/uMIDJrHV5tS:J7ERagw6apKHW/DJB5tS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806792", "to_ids": false, "type": "size-in-bytes", "uuid": "63b6290c-fe42-469d-80d6-7aa35a6bb181", "value": "29367516" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806792", "to_ids": true, "type": "vhash", "uuid": "7d32dd55-af03-4b7c-8b54-ea9c160271a6", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806792", "to_ids": true, "type": "filename", "uuid": "cfa10a17-fa3c-439c-a807-3814977e5f4a", "value": "72342843918b028d6c10edd5ced6780c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806792", "to_ids": false, "type": "text", "uuid": "71d69c83-2cdc-4275-b4d9-64d08287e8cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859865", "uuid": "84497e14-1aec-4d4d-a1c8-c117944777ca", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859865", "to_ids": true, "type": "md5", "uuid": "097bd34f-f94a-4636-b137-ac1f8038dd20", "value": "a80803efe5e033239eed81a2299b63dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859865", "to_ids": true, "type": "sha1", "uuid": "e6703904-6f0b-4c89-a042-0a815ca8b12a", "value": "5794093562594a695928d1e6f051bbe1f118e4d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859865", "to_ids": true, "type": "sha256", "uuid": "ec7abbff-8fc6-4625-acf7-00680fe191d9", "value": "714a043e7c801d51b699cc80f1dc11baba96e3323004462c4803d55166b5f169", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806814", "to_ids": true, "type": "ssdeep", "uuid": "aa429b4e-525e-4306-a54c-a1795f795fbc", "value": "393216:hidNTQupR+gO9vLim7Wwq95NbbLJBc7DocK1crru:aphpogO9vLi+Wwq9jPL/cXocK1uu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806814", "to_ids": false, "type": "size-in-bytes", "uuid": "48daa41c-b79e-4556-80f8-66cf9d39057f", "value": "16622734" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806814", "to_ids": true, "type": "vhash", "uuid": "fd8f083c-eac8-4e71-be51-bbc8b882b5b3", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806814", "to_ids": true, "type": "filename", "uuid": "d85aa032-cf87-457d-bf5d-81c3334ccfff", "value": "a80803efe5e033239eed81a2299b63dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806814", "to_ids": false, "type": "text", "uuid": "c6337982-c4f6-4192-88d2-96daaaf79460", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859866", "uuid": "8e10fed1-bb3c-4a38-95a4-45ec914e3c88", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859866", "to_ids": true, "type": "md5", "uuid": "63cb28b6-c793-4815-ba5a-dbb17aa77249", "value": "fef3773e3a9d81a6dd51aea039640f72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859866", "to_ids": true, "type": "sha1", "uuid": "96917795-5577-435e-9b02-bd2948432151", "value": "aefb443cac09273cc7f17da7a670bade5de29390", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859866", "to_ids": true, "type": "sha256", "uuid": "5855541b-f136-4411-aa9f-1484d0a12f17", "value": "107eb4409520f619ec88f3316b50f78abf3efc5e37a09036bff453ef232f4c3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806835", "to_ids": true, "type": "ssdeep", "uuid": "3e2f9f3f-7825-4a7b-bf94-e346f4b36fae", "value": "98304:tbFJLdRPyh1imsBAD6XfHirhdvzu2WdJjW0xFTV/Lrcs1nNbYk8EXpEuroIAQH1v:VnLdW1imsOh9izXxFTV8Qnak8EpJcrrM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806835", "to_ids": false, "type": "size-in-bytes", "uuid": "0c345226-3059-4d11-91fe-bb01f4ece5ea", "value": "6001380" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806835", "to_ids": true, "type": "vhash", "uuid": "89314c14-a94a-4223-93a2-5837692d8599", "value": "33a118cbcb9b2dc1b71e3207578df45e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806835", "to_ids": true, "type": "filename", "uuid": "bf67288a-ab07-4524-9cde-27b2394f55bc", "value": "fef3773e3a9d81a6dd51aea039640f72.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806835", "to_ids": false, "type": "text", "uuid": "9cbf9729-b8d3-44ed-a3bb-c2495cb040c3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859867", "uuid": "b79b1f01-0a5d-485d-9fcb-2a8a26d71753", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859867", "to_ids": true, "type": "md5", "uuid": "993d0fb0-e193-4d9b-916d-cfe2e17a3e41", "value": "bb4b8339e9aaeeeb40b576f6182bd610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859867", "to_ids": true, "type": "sha1", "uuid": "cde6844a-f866-4c4d-9c5e-d04ea549ea84", "value": "28f6ff4632db73a336cfe1214f9f677fb5865eb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859867", "to_ids": true, "type": "sha256", "uuid": "0cdcd59b-3d05-4b02-aaa4-f909ba2eaed6", "value": "6dd9fb965c71c6cfe01c8fdd9e47a3a751bb05934657373ef8d3531ca58c2725", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806856", "to_ids": true, "type": "ssdeep", "uuid": "0ad57ad7-675d-4726-a3d1-29a024ef7793", "value": "98304:ryDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrKFHCcruoJ:uDUC2n/zgMs6uzvNOAQi4IxgYrKYcrrJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806856", "to_ids": false, "type": "size-in-bytes", "uuid": "e7486388-1784-4627-8e44-f0b6896be35a", "value": "5375884" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806856", "to_ids": true, "type": "vhash", "uuid": "991b04d6-0fd4-4473-8f54-aee7d29b09e7", "value": "33a118cbcb9b2dc1b71e3207578df45e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806856", "to_ids": true, "type": "filename", "uuid": "73d008c0-eaac-4c8b-8d4e-b0e07b08c32a", "value": "bb4b8339e9aaeeeb40b576f6182bd610.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806856", "to_ids": false, "type": "text", "uuid": "520b4e35-a0ee-4de9-81d7-e464eb7a0f66", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859869", "uuid": "ae383c22-e018-4a0a-870f-cc11a68a48f2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859868", "to_ids": true, "type": "md5", "uuid": "d6386a26-4af5-49db-9569-bda9dad39b7d", "value": "dcccb4b2dd49519a13b639bdff51f5f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859868", "to_ids": true, "type": "sha1", "uuid": "122803f1-ac7c-4013-b34a-d5004ecee3f2", "value": "af33dd391de2e8c9d3307ce6ae394b3d77f205e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859869", "to_ids": true, "type": "sha256", "uuid": "d13d18e9-bac5-4bb4-8a24-b4be3b9219d3", "value": "0f052c163144239b1f5aab0d075ed610c60f5cd51bf6a7ab0908e0477658b65d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806878", "to_ids": true, "type": "ssdeep", "uuid": "3b626f18-6db0-4d74-bfdb-777c0eb12319", "value": "12288:gN9C4SsGhGEzlT9EDJiq0ojkyBXXKdnJzAvyd0zbcPFjf57ddu6iwpXmLMnA:gLqlbQ4qZX0JziPc9L7duo2MA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806878", "to_ids": false, "type": "size-in-bytes", "uuid": "bf148a46-406d-4b95-b0fb-952a43a034d4", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806878", "to_ids": true, "type": "vhash", "uuid": "20055343-7fa0-4aec-a191-024533807092", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806878", "to_ids": true, "type": "filename", "uuid": "5ca84a06-958b-41ae-8538-1dfd9e52c607", "value": "dcccb4b2dd49519a13b639bdff51f5f3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806878", "to_ids": false, "type": "text", "uuid": "4ba9ff0f-461e-4080-b080-58f10923908b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859870", "uuid": "6353a4bc-4234-425b-a393-06f7dd12cf21", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859869", "to_ids": true, "type": "md5", "uuid": "7318865d-d95c-48ab-8992-9c9ee3d0cbae", "value": "4107e888e036a7f2d70b2668dddaf373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859870", "to_ids": true, "type": "sha1", "uuid": "6a02f193-daed-40eb-9149-f5837237383a", "value": "69ba343215d46ba5e08d738905e497631e6a9ef7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859870", "to_ids": true, "type": "sha256", "uuid": "c05b9304-b05a-403d-b5b8-4c9299497909", "value": "6cfc803b63cc7847c76d2e4c8fadf7ad9ce69a1ba01f9eba1f2e81c1d261b8c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806899", "to_ids": true, "type": "ssdeep", "uuid": "d813d7be-3922-475f-82a2-4ad57d67d4fb", "value": "12288:9N9C4SsGhGEzlT9EDJiq0ojkyBXXKdQJzAvyd0zbcPFjf57ddu6iwpXwLENW:9LqlbQ4qZXrJziPc9L7duoUEA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806899", "to_ids": false, "type": "size-in-bytes", "uuid": "3023a3aa-f9fc-4a0f-89e1-cbf501083fc7", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806899", "to_ids": true, "type": "vhash", "uuid": "fe4ee59a-f40c-4b60-b922-4f3a094d5146", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806899", "to_ids": true, "type": "filename", "uuid": "4a3de14a-8433-4977-8dde-a0227f98fe06", "value": "4107e888e036a7f2d70b2668dddaf373.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806899", "to_ids": false, "type": "text", "uuid": "4cc8fed7-3c4b-4e58-9051-48121b298633", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859871", "uuid": "a0a4892a-8b7b-4333-bbd8-253002a07b9c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859871", "to_ids": true, "type": "md5", "uuid": "8984a0c5-83e8-4b3e-9bb3-63f09fab81dc", "value": "e2a5775c35458fe20441a98389f038f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859871", "to_ids": true, "type": "sha1", "uuid": "09b98056-95db-4011-b761-5e0e4d56adf0", "value": "a8a416165392ec5eeb3cb8fdeda5ebbc7744ade6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859871", "to_ids": true, "type": "sha256", "uuid": "57db33cf-67a2-4292-af49-17cce3b27a96", "value": "bfa6627006f153fb9d5bd36ee98674fcd6efc81db7081d8dc4c89d26fc3059c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806920", "to_ids": true, "type": "ssdeep", "uuid": "80482846-c557-407f-8a76-771d1bc4849a", "value": "12288:DN9C4SsGhGEzlT9EDJiq0ojkyBXXKdWJzAvyd0zbcPFjf57ddu6iwpX+LM/m:DLqlbQ4qZXNJziPc9L7duoOM+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806920", "to_ids": false, "type": "size-in-bytes", "uuid": "bf2ecfb2-d843-4195-ba32-276c95cf8a92", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806920", "to_ids": true, "type": "vhash", "uuid": "dc7342d0-bc1b-49e4-a657-4aa3d175586e", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806920", "to_ids": true, "type": "filename", "uuid": "7aff985b-c65b-4b6d-8c1f-fb57be5a42b3", "value": "e2a5775c35458fe20441a98389f038f7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806920", "to_ids": false, "type": "text", "uuid": "2483fd7a-7783-43cf-96dc-e471b733f059", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859872", "uuid": "eab23d18-70f0-4aa0-81bc-43491efff223", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859872", "to_ids": true, "type": "md5", "uuid": "b690a5f0-3c04-4261-a1c3-a24163ae2aa6", "value": "eba1b294e7623eb3b3021da4a63efdf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859872", "to_ids": true, "type": "sha1", "uuid": "e60f39be-adf4-40a5-8bca-20ef117b17ee", "value": "ed7ba3cc070a7fe5853eedb5f0aae16bca35f6dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859872", "to_ids": true, "type": "sha256", "uuid": "0d9e382c-3595-4dcf-977d-b3f1df2c18a5", "value": "30f616091b9fae46d08181fd5cc32e8f0d37fd4878cecfebb9ed6ce933f79ec5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806941", "to_ids": true, "type": "ssdeep", "uuid": "6fb1c2dd-c8a5-45ff-b642-c6bb12660a45", "value": "12288:2N9C4SsGhGEzlT9EDJiq0ojkyBXXKdLJzAvyd0zbcPFjf57ddu6iwpX6L+0r:2LqlbQ4qZXYJziPc9L7duoK+y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806941", "to_ids": false, "type": "size-in-bytes", "uuid": "e2dadf73-f928-48ed-b2db-38feaad6a82a", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806941", "to_ids": true, "type": "vhash", "uuid": "e7e2f938-525a-49bc-801f-0f9af91e009d", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806941", "to_ids": true, "type": "filename", "uuid": "778b06bd-249c-4a50-86fd-bb3a3f96ae48", "value": "eba1b294e7623eb3b3021da4a63efdf4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806941", "to_ids": false, "type": "text", "uuid": "7eabbfe6-f8a5-42a8-9654-ea657ed879a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859873", "uuid": "f22f99b4-ef40-4bfb-85ea-77b142164fbb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859873", "to_ids": true, "type": "md5", "uuid": "5ccf0e54-f690-464c-b528-3a51a7db2f65", "value": "41d4f161063bc846ed4e7456019b3015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859873", "to_ids": true, "type": "sha1", "uuid": "5a0e7039-f528-452e-8860-d01829cb08ae", "value": "ec5df323523469945b80dace3f417cc79e3ffb16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859873", "to_ids": true, "type": "sha256", "uuid": "664bd8e6-499e-4489-b7be-92507e0e04d9", "value": "b89b0e98861f552595b7a6f570b252d61dff939bc9d00be8027c320e03b70115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806963", "to_ids": true, "type": "ssdeep", "uuid": "1b08ae4e-8682-4ffb-a28a-cf772e5d4028", "value": "12288:ZN9C4SsGhGEzlT9EDJiq0ojkyBXXKdWJzAvyd0zbcPFjf57ddu6iwpXNLek6:ZLqlbQ4qZXNJziPc9L7duotej" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806963", "to_ids": false, "type": "size-in-bytes", "uuid": "91d131fb-71c1-4400-ae9d-ea7a127e0ca2", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806963", "to_ids": true, "type": "vhash", "uuid": "7baab97c-1d97-424b-9383-2a65fdcd9493", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806963", "to_ids": true, "type": "filename", "uuid": "0cc4054f-3002-49d9-867b-feb0fdff7456", "value": "41d4f161063bc846ed4e7456019b3015.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806963", "to_ids": false, "type": "text", "uuid": "7ae77d76-faac-43dd-8854-79d794fa1f62", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859874", "uuid": "8e1eff60-eb5b-4df9-bc22-a09f62becbf1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859874", "to_ids": true, "type": "md5", "uuid": "b644526d-2099-4c9e-88e7-d07a30a8a2c3", "value": "e2ef2e799e6bf83851f0f39584b9c7d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859874", "to_ids": true, "type": "sha1", "uuid": "d8f1dddb-5caa-4479-b9e9-7d3f556c254b", "value": "b3ad4beb46023093f08532c3a31d2f10a8818df3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859874", "to_ids": true, "type": "sha256", "uuid": "5caf90ec-1ac3-481d-a1b2-070585f6ff20", "value": "bea01cbc7188ed70ca11fb458000a48927a0ba48a2e688d25d161ff078e3157e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740806984", "to_ids": true, "type": "ssdeep", "uuid": "8ceee119-ba94-45f1-b625-9a3e84581758", "value": "12288:wVN9C4SsGhGEzlT9EDJiq0ojkyBXXKd8bGRuohSNM2a3BB8LGEL:wVLqlbQ4qZXlbGRuoUNM2ajQGa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740806984", "to_ids": false, "type": "size-in-bytes", "uuid": "85236060-0731-4e60-8ad9-7128823bc3a0", "value": "642786" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740806984", "to_ids": true, "type": "vhash", "uuid": "ae3e1e2a-4d9d-4185-9951-3b7d01b95bcd", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740806984", "to_ids": true, "type": "filename", "uuid": "eaf0b9bb-d606-4bb6-a0b5-637f083b3cb9", "value": "e2ef2e799e6bf83851f0f39584b9c7d2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740806984", "to_ids": false, "type": "text", "uuid": "8b79a248-315b-4428-a273-99ab5c1a15e9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Bitrepeyp.B\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859875", "uuid": "4f986124-ab4f-4059-8efa-202e6dc9f941", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859875", "to_ids": true, "type": "md5", "uuid": "4deddde5-b58a-4a3e-b4ad-01969cdd45d4", "value": "10775e78f5fd0a076146da6b6e31c269", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859875", "to_ids": true, "type": "sha1", "uuid": "5e0824a6-28bf-4016-a186-b210feda36b5", "value": "3ed6f2a51573cfed02573f63357fab985f8fec7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859875", "to_ids": true, "type": "sha256", "uuid": "991d53a4-49c1-469c-ab2e-dbefcfdeffcf", "value": "6baf138af5cff0e74df1e9d00b0b6da9be1026860b9a0391d3af5b9eb6ed70f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807006", "to_ids": true, "type": "ssdeep", "uuid": "0a001748-52b4-4069-abc8-58a181066db1", "value": "12288:LN9C4SsGhGEzlT9EDJiq0ojkyBXXKdmJzAvyd0zbcPFjf57ddu6iwpXaL0vC:LLqlbQ4qZX9JziPc9L7duoq0K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807006", "to_ids": false, "type": "size-in-bytes", "uuid": "c707393c-5ddf-477c-bbc1-45259ba891a9", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807006", "to_ids": true, "type": "vhash", "uuid": "961de28e-d5ff-49af-a712-83a5d5218d17", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807006", "to_ids": true, "type": "filename", "uuid": "e294811c-7f38-407e-ab83-f34b05eb9507", "value": "10775e78f5fd0a076146da6b6e31c269.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807006", "to_ids": false, "type": "text", "uuid": "179a75d5-990b-4f03-8881-a60fb339b509", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859877", "uuid": "e9ab0ce8-a316-499b-81fc-0a1b66332d48", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859876", "to_ids": true, "type": "md5", "uuid": "94548f20-1326-4247-86a6-483268ab4940", "value": "afec31fc1d5f6199c63b7c58e4cfc400", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859876", "to_ids": true, "type": "sha1", "uuid": "2a629437-3e0d-4c21-b855-c8472b6ce396", "value": "bcb4495e78f4a5000a0ba73f82f2b5270f106464", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859877", "to_ids": true, "type": "sha256", "uuid": "645e1432-cdb0-482c-a71c-c1590cb8f8b9", "value": "bb324c93b92414c1aaa071c15f324184c12eb33cc0d224796fb13514a02884ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807027", "to_ids": true, "type": "ssdeep", "uuid": "d38776f0-3c85-40ec-9f25-ba36bce27578", "value": "12288:nfBzlIEXAJe6ANXYC3HAA+9xCDlwKdNLBcIq4pASn5ET6qv6esFakicJKjboRLUh:nfqQ60IWxKuBfq4fCLafiP/bFqYd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807027", "to_ids": false, "type": "size-in-bytes", "uuid": "8b32c51e-2ac0-49fe-96d4-7364876a7295", "value": "826829" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807027", "to_ids": true, "type": "vhash", "uuid": "32227534-d4c8-450f-8725-059e0d1dac21", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807027", "to_ids": true, "type": "filename", "uuid": "d040a3cd-cd2d-46c2-be30-5f7a16675d8a", "value": "afec31fc1d5f6199c63b7c58e4cfc400.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807027", "to_ids": false, "type": "text", "uuid": "7aa211d5-bb0d-4a4a-8799-524ec7d4af8e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859878", "uuid": "8955b089-a512-464f-9a8a-25463816fe20", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859877", "to_ids": true, "type": "md5", "uuid": "40c47e9c-4838-4cb6-9aa8-414623369d96", "value": "c672fc5816b289e5b5c449a00e9f03cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859877", "to_ids": true, "type": "sha1", "uuid": "61918cbc-71c5-46e4-90af-79d8964fe303", "value": "85c005aa88e7140043e22cc8712a8271ec49f51a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859878", "to_ids": true, "type": "sha256", "uuid": "e0fb7c97-8c93-4e51-ad2e-77cc466bb28f", "value": "9480669442ff6bcb4a3afa8b26ed106c0c7dfc9e28c872fc1a299a1b469abd44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807048", "to_ids": true, "type": "ssdeep", "uuid": "981138b0-0349-4f53-890a-37c40a83cf5d", "value": "12288:xN9C4SsGhGEzlT9EDJiq0ojkyBXXKdYJzAvyd0zbcPFjf57ddu6iwpXoLE16:xLqlbQ4qZXzJziPc9L7duoMEE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807048", "to_ids": false, "type": "size-in-bytes", "uuid": "3a5b545c-c535-4b0b-803a-e887fc93866e", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807048", "to_ids": true, "type": "vhash", "uuid": "5c4ed3bc-686d-4d29-a79e-4f5f3fa7ce20", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807048", "to_ids": true, "type": "filename", "uuid": "4626da9d-111a-4c6e-9dbd-9b9008e3557c", "value": "c672fc5816b289e5b5c449a00e9f03cf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807048", "to_ids": false, "type": "text", "uuid": "f1f9c56c-d00a-4f23-97b7-0a69bd071d99", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859879", "uuid": "875280b7-65bb-406a-9572-1e991064d0cf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859878", "to_ids": true, "type": "md5", "uuid": "e9b794c6-69b9-4210-a4b4-154f68b9ea8b", "value": "fc140ee6c5a4688c03836b0f28a67b65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859879", "to_ids": true, "type": "sha1", "uuid": "ef1cf927-6e31-4a74-8c17-bf0f3c74cf1d", "value": "9ec115e22a8bda7c0aa32ff2e3422da112902ffc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859879", "to_ids": true, "type": "sha256", "uuid": "5bf5a7ec-2d81-452b-bc98-b889ba9f7c7b", "value": "38616bba9657eac5f53f2d44b97dbcd3a5e729c87972a96b044ef3aeafdabb21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807070", "to_ids": true, "type": "ssdeep", "uuid": "724dcccb-0539-4994-b033-7809257ff3a5", "value": "12288:tN9C4SsGhGEzlT9EDJiq0ojkyBXXKd5JzAvyd0zbcPFjf57ddu6iwpXHLy+1:tLqlbQ4qZXyJziPc9L7duoryy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807070", "to_ids": false, "type": "size-in-bytes", "uuid": "075ce7ad-2d5c-457f-a6be-3ca79129653d", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807070", "to_ids": true, "type": "vhash", "uuid": "7a601367-a1fa-467c-a8ed-4bd2db7edd61", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807070", "to_ids": true, "type": "filename", "uuid": "a052e808-1119-4674-ab03-f09f68fbe25b", "value": "fc140ee6c5a4688c03836b0f28a67b65.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807070", "to_ids": false, "type": "text", "uuid": "bb38c5b9-aecb-430e-b938-9ccb8c142cac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859880", "uuid": "dba07053-ac86-4fa4-a6c7-4da3624d529a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859880", "to_ids": true, "type": "md5", "uuid": "aa87bf5a-1c18-4fc5-ae9f-d530102dc1b0", "value": "80f7db37a833a3cf8767aa4a74a3dbbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859880", "to_ids": true, "type": "sha1", "uuid": "ff1de95a-6e53-4257-a8f6-f50a29d806fc", "value": "bc1beebdda6060a6e1adf1153b152ca152c94d8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859880", "to_ids": true, "type": "sha256", "uuid": "49602091-7880-4d60-91d3-7f7d1c971f1d", "value": "cb50cb1e1c2314ad473225e69c15839befc1bf3ee9b593276771f7189886ac4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807091", "to_ids": true, "type": "ssdeep", "uuid": "9717c5d6-2d78-4b54-89cc-8288bb28b884", "value": "12288:RN9C4SsGhGEzlT9EDJiq0ojkyBXXKdcYFthSBE602xuJTIJBHLyam:RLqlbQ4qZXJYFtJ2xuJTIryJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807091", "to_ids": false, "type": "size-in-bytes", "uuid": "8a37643f-c476-4c4d-9ae1-2b0189a60f63", "value": "642785" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807091", "to_ids": true, "type": "vhash", "uuid": "7d627c7c-4ff7-433d-af61-9c83729a8378", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807091", "to_ids": true, "type": "filename", "uuid": "9a03b0f6-e0b2-4851-b1c7-836a82561908", "value": "80f7db37a833a3cf8767aa4a74a3dbbf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807091", "to_ids": false, "type": "text", "uuid": "2a96f807-f20d-4def-8a1e-e18dc0a74163", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859881", "uuid": "bbdf7d21-8725-4abb-8ec5-119e0827cd09", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859881", "to_ids": true, "type": "md5", "uuid": "d98c96ee-5beb-4f1a-b8c3-86c7536e13d3", "value": "f1b3d6c8c378a558e3e7b096f1993d2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859881", "to_ids": true, "type": "sha1", "uuid": "ffdf8a3b-b0c5-4497-911f-3232637566d0", "value": "81d36899693b5ab30544e8e729cce70728e7bd37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859881", "to_ids": true, "type": "sha256", "uuid": "d5609681-6d93-43b2-8f99-ac9bcfce903c", "value": "64e9d61caf381aa6da435a5efb4c5d1bf7d282ccd8a5939b730ce5af3bbe0a76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807113", "to_ids": true, "type": "ssdeep", "uuid": "5aa808cb-5381-455c-a646-82b235d62a70", "value": "12288:wN9C4SsGhGEzlT9EDJiq0ojkyBXXKdaJzAvyd0zbcPFjf57ddu6iwpX3LmiD:wLqlbQ4qZX9JziPc9L7duo7mU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807113", "to_ids": false, "type": "size-in-bytes", "uuid": "4d09e897-1a30-4b79-90a9-939688e155b1", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807113", "to_ids": true, "type": "vhash", "uuid": "1e65ab95-e0fa-4bca-99c3-054ece7f5525", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807113", "to_ids": true, "type": "filename", "uuid": "055bc813-9534-4bd1-83b8-ab89963a3140", "value": "f1b3d6c8c378a558e3e7b096f1993d2f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807113", "to_ids": false, "type": "text", "uuid": "23207f88-8433-4a3c-8f05-b22402b76b85", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859883", "uuid": "54c35df8-0767-413e-a6bb-5fa37748b6ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859882", "to_ids": true, "type": "md5", "uuid": "74c907e9-048d-4ec0-94fa-8806d6fb06f4", "value": "7dc59e7aa741dcfdf87be244ce0c4a69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859882", "to_ids": true, "type": "sha1", "uuid": "1bff2641-23b2-477b-86c3-c43678954916", "value": "0e7a011ee337364101b70a001ce479fff4b59a2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859883", "to_ids": true, "type": "sha256", "uuid": "95b72ef2-c6d7-4860-8b8a-8fb02a4eeef8", "value": "af4890419fc1b862a0c46e70781507871bbff4641b002cd133f42a3cdda1e80d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807134", "to_ids": true, "type": "ssdeep", "uuid": "37f63f04-18f1-422f-8404-deef80850c5c", "value": "12288:KN9C4SsGhGEzlT9EDJiq0ojkyBXXKdBJzAvyd0zbcPFjf57ddu6iwpX6L0PI:KLqlbQ4qZXaJziPc9L7duoK0w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807134", "to_ids": false, "type": "size-in-bytes", "uuid": "01fad142-dcd1-49d1-bdf0-4d8b0d87baaa", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807134", "to_ids": true, "type": "vhash", "uuid": "c9cc8481-e953-47f7-ba9f-d7e8ade5ca16", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807134", "to_ids": true, "type": "filename", "uuid": "94273407-c131-4d51-bb32-0fafc4bd312b", "value": "7dc59e7aa741dcfdf87be244ce0c4a69.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807134", "to_ids": false, "type": "text", "uuid": "310b8d5a-0ad2-44b4-ae1f-cfec717b74c5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859884", "uuid": "185f81af-29c0-4fd4-81ee-3fd10836a26c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859883", "to_ids": true, "type": "md5", "uuid": "61ea12f5-29bd-4baf-8fb0-62d70752605d", "value": "d99228fc2ac81008ddbea562544d342a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859884", "to_ids": true, "type": "sha1", "uuid": "6da4f779-c2da-49be-9455-c7db9ee5bae2", "value": "158d93b1abaff0cd5fd4cb438aa01470bd9f5baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859884", "to_ids": true, "type": "sha256", "uuid": "9f3b541d-9cef-4d1e-bcf1-79383051f438", "value": "05bf3e200037b65fffa06ef989713f36d96b2395001cbb082c78f61d064e7dcc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807155", "to_ids": true, "type": "ssdeep", "uuid": "2031c1e1-848c-4db3-9cbf-378299f7193a", "value": "393216:OTyA+nAau7CGlSM5ZY/6vru0uYSkNpZQslE82mdk/X2EdS8F0HbTipWa2uS90E0A:Isu7EM5ZYCvrjuYrxluakDdS40va2Zj5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807155", "to_ids": false, "type": "size-in-bytes", "uuid": "1021e431-927d-4b23-91c0-d764958f1fa0", "value": "25073473" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807155", "to_ids": true, "type": "vhash", "uuid": "567de7e4-f377-47bc-8851-c45244c65346", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807155", "to_ids": true, "type": "filename", "uuid": "37101853-0053-47b4-b113-381bc88fa6ac", "value": "d99228fc2ac81008ddbea562544d342a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807155", "to_ids": false, "type": "text", "uuid": "9e9f77bf-6ebc-48bb-84ca-e5eef940a83a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859885", "uuid": "22831e88-5c35-4db5-a83d-0e98bb0330a7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859885", "to_ids": true, "type": "md5", "uuid": "2018b261-29d7-497e-b67b-e013a3fd84e1", "value": "7b810b13e5529321f5d554286f6e3b9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859885", "to_ids": true, "type": "sha1", "uuid": "44bc5628-e57a-42b5-a48e-506c20c75eb2", "value": "70301deaf25f6c1dcaff0686fce17a242cb628e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859885", "to_ids": true, "type": "sha256", "uuid": "882242cb-a96a-4966-8a49-e5da4f900af5", "value": "b835c86c50e007736d90ada7b2b483316f90f07c24924664f262a76f33c5c61f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807177", "to_ids": true, "type": "ssdeep", "uuid": "d4991b37-10c7-4f7c-b97b-ab538827a8d8", "value": "786432:NFp6j6c4tDUaD6HHwG4fxSnDehzRemquJeILK/:Nz6joDUaDUQzfoDepEmx3a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807177", "to_ids": false, "type": "size-in-bytes", "uuid": "b380b4ff-a834-4426-83b5-5ccfa9c565a0", "value": "25766638" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807177", "to_ids": true, "type": "vhash", "uuid": "51a5131a-b2ef-4a48-8288-f90075341a3f", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807177", "to_ids": true, "type": "filename", "uuid": "b0f34e6f-e4b3-4663-9249-364f2dda384f", "value": "b835c86c50e007736d90ada7b2b483316f90f07c24924664f262a76f33c5c61f.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807177", "to_ids": false, "type": "text", "uuid": "9c737eeb-ce56-4d53-94fc-cd6a9029dc7c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859886", "uuid": "6d213ed4-714a-4040-9eb5-3ac1122e3664", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859886", "to_ids": true, "type": "md5", "uuid": "a36932e6-e9ce-4e96-bf55-b880e3430cb2", "value": "554e41c72ff17e07e27d6a3af2e62f5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859886", "to_ids": true, "type": "sha1", "uuid": "13b313b3-61d7-4c2a-b27f-28615e8d0d00", "value": "8352ba0156d7c2bbc92cb31171c27a4c1b25da6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859886", "to_ids": true, "type": "sha256", "uuid": "e2e42b5c-ff7c-4f31-a830-b02807f185ea", "value": "56e4ba64a217a486e662f5bca4146af647a5dca50e20cbd9bcd0d8677766851f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807198", "to_ids": true, "type": "ssdeep", "uuid": "0fcbbea7-3224-40fb-b033-38fc3b5d7b1e", "value": "786432:oFp6j6c4tDUaD6HHwG4fxSnDehzRemquJeILrH:oz6joDUaDUQzfoDepEmx3fH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807198", "to_ids": false, "type": "size-in-bytes", "uuid": "7d7e5daf-cdf6-40d4-9698-7c1caeda75d9", "value": "25766679" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807198", "to_ids": true, "type": "vhash", "uuid": "388e046e-e45b-4b57-bb1d-2347dcf679ef", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807198", "to_ids": true, "type": "filename", "uuid": "e6a2acd3-c9e6-48f4-a275-92db88519991", "value": "554e41c72ff17e07e27d6a3af2e62f5b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807198", "to_ids": false, "type": "text", "uuid": "b104b757-7ac7-4fbf-bc1b-502d85f0bb97", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859887", "uuid": "a3fc23e7-498b-4280-bf22-4f0ca4d977f3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859887", "to_ids": true, "type": "md5", "uuid": "8b173928-795b-405f-9242-4b0d41c0db1f", "value": "69d40f892f46c9669fef6603433728d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859887", "to_ids": true, "type": "sha1", "uuid": "dd7073c2-e975-4750-a10e-8c2d1a4ebb8d", "value": "e6b30cdf61d98098804911fb6834d490dc4fcdee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859887", "to_ids": true, "type": "sha256", "uuid": "f3ba2b5b-1dcd-4b4d-86a5-9b72c26fd027", "value": "9923751779bfc20540e6828bd01ee5907e17885556e76439e84c095c51445117", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807219", "to_ids": true, "type": "ssdeep", "uuid": "e80dab5b-9d72-4925-a035-11221058ad39", "value": "393216:VTyA+nAau7CGlSM5ZY/6vru0uYSkNpZQslE82mdk/X2EdS8F0HbTipWa2uS90gXd:zsu7EM5ZYCvrjuYrxluakDdS40va2ZDt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807219", "to_ids": false, "type": "size-in-bytes", "uuid": "aa9bc72e-f8df-4216-b212-1a48e3c4c177", "value": "25073388" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807219", "to_ids": true, "type": "vhash", "uuid": "d0cb8028-bc7c-46a6-8bcf-328316113f9a", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807219", "to_ids": true, "type": "filename", "uuid": "5b606edb-cfb6-497d-a55a-3ee8a6b79159", "value": "69d40f892f46c9669fef6603433728d8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807219", "to_ids": false, "type": "text", "uuid": "73ce5255-3cde-4077-9de6-189e66d0086a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859888", "uuid": "0ad4b17c-7efd-495f-acd1-cbe241750ca3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859888", "to_ids": true, "type": "md5", "uuid": "1d3081ba-1d0b-40f3-ac34-8d5fea9088b0", "value": "9ff064647aadad6d5df9a61eed4327a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859888", "to_ids": true, "type": "sha1", "uuid": "1436d17e-9e47-486d-a16b-63253fe8d1a5", "value": "857ed678c87dbad8369a40f94b5ef242d9454cc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859888", "to_ids": true, "type": "sha256", "uuid": "53650629-0602-42c7-80bb-364c3bc1ee9b", "value": "3e32c7c9a0a0cdb098ba9fea0ba8f8842bfd80d5909c6dd8cc987a8cb95c4656", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807240", "to_ids": true, "type": "ssdeep", "uuid": "258c685f-92b7-4cb2-8bfa-c45fe74c5ab7", "value": "393216:CTJvwyZBWEp/S18rscw1RdfMtY2+S4ZK1PaDGoev3uLkSeOWzBxrJYXiwaEYvItZ:m79S18rsL1RdUJ+iPvoe/vTzBxrJ2iwV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807240", "to_ids": false, "type": "size-in-bytes", "uuid": "dfbfe8d1-68b0-4123-9c5c-a4924e772324", "value": "22086298" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807240", "to_ids": true, "type": "vhash", "uuid": "bc80b858-0d24-40b6-a3aa-f9930dd239dc", "value": "c31b13aa92e06d63b7a0c623b065ac94" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807240", "to_ids": true, "type": "filename", "uuid": "36d6b11d-c8fa-4450-b842-e20c7a0d37c1", "value": "9ff064647aadad6d5df9a61eed4327a4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807241", "to_ids": false, "type": "text", "uuid": "115ef2ab-b5fd-4c0e-8a91-debf07dbc750", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:23/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859889", "uuid": "bdf31350-a007-415f-98b9-1618508086d6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859889", "to_ids": true, "type": "md5", "uuid": "bdbfcbc7-6cd5-42de-82a6-d2b37e621880", "value": "a858f3d16de4f606cd8a9eb28f944e70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859889", "to_ids": true, "type": "sha1", "uuid": "5dd9019e-1381-498f-9a74-b33dccace07e", "value": "36afefa0ad3e292c668e8330cecee303199c5fd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859889", "to_ids": true, "type": "sha256", "uuid": "51950805-e50c-4fc3-8c0b-5ed803555b6d", "value": "e69ec6d95ff48115ce0235378d5183b4c1346d1517fc311343733d65e14968dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807262", "to_ids": true, "type": "ssdeep", "uuid": "1400d5a5-7bf9-466a-86aa-fe7ebd822b30", "value": "98304:XyDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrKO3gF89HSO:CDUC2n/zgMs6uzvNOAQi4IxgYrKP89yO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807262", "to_ids": false, "type": "size-in-bytes", "uuid": "0e08887a-cdc9-46d9-82c8-842af41f08b4", "value": "5375517" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807262", "to_ids": true, "type": "vhash", "uuid": "b0a1ad8c-3d2f-49f5-8fe6-9a08123bee8b", "value": "33a118cbcb9b2dc1b71e3207578df45e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807262", "to_ids": true, "type": "filename", "uuid": "36d9b14f-ecdc-4c21-8d44-40a6f58307bd", "value": "a858f3d16de4f606cd8a9eb28f944e70.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807262", "to_ids": false, "type": "text", "uuid": "c253e927-8ed6-46a5-a506-64490101beea", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859891", "uuid": "c6d8a52f-0c79-4bb6-931b-3961f539c899", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859890", "to_ids": true, "type": "md5", "uuid": "d56926e0-308e-4d64-b8d2-021590feea8e", "value": "180d3ccde1b06379963f5da9f1f41db9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859890", "to_ids": true, "type": "sha1", "uuid": "1dd3c043-43e2-4b26-b06d-7071f25f21f7", "value": "5d290346b0b3871df9495815ffe6e982de82004f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859891", "to_ids": true, "type": "sha256", "uuid": "ec4657a2-bcfb-422c-a0ae-9058a6037d21", "value": "57f96f9cd11fef6f2e38bfaa8dbf7fa3a0f6f43e7b39a51552271a6484a89716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807283", "to_ids": true, "type": "ssdeep", "uuid": "73fea76f-74b0-4af3-8aa1-8b28a10c609c", "value": "98304:jyDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrK+3uh:WDUC2n/zgMs6uzvNOAQi4IxgYrKR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807283", "to_ids": false, "type": "size-in-bytes", "uuid": "c2d96c50-b36e-4b27-8a28-cfaa7a7fd3cb", "value": "5375525" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807283", "to_ids": true, "type": "vhash", "uuid": "f0a50148-6fa0-4362-9c8d-cd9c08823130", "value": "33a118cbcb9b2dc1b71e3207578df45e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807283", "to_ids": true, "type": "filename", "uuid": "51fe522e-511b-45be-baea-619daa6c9559", "value": "180d3ccde1b06379963f5da9f1f41db9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807283", "to_ids": false, "type": "text", "uuid": "07cbb0d5-b23f-44dc-b540-2c2311f1c4fa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859892", "uuid": "36401db4-b891-491e-ad4a-445f20d6d201", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859891", "to_ids": true, "type": "md5", "uuid": "1bb3731c-01d9-4891-be6a-005abaef524c", "value": "655255763c51fae80d9b940c30b14464", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859891", "to_ids": true, "type": "sha1", "uuid": "e283263c-bb2f-4911-a979-7e8d09001f38", "value": "8746828e3e398b5a838bc158a474dd3d0d57a4ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859892", "to_ids": true, "type": "sha256", "uuid": "74f706dd-8983-484d-bfee-e6043375b48b", "value": "e4a2591c700a555f48c97419662f2b5d582475d31a91d4879bb8132c4360bbb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807304", "to_ids": true, "type": "ssdeep", "uuid": "458beef4-1102-4e5d-a0f6-d7413d4933d4", "value": "12288:YgwXD0ybO0QslXlWKsJ7eTeacaKEKdFw4GpPn+V7l5IubtpSmjIPLqAu:TMQmXTK7ONn5nETIKHSWIzqr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807304", "to_ids": false, "type": "size-in-bytes", "uuid": "a964a138-bdce-41e4-bbef-1d3e81b96d7b", "value": "642369" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807304", "to_ids": true, "type": "vhash", "uuid": "3fe4fd6b-cd1b-407d-b7ae-e791f6e39d0b", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807304", "to_ids": true, "type": "filename", "uuid": "b6f0ddc7-e95c-4a36-9cc8-cf25f1182d5f", "value": "655255763c51fae80d9b940c30b14464.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807304", "to_ids": false, "type": "text", "uuid": "45ab9aa1-898d-469c-bd3e-2f731b34e470", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859893", "uuid": "5e8256b1-16f5-4e8e-9731-ca14c028daa2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859892", "to_ids": true, "type": "md5", "uuid": "ff15e9e7-d1b1-4318-b8df-de3fc24b955d", "value": "ad53d00baf6341d9514585a6728ec318", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859893", "to_ids": true, "type": "sha1", "uuid": "d0d4796a-3f6b-435e-9145-6f03f3cdfd70", "value": "d6ebbcfba4b8320d6adcafbbb073b65c0a4a26af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859893", "to_ids": true, "type": "sha256", "uuid": "e3387773-f756-4353-b69e-8652202fc8f3", "value": "c1d7bd3fd576520ebd0d18429021e2e5e92937485277e2e79502bd8adcf52ba4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807326", "to_ids": true, "type": "ssdeep", "uuid": "f6c5875a-5a37-4dc0-a7d9-6ba56e5afc03", "value": "12288:0N9C4SsGhGEzlT9EDJiq0ojkyBXXKdg6HVKGMoq9UQAf7P6fL+cq:0LqlbQ4qZX6HVKT9UQg7PA+f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807326", "to_ids": false, "type": "size-in-bytes", "uuid": "defd028e-9add-43bc-82aa-8260ff355148", "value": "642530" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807326", "to_ids": true, "type": "vhash", "uuid": "72322d86-f92a-4126-aba8-9e0fd7c7203c", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807326", "to_ids": true, "type": "filename", "uuid": "319e9f6c-8f4b-41d2-ab2c-824466e41391", "value": "ad53d00baf6341d9514585a6728ec318.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807326", "to_ids": false, "type": "text", "uuid": "e5718c05-f475-4d9a-bca4-06d28e64f89e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859894", "uuid": "f689584f-7183-45a9-a6fc-1d831fcbfa7d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859894", "to_ids": true, "type": "md5", "uuid": "c2371526-afc3-43e1-9065-58d005be2082", "value": "a78e6f71ff41acbccffcb32285edd99e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859894", "to_ids": true, "type": "sha1", "uuid": "d23036cf-e136-4a74-af12-68f753a5abb7", "value": "ff887221ae06a78df7f1f0c45464a46c973a87c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859894", "to_ids": true, "type": "sha256", "uuid": "89720e23-cc45-4026-acda-9047ade5ee53", "value": "d293f9b5577ffc4d63322ca32b2e4aca9f6a2b41d94584732b872a4690266ebd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807347", "to_ids": true, "type": "ssdeep", "uuid": "79989cb8-6980-4d0d-8184-cc6e3b041e9a", "value": "12288:ngwXD0ybO0QslXlWKsJ7eTeacaKEKdP5A+KR6w4Ra7LlFVWIMLOO4:gMQmXTK7OKaXR7LIIAO/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807347", "to_ids": false, "type": "size-in-bytes", "uuid": "9aa3d1e7-a3a2-45ae-b7ef-4cfe7561a23f", "value": "642368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807347", "to_ids": true, "type": "vhash", "uuid": "0c0f8a9c-3993-4263-aa91-e578087e6c97", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807347", "to_ids": true, "type": "filename", "uuid": "7cc80d27-c47e-413b-b80b-c02fe207091d", "value": "a78e6f71ff41acbccffcb32285edd99e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807347", "to_ids": false, "type": "text", "uuid": "4c318417-856a-4718-a10c-3e87029f145f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859895", "uuid": "f3eb874b-d4b2-46f7-bc32-ed092a3c6c86", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859895", "to_ids": true, "type": "md5", "uuid": "de85cd0f-b5bb-491d-8054-1416951dc076", "value": "5fb43d18e7f453e5d0bd6ebfb87b29c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859895", "to_ids": true, "type": "sha1", "uuid": "25a25dfd-5737-4ac8-953a-a7d0863e3494", "value": "a6bf302a5c778dcc48e596b82cc7a61371fb8842", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859895", "to_ids": true, "type": "sha256", "uuid": "b218f38c-542b-404f-a3b6-4c030140b0a1", "value": "cabd009e357379194994d8bb2d3df9c13ac014cdb92ab84610d8cf8574bda3c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807368", "to_ids": true, "type": "ssdeep", "uuid": "4f681c61-5fae-4151-a573-055792cf6bdc", "value": "12288:LN9C4SsGhGEzlT9EDJiq0ojkyBXXKdpJzAvyd0zbcPFjf57ddu6iwpXwLYht:LLqlbQ4qZXCJziPc9L7duoUY3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807368", "to_ids": false, "type": "size-in-bytes", "uuid": "3df71cad-0d0d-4f14-aaab-cb7e9568f5b0", "value": "642784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807368", "to_ids": true, "type": "vhash", "uuid": "f1d8d5ee-8037-4dc8-ac62-b5d63df49ece", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807368", "to_ids": true, "type": "filename", "uuid": "231a6977-c69a-4789-8e07-6023fd5a1a69", "value": "5fb43d18e7f453e5d0bd6ebfb87b29c6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807368", "to_ids": false, "type": "text", "uuid": "e00248a4-7a5c-44aa-92cc-30f3d25952b5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859896", "uuid": "985ffc16-596a-415a-99c8-109ce58cac2b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859896", "to_ids": true, "type": "md5", "uuid": "3bdd210c-5b3e-4a6b-8234-a1ea49756021", "value": "08dc1b87f5c6d95dc47f328631adb6cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859896", "to_ids": true, "type": "sha1", "uuid": "f52cfd7f-1748-4673-abb8-0914453b8291", "value": "91a8ba791dab943e684baf03f3700e780dc11530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859896", "to_ids": true, "type": "sha256", "uuid": "eea3124d-4935-4506-afb4-703ce97a56c7", "value": "5f4f53d7d8fc39d3ba5e1ef64714e4b047beae0982f2216855bf4a8be1e7fc8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807390", "to_ids": true, "type": "ssdeep", "uuid": "c902c53d-d624-4c83-843a-20e2e7120da6", "value": "12288:3wXdKZt/n4V0lB7ULWitWcpy5xXLKd15A+KR6w4Ra7LlFVWI8Li+L:3MIrD7wvt6iaXR7LIIQiA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807390", "to_ids": false, "type": "size-in-bytes", "uuid": "e2636ff6-6223-46eb-8a4d-c3e91f27586c", "value": "642370" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807390", "to_ids": true, "type": "vhash", "uuid": "910a723b-0466-4541-ab60-4ea2b20f2a40", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807390", "to_ids": true, "type": "filename", "uuid": "97525b9d-cc19-4fbb-a954-9d2ff21e0122", "value": "08dc1b87f5c6d95dc47f328631adb6cc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807390", "to_ids": false, "type": "text", "uuid": "dcc52a73-bfcd-42df-9742-831563c245a0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859897", "uuid": "6c105826-0836-4175-b459-5e1d76ca0c7c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859897", "to_ids": true, "type": "md5", "uuid": "92df114c-9db2-4b88-90d4-87b1d4dd95ac", "value": "25af2f2b1236b05e3c27946d745ed40a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859897", "to_ids": true, "type": "sha1", "uuid": "8310b039-c4d9-4a1e-868e-1d5127d54619", "value": "dd97ec5160d5c2642186635dd0a033eb7692bd1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859897", "to_ids": true, "type": "sha256", "uuid": "a5c6356a-a636-4b76-9b0d-fec229579a18", "value": "a91b97aa6f8d231e16ea7aa63bec451f961b101e2402d90e2d41c89a2beb59eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807411", "to_ids": true, "type": "ssdeep", "uuid": "2e6259c8-7b56-465c-98f0-5242e9e052f1", "value": "12288:++gwXD0ybO0QslXlWKsJ7eTeacaKEKdnSxANSesjlIuZMFLmwZ:+pMQmXTK7O8wv5I9m0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807411", "to_ids": false, "type": "size-in-bytes", "uuid": "9e3dd1e5-0ebd-433b-998b-c24fc823a652", "value": "642371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807411", "to_ids": true, "type": "vhash", "uuid": "a5270443-ef69-4e29-bcf5-5b53beda51e0", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807411", "to_ids": true, "type": "filename", "uuid": "e700c62d-6dfd-4ad0-b066-8d6869e00d81", "value": "25af2f2b1236b05e3c27946d745ed40a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807411", "to_ids": false, "type": "text", "uuid": "a48bb8c0-24cc-4bf3-8ca2-9ecefe233cbc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859899", "uuid": "30ba11bc-f71f-4dd4-81ab-878280ebf9aa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859898", "to_ids": true, "type": "md5", "uuid": "40fb58a1-2ee5-4664-a308-80ff9237a75f", "value": "d1851fa5c9044fb1035a4e3e1adc11d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859898", "to_ids": true, "type": "sha1", "uuid": "37ff64b2-29c9-4b2a-996f-a60ca06362c5", "value": "167ce97a9758bb5ed1fa9c6b929c93cdb2a92e46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859899", "to_ids": true, "type": "sha256", "uuid": "486137c7-ae6c-4129-8c79-c01fd49341e3", "value": "3be33425eb58f22c183c6d17bcb84e7fa940a558dd05a0450129577823850b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807432", "to_ids": true, "type": "ssdeep", "uuid": "07f1cca1-96aa-48aa-8e8c-3316d361715f", "value": "12288:mEgwXD0ybO0QslXlWKsJ7eTeacaKEKdxIe/oMlFhIV2tGe1wLZLgBm:m3MQmXTK7Ogjo0IVunEgc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807432", "to_ids": false, "type": "size-in-bytes", "uuid": "d01042ef-be6f-46d9-ab4f-53d66754ef1f", "value": "642364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807432", "to_ids": true, "type": "vhash", "uuid": "601bdd44-d824-4ca5-b709-9c6370f0f0ef", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807432", "to_ids": true, "type": "filename", "uuid": "b51b32af-79af-484e-8d10-7c204f2eaf71", "value": "d1851fa5c9044fb1035a4e3e1adc11d5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807432", "to_ids": false, "type": "text", "uuid": "2793c570-e92d-4443-9fc5-e337c5c10fb3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859900", "uuid": "cdba335a-b2a2-402e-8f66-69a37b804c44", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859899", "to_ids": true, "type": "md5", "uuid": "6ac9477e-b50d-4c8d-966a-5753ba829b24", "value": "0e6d43ad095c81a456c719363bbc6a38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859900", "to_ids": true, "type": "sha1", "uuid": "92a41a66-be82-45f7-9135-5a046bc39950", "value": "9fc041afd11ad0079f88d5afc62d1b9902240671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859900", "to_ids": true, "type": "sha256", "uuid": "27a9853f-9cb6-41b3-b973-4aecb5c442b1", "value": "1cb3d7049187f51272de53175491973948094c7640aa1f6f2400f507b731d69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807454", "to_ids": true, "type": "ssdeep", "uuid": "2bb31b9b-fd01-4944-9204-b9c09383ff17", "value": "12288:C/gwXD0ybO0QslXlWKsJ7eTeacaKEKdsSxANSesjlIuZMFLaQL:CIMQmXTK7OVwv5Iday" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807454", "to_ids": false, "type": "size-in-bytes", "uuid": "ccaa1811-42e9-4cfd-aaf9-2d6313593904", "value": "642371" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807454", "to_ids": true, "type": "vhash", "uuid": "0fbc01b5-834e-44b9-9759-fc60d270ee11", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807454", "to_ids": true, "type": "filename", "uuid": "b92816b8-918d-42d1-85f7-56201205f6db", "value": "0e6d43ad095c81a456c719363bbc6a38.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807454", "to_ids": false, "type": "text", "uuid": "08ea661a-aa33-4dad-afc7-06cc520162fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859901", "uuid": "86a9fa77-8a01-4bdb-8347-d3d3d03b3b0e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859900", "to_ids": true, "type": "md5", "uuid": "5056ad88-c557-4fe4-a9da-c1108bd24022", "value": "33540fe87f6dc2f0cf8df6b8900870e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859901", "to_ids": true, "type": "sha1", "uuid": "736a35a3-65e2-4112-a5ae-4a91b7360122", "value": "54e7d85ea3cf90bd8258e3235e49fcbf9e73a5b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859901", "to_ids": true, "type": "sha256", "uuid": "ee83dd66-dade-40b5-a097-1776250b89ce", "value": "f9f8fca171ab1b472cae53e10e2e2cf71d701a034c143d925960c90f9086c3c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807475", "to_ids": true, "type": "ssdeep", "uuid": "4ea1e272-bda8-4b65-8042-91481eb587c7", "value": "12288:ywXdKZt/n4V0lB7ULWitWcpy5xXLKdueG/bIKMMxY1wLoUV5LcPZ:yMIrD7wvt6/jIKMMcGVpcB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807475", "to_ids": false, "type": "size-in-bytes", "uuid": "2fea6469-102d-4fd5-8c23-856b392a8403", "value": "642372" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807475", "to_ids": true, "type": "vhash", "uuid": "c47d4e3d-035d-4ed0-a789-6ce5e7d6a30c", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807475", "to_ids": true, "type": "filename", "uuid": "0240c090-7c20-4dc6-8423-b7fffb46cfb0", "value": "33540fe87f6dc2f0cf8df6b8900870e9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807475", "to_ids": false, "type": "text", "uuid": "dbdb7b66-9ecc-4299-a2b0-d2d3a24ecb21", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859902", "uuid": "262795da-20c6-4d93-90cb-e9d6a3705228", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859902", "to_ids": true, "type": "md5", "uuid": "5093ad40-36b6-4bb5-8590-08bde12dced2", "value": "c6cdda76a1adf0edd2ccc2b31555e86a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859902", "to_ids": true, "type": "sha1", "uuid": "636a3a89-dbf2-41f2-8da3-bc85db274f00", "value": "de392a7dbc908d18a4ba55325adcbbe6fae23187", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859902", "to_ids": true, "type": "sha256", "uuid": "84112cc8-9cc8-4cdd-995e-befa6ab97e11", "value": "5238449f49fc7e145a9078fe301a3993b1d73b67663b450293d4908d8628570d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807496", "to_ids": true, "type": "ssdeep", "uuid": "65a45ebe-e501-4d7a-a80c-19b4056811e4", "value": "12288:3gwXD0ybO0QslXlWKsJ7eTeacaKEKdbw4GpPn+V7l5IubtpSmjItLymX:QMQmXTK7Ojn5nETIKHSWINyc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807496", "to_ids": false, "type": "size-in-bytes", "uuid": "eec5beed-537c-4e2b-895e-1370500d0b4a", "value": "642369" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807496", "to_ids": true, "type": "vhash", "uuid": "de5e4154-7d8e-421e-bde8-343bf95efc6e", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807496", "to_ids": true, "type": "filename", "uuid": "d87425e8-8b4d-49fc-ab45-4093177fcc83", "value": "c6cdda76a1adf0edd2ccc2b31555e86a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807496", "to_ids": false, "type": "text", "uuid": "bb9f4b5d-0ae0-4a94-bdc1-fd9a60a3b3ba", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859903", "uuid": "248c21c1-8b01-4f13-991a-b546d45d1e11", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859903", "to_ids": true, "type": "md5", "uuid": "83b747a4-1d7a-4cf6-a604-263a27a422e2", "value": "25e2b33097be43b01fbb6bf422d465d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859903", "to_ids": true, "type": "sha1", "uuid": "b2e89f19-23a0-4f0d-8ac6-aaa1ff6e85b2", "value": "daaf2a7247fb0dbb477ce0ab67ca90490c90b7e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859903", "to_ids": true, "type": "sha256", "uuid": "737fb574-c5d8-459c-935d-163063d7fc75", "value": "d9cfa176ca9770ee63f6aebcb9859ddbbce982c80b5d5057bd28a9d5b23bab41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807518", "to_ids": true, "type": "ssdeep", "uuid": "78559fb1-2293-4daf-a649-ff0bdb1bc8a0", "value": "12288:kSwX0EM1k9TKTlXa+v5R9fpcKyouFKdvUc0T6hvhe8FdQad5LIN3:9ML2kOL9gUi6hJe8xpIZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807518", "to_ids": false, "type": "size-in-bytes", "uuid": "b3d6dc6c-2520-4522-a046-0912b35abd81", "value": "641873" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807518", "to_ids": true, "type": "vhash", "uuid": "82a30a9a-6cb3-47c6-be47-f8a611223389", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807518", "to_ids": true, "type": "filename", "uuid": "1ae7df34-fa16-4b48-b9eb-32b5f505867c", "value": "25e2b33097be43b01fbb6bf422d465d0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807518", "to_ids": false, "type": "text", "uuid": "2639d286-30ef-43cc-b1d4-1e00f56f3afb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:26/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859904", "uuid": "02f11d29-cbf6-4a63-8df3-0c8e7853b097", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859904", "to_ids": true, "type": "md5", "uuid": "f810ed04-ce4c-4a16-b1bb-2073872a07e5", "value": "00c9c463221a6f9c6f606c216f29b6db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859904", "to_ids": true, "type": "sha1", "uuid": "fa0f61eb-c862-4604-9455-cc607b8a1013", "value": "98b98b9be2c506b6c6a2550de5f46886450e726a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859904", "to_ids": true, "type": "sha256", "uuid": "075c6680-308e-45f0-bdb0-d8ed5e5c8aa8", "value": "efd36642dda174a7f9e6d7193feb55f0765521371aef02ea0c53a28ad0a8b4ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807539", "to_ids": true, "type": "ssdeep", "uuid": "2f34ee5f-82ab-4e8a-a8c5-c695c007714c", "value": "12288:JQwX0EM1k9TKTlXa+v5R9fpcKyouFKdre+su0SXqsdh84wPmIALmIe:JQML2kOL9gIXbmPmIEmf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807539", "to_ids": false, "type": "size-in-bytes", "uuid": "d7253caa-642b-4673-bbcc-bcc95dd3a533", "value": "642459" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807539", "to_ids": true, "type": "vhash", "uuid": "4588aeaa-5f22-42f6-9800-0f7256e9ada8", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807539", "to_ids": true, "type": "filename", "uuid": "da7cd8d2-fe1a-40a9-9bc5-26a91efb0ec5", "value": "00c9c463221a6f9c6f606c216f29b6db.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807539", "to_ids": false, "type": "text", "uuid": "59c43d4f-fc24-42d3-9323-033b9a6b6a18", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859905", "uuid": "c7f449a2-bc3d-4ecc-a197-5965ac0778e6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859905", "to_ids": true, "type": "md5", "uuid": "15761a56-79e2-45bc-b0fa-750cf05be91a", "value": "8b721d0735daa1913fed3f75f857b0fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859905", "to_ids": true, "type": "sha1", "uuid": "0ed16fda-532d-4f1c-bb53-d2ef31c13927", "value": "e0aaa8cfc5ce666fb262a29b51d0bcf85f942a87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859905", "to_ids": true, "type": "sha256", "uuid": "ccf432bd-cab4-4c16-86ba-51855b5b00ed", "value": "b682abf518ed9d69ebd9e50b0d993f48dd1d0f242f6d66d8bde3a435796372d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807560", "to_ids": true, "type": "ssdeep", "uuid": "9f50814a-9b37-4fb0-8c08-3cfcc4100817", "value": "12288:DbwX0EM1k9TKTlXa+v5R9fpcKyouFKdK7sHzYPQMwj6p83Ca3L873:DbML2kOL9g5pPhwj6678z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807560", "to_ids": false, "type": "size-in-bytes", "uuid": "15dc6265-1541-4907-9e0c-50cfd70e41e4", "value": "642451" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807560", "to_ids": true, "type": "vhash", "uuid": "1ebfd2d0-6786-40eb-b74b-c7f99cbbad89", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807560", "to_ids": true, "type": "filename", "uuid": "07f7444b-33f5-49ef-952a-6601ffe7d1c4", "value": "8b721d0735daa1913fed3f75f857b0fb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807560", "to_ids": false, "type": "text", "uuid": "3d3fbb56-539f-439e-9e07-40d03728b1ba", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859907", "uuid": "4e7d9c5a-0ac5-4216-9123-b69029c83f05", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859906", "to_ids": true, "type": "md5", "uuid": "485b0478-d3f4-4e59-8b45-baf5877bcb7a", "value": "0a1b2520238d359f4639b27f6c3e3524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859906", "to_ids": true, "type": "sha1", "uuid": "39db75bf-bc30-4af9-a84b-876439915849", "value": "61a9897b2f08009bdc5e549890f535252013d0c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859907", "to_ids": true, "type": "sha256", "uuid": "8dbf0202-0666-4714-90bc-2c8ebcdafbfe", "value": "ee3d88d688619d7280a25d797d37372bc67d66c5c3f13043a1ad5db5d7e31ac8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807582", "to_ids": true, "type": "ssdeep", "uuid": "a47b0226-cc77-481a-b83e-d1f11bf87d28", "value": "12288:NEwX0EM1k9TKTlXa+v5R9fpcKyouFKdqe+su0SXqsdh84wPmIlLgtp:NEML2kOL9gjXbmPmIFgL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807582", "to_ids": false, "type": "size-in-bytes", "uuid": "4606aeda-41cb-4281-b089-f5077a4409a2", "value": "642459" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807582", "to_ids": true, "type": "vhash", "uuid": "d4cfcdbd-6654-4635-9298-806c4235df52", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807582", "to_ids": true, "type": "filename", "uuid": "b20c570f-d1b6-455d-ab09-bfcbc8006131", "value": "0a1b2520238d359f4639b27f6c3e3524.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807582", "to_ids": false, "type": "text", "uuid": "dff0a24b-57d2-4001-9644-acf61b258df4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859908", "uuid": "8c73c8b0-a35c-4866-bbb6-d6139d9c07e7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859907", "to_ids": true, "type": "md5", "uuid": "68d51507-8278-4534-82df-59a1d66d492b", "value": "9f650b2a809324a8002d8ca53531287e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859908", "to_ids": true, "type": "sha1", "uuid": "552eb0c4-9087-410a-9920-f7e5172715d6", "value": "52766e87123398e00e7c7144da434e708c641042", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859908", "to_ids": true, "type": "sha256", "uuid": "e683b9cc-9f35-4ee2-afd4-debbc8b028b9", "value": "7cd516efb3e781593d267276aad8305ab0f66c1c510d4d892aa288f93db50010", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807603", "to_ids": true, "type": "ssdeep", "uuid": "b879f8e6-ec64-4713-9aa5-e87afd34c374", "value": "12288:IwX0EM1k9TKTlXa+v5R9fpcKyouFKdUE4nVsR7tFJWIxrs8A+7MpBrLABt:IML2kOL9gKcctbtxrs8A1FAf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807603", "to_ids": false, "type": "size-in-bytes", "uuid": "036db601-dcee-4a18-a8a6-4efdaa8f8474", "value": "641877" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807603", "to_ids": true, "type": "vhash", "uuid": "5d1315ad-134f-4f92-9ac2-a6c6dfadf25c", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807603", "to_ids": true, "type": "filename", "uuid": "77359734-ff9c-483c-bf7c-3706ec5dc6af", "value": "9f650b2a809324a8002d8ca53531287e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807603", "to_ids": false, "type": "text", "uuid": "730957d0-5d03-4a87-9a37-48312b4bf0e7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859909", "uuid": "0dc60800-022c-463e-b547-99aedda06b7a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859909", "to_ids": true, "type": "md5", "uuid": "753b8496-5b60-429b-b798-cfb9d2ab7ea1", "value": "047a6e06e1f63fc04946491bd41fc244", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859909", "to_ids": true, "type": "sha1", "uuid": "4cc398c1-bc89-4ea1-811f-a75ebeb160a6", "value": "0c6bfc3ce3aace76751e90660e5ce5b33e87f5a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859909", "to_ids": true, "type": "sha256", "uuid": "725747ca-2aeb-45c0-8435-998614bff386", "value": "9ba5fd983a45ee74c2a7ab60ee1f17c30c95767b33706e29db91ec23e9c8b58d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807624", "to_ids": true, "type": "ssdeep", "uuid": "b797eda2-fec9-4d2b-8578-c73468f32c02", "value": "12288:DfBzlIEXAJe6ANXYC3HAA+9xCDlwKdMLh3prqlsaF3EvP4VMjuayBaEsoedUdl1V:DfqQ60IWxKThFqX3IivayBfaUd7V" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807624", "to_ids": false, "type": "size-in-bytes", "uuid": "998907a1-e571-484c-8604-1adf8ee6d1f9", "value": "826822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807624", "to_ids": true, "type": "vhash", "uuid": "2e959b17-db49-4241-8740-251db0524ed6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807624", "to_ids": true, "type": "filename", "uuid": "3f43d218-7ef5-49e0-843f-3687c90630e7", "value": "047a6e06e1f63fc04946491bd41fc244.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807624", "to_ids": false, "type": "text", "uuid": "5c53bd07-53af-4de1-abbb-1845513301e1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859910", "uuid": "f2042bd4-71b4-40ff-8fbd-197c6bdf0b11", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859910", "to_ids": true, "type": "md5", "uuid": "11895752-e0bf-4f30-9279-74551d4b4b7d", "value": "db9601d447eb3b4a19ff18e02035cfd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859910", "to_ids": true, "type": "sha1", "uuid": "d16b25b4-0146-4807-975e-ec6357f0e995", "value": "9c99c41954b3f33721f2d996a2d5e383babd50af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859910", "to_ids": true, "type": "sha256", "uuid": "4b118023-2073-47bc-b49a-1dae237ae9a1", "value": "cfab2ba4bb7260c762b7847a15ec7d637afbea1c1a4a08dfb244c4534a6306d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807645", "to_ids": true, "type": "ssdeep", "uuid": "075ce9ca-6859-44ae-8ce6-fd2ebd1f50bd", "value": "393216:kgHvl367EtJYE3vQLV4jh/Y80Wn9MiFzf/1uMgG7jYILe2/+fX8w:P367CJYdLUhg0X/1uxILvm1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807645", "to_ids": false, "type": "size-in-bytes", "uuid": "a4cd36ee-5f34-427f-8dae-d3da70fd7fe7", "value": "22095508" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807645", "to_ids": true, "type": "vhash", "uuid": "4142eb47-fec0-4dd9-8c52-1b1255646d4d", "value": "01bd3af75cad29a28e3ca1ac0e841f26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807645", "to_ids": true, "type": "filename", "uuid": "22654b68-f386-4b21-92b9-2c913d568b36", "value": "db9601d447eb3b4a19ff18e02035cfd9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807645", "to_ids": false, "type": "text", "uuid": "158b77bc-7bea-4d40-a51e-a9bfb1166bb8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859911", "uuid": "73b8744b-220f-43a6-bcdc-ae8aac70f3c6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859911", "to_ids": true, "type": "md5", "uuid": "f0e47912-0b23-45a5-95e1-df6ffeada1f5", "value": "bae67c1224a3325c62535e6feab95c6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859911", "to_ids": true, "type": "sha1", "uuid": "bf68afbe-d3e0-46b1-bc66-191d36861bc9", "value": "c29810a164a92486c02d3f5a82e400bbec122139", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859911", "to_ids": true, "type": "sha256", "uuid": "082b1e2f-be47-454f-a09d-0dadfb535ae0", "value": "e10e820a1775844152183bc6b3efc2d96c0a50345466e36d08d156b7d975fa42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807667", "to_ids": true, "type": "ssdeep", "uuid": "37b25b9c-dafe-4bcf-a309-4038bea067fe", "value": "786432:+G7pT8HvkeagyPVEa3FuqKH/uMIDJrHooW5:Z7ERagw6apKHW/DJcoW5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807667", "to_ids": false, "type": "size-in-bytes", "uuid": "a4f1625c-4bf0-493c-b32c-4bb6f5a58c58", "value": "29622982" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807667", "to_ids": true, "type": "vhash", "uuid": "fd081a32-faec-4210-b9b3-d57e7123d437", "value": "01bd3af75cad29a28e3ca1ac0e841f26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807667", "to_ids": true, "type": "filename", "uuid": "ffb05201-0853-4ab9-8fd6-6da3898bb17f", "value": "bae67c1224a3325c62535e6feab95c6c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807667", "to_ids": false, "type": "text", "uuid": "e3753e36-4626-4900-8573-b4f1bca4b00d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859912", "uuid": "ef64203c-93c8-445a-bce8-797ca9088acb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859912", "to_ids": true, "type": "md5", "uuid": "7aeb7f18-104c-4295-8ce0-fbbbdef45d18", "value": "1884e3c76c07323387b89b829a4315ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859912", "to_ids": true, "type": "sha1", "uuid": "edb046da-0337-4293-9775-6f2dd287f424", "value": "fb9f1138d09bf90de3c801c68f15a40bf225f58f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859912", "to_ids": true, "type": "sha256", "uuid": "361f30cf-f90a-47e4-8a71-27e38c285463", "value": "33fb49a710d36564988685836725f578a6c05f312d1d8b93be4379fec2a0c6cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807688", "to_ids": true, "type": "ssdeep", "uuid": "746c3e0d-df6c-4853-b9d7-839c49298d4e", "value": "786432:KG7pT8HvkeagyPVEa3FuqKH/uMIDJrHZNSWIZ:d7ERagw6apKHW/DJGWIZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807688", "to_ids": false, "type": "size-in-bytes", "uuid": "e9a7fabb-54f4-49df-a281-394bda52f506", "value": "29612707" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807688", "to_ids": true, "type": "vhash", "uuid": "78a519e7-784b-479f-8bc8-da48578c92ec", "value": "01bd3af75cad29a28e3ca1ac0e841f26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807688", "to_ids": true, "type": "filename", "uuid": "8d38a6bb-b1e5-4377-b224-44c57784c32f", "value": "1884e3c76c07323387b89b829a4315ef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807688", "to_ids": false, "type": "text", "uuid": "80b76e11-4b78-403d-a2bb-ae3a1444f1c4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859913", "uuid": "042cbac6-4c35-4a07-941c-946c90f89641", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859913", "to_ids": true, "type": "md5", "uuid": "5664cc76-7d5f-4d69-9d87-1efc603ec643", "value": "8b78a1d823ee19cabbb8ce275d18737d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859913", "to_ids": true, "type": "sha1", "uuid": "b9f6ca4e-02e0-4427-b723-40dfd56c17e8", "value": "ef73d2aca39e4c50d823a219df8d8a51e0449c1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859913", "to_ids": true, "type": "sha256", "uuid": "b0a284f2-dd30-4869-abb3-3e37d5a7703a", "value": "b86191a5c5efe8d8bc424afc3421f04bd765e68091dcaf7211ab7466ee91d4fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807709", "to_ids": true, "type": "ssdeep", "uuid": "96653c92-96ad-42e0-95b9-20cc6f05dab3", "value": "12288:PwX0EM1k9TKTlXa+v5R9fpcKyouFKdZtKIZGjiLuA7l78d8EKlTPpGgVDfm+KTtE:PML2kOL9gq1GQfCd8/RNtfm+yQpGA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807709", "to_ids": false, "type": "size-in-bytes", "uuid": "7d19de9d-233b-4203-a878-227d2ebfca59", "value": "898184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807709", "to_ids": true, "type": "vhash", "uuid": "57edb7fa-d140-42c8-b8d5-6d11468a2d13", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807709", "to_ids": true, "type": "filename", "uuid": "edd00190-4f26-4d45-a16e-73b7e18f4ec0", "value": "8b78a1d823ee19cabbb8ce275d18737d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807709", "to_ids": false, "type": "text", "uuid": "4d485223-3a88-4edb-a18b-3cc4bc948765", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859915", "uuid": "1842073e-6423-420f-a24e-4404b27e9216", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859914", "to_ids": true, "type": "md5", "uuid": "77e0fb7d-bcf4-4c6e-ab5d-c7bba72bbf6b", "value": "39d78b9169951664c445364e908a698c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859914", "to_ids": true, "type": "sha1", "uuid": "a61d56c1-b34c-41e2-a00a-dba5cdfd58ac", "value": "19c685aa3423e983f2a0641dd019389f2fb91d65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859915", "to_ids": true, "type": "sha256", "uuid": "7e85ca3a-96bd-4eac-a91a-8bb86816a094", "value": "cfa3fec5df073877bce7db24521e48dc79dafaa1c1372c5b8ae64d7654261d77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807731", "to_ids": true, "type": "ssdeep", "uuid": "358295f6-63a4-4d5d-b657-728312da7bc5", "value": "12288:EwX0EM1k9TKTlXa+v5R9fpcKyouFKdfWzGBNyUTG8A+76LkrE:EML2kOL9grCsUTG8AFkg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807731", "to_ids": false, "type": "size-in-bytes", "uuid": "75de1923-2a57-4dcc-8a8e-2bd624347b80", "value": "641874" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807731", "to_ids": true, "type": "vhash", "uuid": "e2744911-19fa-41ea-b013-fc46fc052e9f", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807731", "to_ids": true, "type": "filename", "uuid": "8b983d78-bd55-40e0-a971-0aad3cd2dbe3", "value": "39d78b9169951664c445364e908a698c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807731", "to_ids": false, "type": "text", "uuid": "3c7e3bb1-c435-4b63-bab1-e6cb79f3d9da", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859916", "uuid": "fa41eee1-7f67-471c-babd-c44356c4f865", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859915", "to_ids": true, "type": "md5", "uuid": "ad6371ce-3138-48f0-aa95-164035746d2c", "value": "cb4a7c228112f1555ef56243e2df8437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859916", "to_ids": true, "type": "sha1", "uuid": "2e1d6a4b-fd52-4e73-8874-a3273fabdc6e", "value": "dba3fc1a5982ad1d3118b38910d9995b0625ec68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859916", "to_ids": true, "type": "sha256", "uuid": "13db192c-6ae2-4c9c-9a32-6d2872dd6e0f", "value": "eaa39d050b80efc4cc81d6ef3888741d9abe3199d256906e07dd8634e8588718", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807752", "to_ids": true, "type": "ssdeep", "uuid": "cf62b6b3-92d2-42fb-ab93-39a68a7dcd2c", "value": "12288:NwX0EM1k9TKTlXa+v5R9fpcKyouFKd/ww5URzgTxgES8EKlTPpGgVDfm+KTtqp/L:NML2kOL9gCYgtZS8/RNtfm+yQDOo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807752", "to_ids": false, "type": "size-in-bytes", "uuid": "0887e3e9-9fb0-41b6-b009-42fab72a237d", "value": "898184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807752", "to_ids": true, "type": "vhash", "uuid": "6a636286-8089-4430-8d6d-0ab81f32cd5b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807752", "to_ids": true, "type": "filename", "uuid": "fb446839-e044-479b-a9aa-d7188278bc67", "value": "cb4a7c228112f1555ef56243e2df8437.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807752", "to_ids": false, "type": "text", "uuid": "cf72a2ec-09e6-4396-a82d-74f951275625", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859917", "uuid": "0b896633-ccee-4dc2-94c2-d1226913fb80", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859917", "to_ids": true, "type": "md5", "uuid": "34814368-ac00-4667-8c29-06501e7b47ba", "value": "dae4b9de6cc2623cddc24bbf1e7b07e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859917", "to_ids": true, "type": "sha1", "uuid": "b455603a-ce90-4425-b558-6f37c3cd36a7", "value": "4baee97351cc7d1e1088ebbda5096558bccd4d1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859917", "to_ids": true, "type": "sha256", "uuid": "f7b4e656-a90a-4581-a65a-38bc57355a2f", "value": "6b8cf7ebc87082151286f7118151063571eb044cb0e157ca6a44e509ec8ec181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807774", "to_ids": true, "type": "ssdeep", "uuid": "0b0ef87e-222a-4c93-8edc-ec1dcee80e7a", "value": "12288:LwX0EM1k9TKTlXa+v5R9fpcKyouFKdvtKIZGjiLuA7l78+8EKlTPpGgVDfm+KTtD:LML2kOL9gc1GQfC+8/RNtfm+yQI2q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807774", "to_ids": false, "type": "size-in-bytes", "uuid": "e2032c16-0294-4eea-bc26-abed2c8b5f9d", "value": "898184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807774", "to_ids": true, "type": "vhash", "uuid": "6da1c2ce-04f6-400c-8657-cfb887a18fc9", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807774", "to_ids": true, "type": "filename", "uuid": "3437a010-b114-431f-b896-b868e54dfe15", "value": "dae4b9de6cc2623cddc24bbf1e7b07e4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807774", "to_ids": false, "type": "text", "uuid": "e6086335-bbe8-4018-bf39-35013c05f7a4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859918", "uuid": "3506d57f-3798-4685-a64e-0544e7e16dac", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859918", "to_ids": true, "type": "md5", "uuid": "f6f6f2b1-6141-45aa-8460-46d5ba1a2548", "value": "c6e8efab3a4fb4586e4b146cf62784ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859918", "to_ids": true, "type": "sha1", "uuid": "bd3bde2f-b3e4-4eed-a846-32f5d663785e", "value": "0b9409a2408fa6e622c5059cd9c9990e796be23e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859918", "to_ids": true, "type": "sha256", "uuid": "bc57593e-45c4-4100-83a9-bafacd5258a3", "value": "a3be12bb8379b096165b9aae46fbc46005b96ed4550e162b2cbdd0451e9437b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807795", "to_ids": true, "type": "ssdeep", "uuid": "887646bd-10dc-4a09-9747-b6911dc05460", "value": "24576:dML2kOL9ggeGiidGyG2sY8/RNtfm+yQN2/:d59gRGiidGyTsYetfm+PC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807795", "to_ids": false, "type": "size-in-bytes", "uuid": "0cf42b81-dc41-4de6-9b7e-b9ae87cd6c82", "value": "898171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807795", "to_ids": true, "type": "vhash", "uuid": "f987bb62-20ac-43e9-ac00-16a2baa1900b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807795", "to_ids": true, "type": "filename", "uuid": "54d3278b-3928-4dd6-adb9-d556576083ed", "value": "c6e8efab3a4fb4586e4b146cf62784ac.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807795", "to_ids": false, "type": "text", "uuid": "af69deaf-481d-40b1-8c7b-fb7052db0981", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859919", "uuid": "4ffddde9-59e0-479f-a5ae-a33fa1c9e723", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859919", "to_ids": true, "type": "md5", "uuid": "18faff59-45e5-4a17-a419-6b714b507289", "value": "8c81eee7579b9591c71a435438f7645d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859919", "to_ids": true, "type": "sha1", "uuid": "015acf0f-a765-4727-b142-b42b47002381", "value": "83dc27a6df08934940a4bf48b28f0e56443551bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859919", "to_ids": true, "type": "sha256", "uuid": "c9fc7553-8d78-4c94-9ee4-58b821d03f60", "value": "1484adc7608ec9790f5bb9e83240256fb0cf49a72c8c1a8a47fff58bd02e1eee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807816", "to_ids": true, "type": "ssdeep", "uuid": "68aa6829-c7af-4315-8e90-cb4d5f99a02e", "value": "12288:YwX0EM1k9TKTlXa+v5R9fpcKyouFKddAkvRWM8f/7G8EKlTPpGgVDfm+KTtqpmLQ:YML2kOL9grgUT/S8/RNtfm+yQ2c9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807816", "to_ids": false, "type": "size-in-bytes", "uuid": "5d2f2244-cf77-4868-823a-1dff0da1109c", "value": "898182" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807816", "to_ids": true, "type": "vhash", "uuid": "4786af15-648f-4aca-a04a-f3c3f84b011f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807816", "to_ids": true, "type": "filename", "uuid": "56ea9d8a-bd13-4a00-8741-3df7fa3881ea", "value": "8c81eee7579b9591c71a435438f7645d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807816", "to_ids": false, "type": "text", "uuid": "5ce91a75-f31d-4195-b4a4-4a4b60f24ae7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859920", "uuid": "e03f4896-7775-4679-b09b-2f3adba8e225", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859920", "to_ids": true, "type": "md5", "uuid": "0add34cc-99d7-4a13-80b6-4cb19bfc411c", "value": "fdf41013a1c55a6f14659dad4831b69e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859920", "to_ids": true, "type": "sha1", "uuid": "03189e9e-42d1-48cb-9dec-26e02c1a1004", "value": "c2fdb478f25b5cfdc5093c12edad76b40394027e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859920", "to_ids": true, "type": "sha256", "uuid": "4249168f-f8d0-4129-b25e-d0f4b659e7be", "value": "6cbb781795f1694cebfb10cb4bf80c5ae0fb20be930d8d5fbce2d507b0af65fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807838", "to_ids": true, "type": "ssdeep", "uuid": "10ca5816-5b16-48ec-a047-f3589ca90861", "value": "12288:udKcICqoW0Bp9KsruZEFA179e839JMfMTSyUwS93FTiKd/gbBifElJ2:UAOBmsruZSGw8t2fMoyKubTlJ2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807838", "to_ids": false, "type": "size-in-bytes", "uuid": "855e7947-e58e-4e19-8598-e8b4f99e9152", "value": "604884" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807838", "to_ids": true, "type": "vhash", "uuid": "90852b15-4031-41f5-af63-7d6c3d345044", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807838", "to_ids": true, "type": "filename", "uuid": "43365ab7-6ded-4464-9ce0-ae7876c720db", "value": "fdf41013a1c55a6f14659dad4831b69e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807838", "to_ids": false, "type": "text", "uuid": "8a4b1ec7-c274-458f-a505-e177ce1e35e7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859922", "uuid": "0cce17b1-84c4-4161-bf8b-406dff38e10c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859921", "to_ids": true, "type": "md5", "uuid": "8f076cd6-88e5-4a23-b657-f76d7c93bdaf", "value": "0df50fd4071459865951e80443ae8af0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859921", "to_ids": true, "type": "sha1", "uuid": "6e65b0b9-95a3-49d4-986f-f5abea692419", "value": "1cc2b9a92578730cb856e0cc2ab3483291e3416f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859922", "to_ids": true, "type": "sha256", "uuid": "ed140a89-a7e7-4221-afbe-73de96b2426d", "value": "90f1a39174312a0310dee2b4e83276bf881aab62f4479e61e467fd1519a5714a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807859", "to_ids": true, "type": "ssdeep", "uuid": "ae72ade4-dc40-4056-a172-545a7bf85417", "value": "12288:ofBzlIEXAJe6ANXYC3HAA+9xCDlwKdGLNBEBKv80upNF9nmKtoqrsGldyQ:ofqQ60IWxKhNaNFVm+oqrsGld9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807859", "to_ids": false, "type": "size-in-bytes", "uuid": "900758c5-535b-4811-bfe0-9da93bf1b6cf", "value": "826823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807859", "to_ids": true, "type": "vhash", "uuid": "c7bbfee5-295c-4425-aaa0-1a3563aa985e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807859", "to_ids": true, "type": "filename", "uuid": "c21d977f-17de-4b04-85d8-81955b9f38ac", "value": "0df50fd4071459865951e80443ae8af0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807859", "to_ids": false, "type": "text", "uuid": "3c996bdd-2481-40b1-94c2-a5240d27afc5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859923", "uuid": "0a1d327f-2fab-4262-9512-050048081dbd", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859922", "to_ids": true, "type": "md5", "uuid": "3d08db36-39a0-48de-81df-1b159b5d8744", "value": "3c2845a6d8d28ce5d6587d7a89d5518f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859923", "to_ids": true, "type": "sha1", "uuid": "9bb01f33-074f-4122-857a-3dd54acaa6c7", "value": "af7aeead1fac295241174f540adbde3e4c2b3a54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859923", "to_ids": true, "type": "sha256", "uuid": "49f829c2-6cdc-41a9-be46-f700d57376f2", "value": "9d82c357d854211f7668e8ab99bcffa499b550b4d33bae47273d6889e8e0544a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807880", "to_ids": true, "type": "ssdeep", "uuid": "91b88a66-e33f-4baa-81fb-60b0ae473181", "value": "12288:wfBzlIEXAJe6ANXYC3HAA+9xCDlwKd4LB/PLQq0SsmAsiiBVuUYlYL3YtgRRLNVZ:wfqQ60IWxKDBnLuSsAiUkg3Kg3htB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807880", "to_ids": false, "type": "size-in-bytes", "uuid": "4c9d18a4-7f61-427f-994d-e12f1bf48ee4", "value": "826822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807880", "to_ids": true, "type": "vhash", "uuid": "438498e3-8d7e-4c83-bb20-125fa79a845b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807880", "to_ids": true, "type": "filename", "uuid": "aa8bf3b1-9015-46a6-9274-72f43a908060", "value": "3c2845a6d8d28ce5d6587d7a89d5518f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807880", "to_ids": false, "type": "text", "uuid": "e55ae072-dc62-4c8f-838b-176243e9a4cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859924", "uuid": "052cdaa0-db41-4f56-9ff0-a4e62e77b2ab", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859924", "to_ids": true, "type": "md5", "uuid": "d0d3dbbe-b938-4502-bb03-ee3bf29ccf7b", "value": "42997b796f37f04a4779852425ad8b51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859924", "to_ids": true, "type": "sha1", "uuid": "a7a54c8a-3097-4f94-b1de-e4056d31bc22", "value": "7c8dfe81f20156a42a0226d0b3445d3e28108195", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859924", "to_ids": true, "type": "sha256", "uuid": "eb4f112a-f086-486f-8ea2-a515ab7d07b7", "value": "484540e7071865ff5425230788205bc359f56dad5a7b026cfab4e0c2d342a26c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807902", "to_ids": true, "type": "ssdeep", "uuid": "ae18c0e6-09d5-44ea-9294-d754d83da80b", "value": "12288:pex70goSvctROfzkwkDecbgbX+VGjvpvlFMPgMgHi/HE:pbuJf4Wcbgr7VMgH6E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807902", "to_ids": false, "type": "size-in-bytes", "uuid": "72762819-71f4-4da7-92d5-f51b6ecda486", "value": "604882" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807902", "to_ids": true, "type": "vhash", "uuid": "6e385b97-6110-47a7-bebf-a651cdf86ce7", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807902", "to_ids": true, "type": "filename", "uuid": "f5cf0205-1e73-4672-b0f2-8e0f88fa39af", "value": "42997b796f37f04a4779852425ad8b51.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807902", "to_ids": false, "type": "text", "uuid": "eec7a65f-709f-43af-b6a9-95d12e6be05f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859925", "uuid": "6d189095-21e2-4be4-b93a-442277af948f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859925", "to_ids": true, "type": "md5", "uuid": "f312e088-aacc-4cfb-b0f7-61d54e375b72", "value": "9d5cf53b8c6044c6c2528d9ddb495f8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859925", "to_ids": true, "type": "sha1", "uuid": "b6023639-4713-473f-89e8-a0b9048848a1", "value": "118f1603c572693ef128249d1db48e90d002a740", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859925", "to_ids": true, "type": "sha256", "uuid": "98f282ff-1fbe-47ec-b362-3c3772a54792", "value": "973b8f0202360b340706eb80eb1cadaa142149d01dfed1520a8fe252025b3639", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807923", "to_ids": true, "type": "ssdeep", "uuid": "d90756dd-4315-4bc9-bc7e-ee0a364cdb8c", "value": "98304:MPg04Tijss4xxv5r/d/+2QuKIL/CIKfmcZ:EPocshxBr1G2QuKvf7Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807923", "to_ids": false, "type": "size-in-bytes", "uuid": "89988d1d-4f01-440a-a68e-b6cb156689e5", "value": "3765895" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807923", "to_ids": true, "type": "vhash", "uuid": "7db6793e-9d70-4e92-bce7-e06bd3097e90", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807923", "to_ids": true, "type": "filename", "uuid": "732a370a-6568-4cf2-9c86-f67eb9835d1a", "value": "9d5cf53b8c6044c6c2528d9ddb495f8f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807923", "to_ids": false, "type": "text", "uuid": "a0b294b7-249e-48e7-a2e9-8aa97783d860", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859926", "uuid": "fdbf553c-f5cb-48ee-925c-b6c3d393ca40", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859926", "to_ids": true, "type": "md5", "uuid": "e44838ed-0c61-4160-8f23-ad254995d541", "value": "a5103f03ce0b6da6ca26c7f8a65f1cff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859926", "to_ids": true, "type": "sha1", "uuid": "e50ad538-0ca1-465c-8eb2-cf3dba60f7a5", "value": "99300a0d949e5df4bebcf71b13cb301e9c2cf5f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859926", "to_ids": true, "type": "sha256", "uuid": "e418c209-4a56-444c-8aa1-d9c81577253e", "value": "61d7c77c35f3e5927210a3185291bc52f3ba4cd7418d18ce3da73b7fb1b0a213", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807945", "to_ids": true, "type": "ssdeep", "uuid": "b3dae1ce-8eae-4ee2-8b7f-36b0c9c85f62", "value": "12288:rfBzlIEXAJe6ANXYC3HAA+9xCDlwKd+L9djsqlsaF3EvP4VMjuayBaEsoVWSXFab:rfqQ60IWxKN9NsqX3IivayBfVWSXFI/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807945", "to_ids": false, "type": "size-in-bytes", "uuid": "0c3fdfed-3410-42a8-ae8f-51e5b171ba6a", "value": "826821" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807945", "to_ids": true, "type": "vhash", "uuid": "a81a488c-5dd5-46bc-a81d-3430647bcdf3", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807945", "to_ids": true, "type": "filename", "uuid": "49cb6bca-3b00-4617-bc05-9ba5d9e37d78", "value": "a5103f03ce0b6da6ca26c7f8a65f1cff.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807945", "to_ids": false, "type": "text", "uuid": "250850c8-d2c4-435e-99d2-b7b2b40010c4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859927", "uuid": "1c0b1982-a555-4c3c-9775-f7697844d8b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859927", "to_ids": true, "type": "md5", "uuid": "8e297fae-c7ab-494d-b26b-f80250c2cccb", "value": "668391a82694c5ad211fbfd1d3c746b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859927", "to_ids": true, "type": "sha1", "uuid": "8eaf2431-3270-44b8-a894-d171c9205750", "value": "eb57bdc5f5a74b60fa0e71680356b2ec20500439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859927", "to_ids": true, "type": "sha256", "uuid": "d05d9d0f-e05c-412e-b06a-337b3c15a08d", "value": "93f67ef04e34bd8d2b26fca33f39b9d360192628953c45ced3872b97cfe456f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807966", "to_ids": true, "type": "ssdeep", "uuid": "93bac114-c907-460d-a31f-ca97956a3348", "value": "24576:8CML2kOL9gjAikvXb4Ao2sGeT9bX2FOwNfm9LwGduKID6LhqKj4rbIS8/RNtfm+T:F59gMvXkAo2WYXf2lIOqe4/etfm+T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807966", "to_ids": false, "type": "size-in-bytes", "uuid": "46048151-b977-4793-99f9-37557b752b83", "value": "2408965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807966", "to_ids": true, "type": "vhash", "uuid": "5c58241e-6089-4748-ab83-c4c3ae08c10f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807966", "to_ids": true, "type": "filename", "uuid": "bb65f8bc-2666-49b7-a6c3-20a438f6260c", "value": "668391a82694c5ad211fbfd1d3c746b7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807966", "to_ids": false, "type": "text", "uuid": "a4575f7b-0f1d-41de-912c-39d9236a7a6e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859929", "uuid": "56570bb8-56c0-42a4-9c14-60b845c8fa55", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859928", "to_ids": true, "type": "md5", "uuid": "5e271002-ebb6-4100-bc91-a94510f6fdeb", "value": "5707d69a522df1b778e517471151f85a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859928", "to_ids": true, "type": "sha1", "uuid": "15d540aa-f65e-4120-a5f3-c032409528a7", "value": "c78286236ae536210bcdd77007396bffdaeeea02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859929", "to_ids": true, "type": "sha256", "uuid": "fdd9dd94-27be-41d9-aa26-a3cbf8d81593", "value": "4d8dd8f4c754b61c5f35bf1dcf3c7ee170bfce602ea2de2bc0364f46f815d132", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740807987", "to_ids": true, "type": "ssdeep", "uuid": "5a5281d6-95ab-4cf1-81e0-72856ab0c0a7", "value": "24576:ECML2kOL9gjAikvXb4Ao2sGeT9bX2FOwNfm9LwGduKID6Lhq/VsWtUjpk8/RNtfz:d59gMvXkAo2WYXf2lIOq/0pketfm+v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740807987", "to_ids": false, "type": "size-in-bytes", "uuid": "a953f42b-c46a-45e2-a2e0-0f50cbe3db70", "value": "2408962" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740807987", "to_ids": true, "type": "vhash", "uuid": "805b4594-7ed0-462c-a205-52a43db1395d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740807987", "to_ids": true, "type": "filename", "uuid": "c99d8756-37d1-4de1-ab59-1595b263b522", "value": "5707d69a522df1b778e517471151f85a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740807987", "to_ids": false, "type": "text", "uuid": "1e46804f-c826-4543-a774-3b8ec8bdf98e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859930", "uuid": "17455994-0bd8-426a-b8f9-c6a240f95211", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859929", "to_ids": true, "type": "md5", "uuid": "8192d889-9edd-4004-8c5d-95cabd7eecbe", "value": "42ca5127d12012f94b599740fba9d64f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859930", "to_ids": true, "type": "sha1", "uuid": "cd042ad3-badc-4aef-b8c0-215e8380aace", "value": "5c6aeb32d710268cbeb45c0116fba943f187cbe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859930", "to_ids": true, "type": "sha256", "uuid": "888a3911-241a-4128-b0fd-5104393c4a91", "value": "b38591c28d939748c356d86c5fa9e4d419fec8f8a663b72bd716c0b4a6998c05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808008", "to_ids": true, "type": "ssdeep", "uuid": "2daa9882-325a-48a0-8cf9-9918ddf29053", "value": "12288:8fBzlIEXAJe6ANXYC3HAA+9xCDlwKdmLt9YbkNJ5YnyyzN2jLZR2HbUW8HCd8gjZ:8fqQ60IWxKttUkNJ6nD2L9idNjQ3y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808008", "to_ids": false, "type": "size-in-bytes", "uuid": "525e9400-1637-441d-987f-d67d20e8ab03", "value": "826819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808008", "to_ids": true, "type": "vhash", "uuid": "27d826d3-ade6-4157-bd6e-8a4c9adb3aec", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808008", "to_ids": true, "type": "filename", "uuid": "95b98975-c906-4b6c-9893-da596bc05169", "value": "42ca5127d12012f94b599740fba9d64f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808008", "to_ids": false, "type": "text", "uuid": "a0f61491-4b9f-43b4-b902-41a3789cb2f0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859931", "uuid": "62ee939c-5d34-4d97-b81c-34f1c975a26a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859931", "to_ids": true, "type": "md5", "uuid": "b5877d31-3eb9-42c4-b8a8-9ca5bc710abb", "value": "490f9208ca06a0711235640f5582fbf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859931", "to_ids": true, "type": "sha1", "uuid": "8b6c2a54-6d1c-4a34-af23-1f7a13022b49", "value": "cc3ac9d3d2fb2fccabd1cc1bd48f21bb50267ddd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859931", "to_ids": true, "type": "sha256", "uuid": "20bc6851-e2fd-4121-91f1-9e14c6749816", "value": "69bbfd3bf8eb6aa3efc9aed13f1abf03bcf70cb192cb758d1ed48610a7673437", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808030", "to_ids": true, "type": "ssdeep", "uuid": "34fa19af-685f-471e-bb94-ae1cb9c04e20", "value": "12288:BqXnqI9YMtrle5yNy7cEbZkoBuvKKdVEwTveViTJsOX7s1YXC5AI3bsD/XARx7Qe:B6EcIIGctvEUcKaYseXC5AgKXARtQuKw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808030", "to_ids": false, "type": "size-in-bytes", "uuid": "69d9f3b8-64cf-4fe5-adc7-65bd7d8a54f9", "value": "897234" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808030", "to_ids": true, "type": "vhash", "uuid": "fe26102e-a958-463b-93ec-7df2252f7bfa", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808030", "to_ids": true, "type": "filename", "uuid": "5461d2af-00a7-419f-bafe-0bce9c6d7b40", "value": "490f9208ca06a0711235640f5582fbf5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808030", "to_ids": false, "type": "text", "uuid": "631b1c84-c577-4c64-98c5-116217435181", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859932", "uuid": "0fc98898-3e3d-4820-b693-4b1c2f8b3f51", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859932", "to_ids": true, "type": "md5", "uuid": "1a4ffb3f-302e-4b06-b673-d589f9987b27", "value": "f3a7c3c380cd70cf58b7fdb9ea5f2354", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859932", "to_ids": true, "type": "sha1", "uuid": "e8ffec46-2cb4-4ed1-8a04-db046d2bcee9", "value": "701e50b395a7a013b5ef086e60a1808ba3165804", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859932", "to_ids": true, "type": "sha256", "uuid": "6d22c4ca-898c-4569-bd14-5abdb6701d11", "value": "25469422c57f1ab130251949cc546f7554f1a463707fb119a08c6db5fc66388a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808051", "to_ids": true, "type": "ssdeep", "uuid": "b706dceb-3af0-4a3a-831b-923f8ba63a3a", "value": "12288:ZqXnqI9YMtrle5yNy7cEbZkoBuvKKdRFQJ48I89mVyUWnDWnc5AI3bsD/XARx7Qv:Z6EcIIGctu4pcj5AgKXARtQPce" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808051", "to_ids": false, "type": "size-in-bytes", "uuid": "a4d71dfe-5f75-4ca8-85c2-9ef0eeb20aa3", "value": "897230" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808051", "to_ids": true, "type": "vhash", "uuid": "c89e98ad-c0d5-4d3d-8e48-326a9bf7979e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808051", "to_ids": true, "type": "filename", "uuid": "9074baed-3d6c-42cb-bdb4-20bc86736836", "value": "f3a7c3c380cd70cf58b7fdb9ea5f2354.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808051", "to_ids": false, "type": "text", "uuid": "a4c8965a-f8a7-47df-99eb-e0ecce3b8bd5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859933", "uuid": "d23c650d-cc9b-4be9-8708-22cf06b71b03", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859933", "to_ids": true, "type": "md5", "uuid": "5edc4a23-db08-456a-819c-df119427d83f", "value": "b3a9af72b76d23ce7079f397407dc005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859933", "to_ids": true, "type": "sha1", "uuid": "26f6d6e0-2a0f-4a4c-9444-50a601bd7ee5", "value": "99131e7607d41468a44a1e9061995d43002ce30f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859933", "to_ids": true, "type": "sha256", "uuid": "1f237073-3ee8-4f3b-a812-e2131b2817c6", "value": "224e80ba419d6c41b2d8dc93e9e292adda0b65109d335cc6d4662d50a7bb39a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808072", "to_ids": true, "type": "ssdeep", "uuid": "71552f9f-a2de-4295-98c2-d0b71a60602a", "value": "12288:bqXnqI9YMtrle5yNy7cEbZkoBuvKKde7kcIwYHsQ+B+O/+OgG45AI3bsD/XARx7y:b6EcIIGctU7khRyOX5AgKXARtQS+P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808072", "to_ids": false, "type": "size-in-bytes", "uuid": "2a31d974-07c2-45e2-b34b-0c9e916e8e0c", "value": "897229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808072", "to_ids": true, "type": "vhash", "uuid": "5873aa93-8599-4d7b-9e2b-f6b2aa47a3ce", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808072", "to_ids": true, "type": "filename", "uuid": "309c867c-6187-4df1-aebc-147727e27990", "value": "b3a9af72b76d23ce7079f397407dc005.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808072", "to_ids": false, "type": "text", "uuid": "72753d6d-146c-4cb3-bc4d-96ab722436b2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859934", "uuid": "265da34c-c123-432c-b323-73e7972d89a5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859934", "to_ids": true, "type": "md5", "uuid": "e91baa9e-a1bf-4713-8299-cf7e30254600", "value": "8301c0906858fa3a2f67b30c47e4f9c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859934", "to_ids": true, "type": "sha1", "uuid": "496d35e1-3786-4953-8d70-24d57d935fe4", "value": "b42dc34ebc6e7ffbb75cdb73838250e8fbeb0fb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859934", "to_ids": true, "type": "sha256", "uuid": "0ab0139b-71f7-49a8-91bb-91baff3465d5", "value": "f8afe3cb3ba7f3c84a3ac051cc4d8c7d20a60e649a3fc7eb9bfcfcd99432c7d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808094", "to_ids": true, "type": "ssdeep", "uuid": "3f7a49a8-42da-4c7a-aaf8-5fc202b5f662", "value": "24576:1ML2kOL9gWvUa8MYAQsp15xW8/RNtfm+yQogO:159gWv2lsz5Ietfm+PI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808094", "to_ids": false, "type": "size-in-bytes", "uuid": "8ac35228-ced8-4a0b-84f9-2cc4b8d2f26b", "value": "897398" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808094", "to_ids": true, "type": "vhash", "uuid": "64aca739-b83f-42ed-aaa6-fcda1370aa8a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808094", "to_ids": true, "type": "filename", "uuid": "490f422a-92cc-4874-9bf2-f5f3fb76a23a", "value": "8301c0906858fa3a2f67b30c47e4f9c1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808094", "to_ids": false, "type": "text", "uuid": "dc1a9a98-452d-43a1-bca9-2c0b6c21f305", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859935", "uuid": "971169c9-98c8-440a-bf9d-c7ade46fdc8d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859935", "to_ids": true, "type": "md5", "uuid": "a879ab5e-4398-4cb4-8999-8f8d6fa9e4ed", "value": "bbdb10dee6e1a5ec66634203829da20c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859935", "to_ids": true, "type": "sha1", "uuid": "9a796388-c0bf-4656-9420-60faaa3082e9", "value": "fdcf92645ca201e55cb53f3b2c78c5319097df70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859935", "to_ids": true, "type": "sha256", "uuid": "09baf484-e51b-4fe7-b425-fe15ef44ac16", "value": "987fdcf61c9f2e2549241e6cf5686d4c7d4b7365894d880cba366c1991923832", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808115", "to_ids": true, "type": "ssdeep", "uuid": "76cff90f-b142-4468-b89b-0009a2409bbd", "value": "12288:RqXnqI9YMtrle5yNy7cEbZkoBuvKKdTrboARTWRFcvIEUb5di4u5AI3bsD/XARxL:R6EcIIGctjTW7crgDe5AgKXARtQ9YP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808115", "to_ids": false, "type": "size-in-bytes", "uuid": "2ae5df2b-51f4-4e2e-8836-4b0418a4ad9c", "value": "897231" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808115", "to_ids": true, "type": "vhash", "uuid": "38acbde9-2e70-4c3f-932e-80975ef54dd6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808115", "to_ids": true, "type": "filename", "uuid": "c550a6d7-6077-4fbb-9da8-2c9387600cab", "value": "bbdb10dee6e1a5ec66634203829da20c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808115", "to_ids": false, "type": "text", "uuid": "5cef2e7f-6ede-4f9b-84c3-22c33be0976a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859937", "uuid": "57e9acca-0262-4d7a-ac04-763214ab1f6c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859936", "to_ids": true, "type": "md5", "uuid": "2ba83e91-363e-4687-8e4f-f3d6305870b2", "value": "6d15043bfb53e8cfee619f008bae4726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859937", "to_ids": true, "type": "sha1", "uuid": "a3ed92fb-3c9a-43f6-85f2-e9ade2a7e940", "value": "369627216b41156a96028bb4b68857d7866ea65d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859937", "to_ids": true, "type": "sha256", "uuid": "d591ba86-7f09-41c3-bbcb-410312d09bbe", "value": "b3696209cb519201967bd1bc9d19cf1a5fe4a15c77cb7c232d7720cc2d4fe54c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808136", "to_ids": true, "type": "ssdeep", "uuid": "f882d5ff-2be2-46a7-9c34-77bb38ff89c0", "value": "12288:nwX0EM1k9TKTlXa+v5R9fpcKyouFKdrvWUqdfSTuFKISm3C5L28j:nML2kOL9gKvWUqlSqCp2G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808136", "to_ids": false, "type": "size-in-bytes", "uuid": "49dfb1cc-1032-4227-909d-c1e43230be81", "value": "641344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808136", "to_ids": true, "type": "vhash", "uuid": "4c57a880-5b59-4def-bfa8-f2fe67343678", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808136", "to_ids": true, "type": "filename", "uuid": "e0a6ae82-e536-4b94-a0fa-1d7d64c966b3", "value": "6d15043bfb53e8cfee619f008bae4726.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808136", "to_ids": false, "type": "text", "uuid": "7494e6ae-097f-4ac9-9cda-b1f867ecd179", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859938", "uuid": "b36dd5c7-8bae-4110-a1c0-08927017fc44", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859937", "to_ids": true, "type": "md5", "uuid": "b261c146-fb0b-41b8-a518-256fd20f0984", "value": "b240e7ec8ee75d4a5d18695a48a8040f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859938", "to_ids": true, "type": "sha1", "uuid": "179e1f8d-ccd2-4773-a9f3-28d8fae0f332", "value": "d4ebd1678acc585eb664a356948b8d34ab79c562", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859938", "to_ids": true, "type": "sha256", "uuid": "72db31cb-f342-47f1-9db2-97c6ec906db0", "value": "47286e7528445fa3f052e610f4a8889995911768dca9f57a329803fab88da1fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808158", "to_ids": true, "type": "ssdeep", "uuid": "9418353b-976c-4314-85be-fe27f9a37f2e", "value": "12288:iqXnqI9YMtrle5yNy7cEbZkoBuvKKdWEwTveViTJsOX7s1YXJ5AI3bsD/XARx7Ql:i6EcIIGctUEUcKaYseXJ5AgKXARtQvcs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808158", "to_ids": false, "type": "size-in-bytes", "uuid": "79645ebf-cb13-4ded-bf16-db187d1182d8", "value": "897234" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808158", "to_ids": true, "type": "vhash", "uuid": "5ae710a4-d960-43f3-8460-75c2be2ebd5c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808158", "to_ids": true, "type": "filename", "uuid": "6a81cccf-995f-47a3-8fee-c47942160d79", "value": "b240e7ec8ee75d4a5d18695a48a8040f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808158", "to_ids": false, "type": "text", "uuid": "3c30e058-5486-44ad-a7fe-0e7f22cff5b2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859939", "uuid": "dfb5aab1-9eee-42cd-9cc5-b67ad9702b67", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859939", "to_ids": true, "type": "md5", "uuid": "5436ada2-80fb-4f38-bbe4-9923ecdf9760", "value": "bf17b7858882ce733ff81ad93b47d356", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859939", "to_ids": true, "type": "sha1", "uuid": "ba3d8593-1007-4191-940b-3121a6e58f49", "value": "634cc658fdf24f47b479374a6b0f2257cf8df2d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859939", "to_ids": true, "type": "sha256", "uuid": "cb7bac47-e22c-47a0-afc3-f9e6bf89e7f9", "value": "01b24b231c2be29ff949e510629aec2301e474ae3851ccdaf032a6c7f171b2fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808179", "to_ids": true, "type": "ssdeep", "uuid": "d3cd850b-017c-46f0-9fc1-ac9960ab10aa", "value": "12288:gqXnqI9YMtrle5yNy7cEbZkoBuvKKdo8iY1FlwYHZ3vqOepY6GG5AI3bsD/XARx4:g6EcIIGctZfl/vdWY6R5AgKXARtQrEK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808179", "to_ids": false, "type": "size-in-bytes", "uuid": "85697516-ba4d-4453-ab38-741fd8e2fcd2", "value": "897229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808179", "to_ids": true, "type": "vhash", "uuid": "02c3ea18-ff22-4609-a849-82dc9246bef0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808179", "to_ids": true, "type": "filename", "uuid": "dde00539-a3de-4a5a-b2c7-191110513a1a", "value": "bf17b7858882ce733ff81ad93b47d356.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808179", "to_ids": false, "type": "text", "uuid": "defc420c-067e-42e0-a1a7-c7218f296e15", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859940", "uuid": "8e16ed00-6770-4341-9123-6e26a4ad78cb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859940", "to_ids": true, "type": "md5", "uuid": "be30bdfb-7abd-4a9e-9be7-6171c9f6c916", "value": "56ff668a8e42604648526ac01f465276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859940", "to_ids": true, "type": "sha1", "uuid": "d6761133-0884-4ede-9568-282fc98df735", "value": "fdb6ec0664d18933d91d2734489fe4ba2ea1de72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859940", "to_ids": true, "type": "sha256", "uuid": "08b682c2-7ac3-4017-a522-7ec76eba8387", "value": "d028357e911616ea420c17bed2ece89d1e042c63373d2c100588bb6f84ede156", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808200", "to_ids": true, "type": "ssdeep", "uuid": "0db871ad-3e51-41c4-94c3-66dd28606127", "value": "12288:8fBzlIEXAJe6ANXYC3HAA+9xCDlwKdVnKn54W7mw4Lqg3:8fqQ60IWxKUKn54Wsqe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808200", "to_ids": false, "type": "size-in-bytes", "uuid": "eefd4e14-a5ef-4581-9fa2-9ac0357861a2", "value": "611612" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808200", "to_ids": true, "type": "vhash", "uuid": "046a3919-b5e2-41c5-8467-a8d41c6729bc", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808200", "to_ids": true, "type": "filename", "uuid": "b7fc1ce8-6de9-46fc-a481-4f308a86821f", "value": "56ff668a8e42604648526ac01f465276.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808200", "to_ids": false, "type": "text", "uuid": "e4652142-fec2-473c-8aee-2723a902018d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859941", "uuid": "7a3c0940-fa47-49c9-8eca-037aed6da9f7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859941", "to_ids": true, "type": "md5", "uuid": "aeada51b-080c-40ed-8b68-f62eda68f261", "value": "5f61e25af7218f11b7b7b32a5eaa0bbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859941", "to_ids": true, "type": "sha1", "uuid": "f6b093f4-e92b-48fd-9811-b21a000d0bc7", "value": "83c8ca3d3f6211e3ea86e926d33b273e5b73256d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859941", "to_ids": true, "type": "sha256", "uuid": "7dd78bde-5f8c-4262-8b08-61e66c8e7ab8", "value": "e11d6e19fb0e673971d9ff855aeecc665bc3efd37f61ae43c2e25902a4bbb686", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808221", "to_ids": true, "type": "ssdeep", "uuid": "d8510b41-75fa-4704-a493-23e4f973e162", "value": "24576:LxfqQ60IWxKl9tc03jSEdN9pI6VeaEelKAOdhS5TrNg:Lxf1607KD3NT9p79Eelv5TrO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808221", "to_ids": false, "type": "size-in-bytes", "uuid": "03e477a8-65d4-4257-b80b-341c34bd9725", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808221", "to_ids": true, "type": "vhash", "uuid": "cac6aa3e-b10f-4f19-ba1b-9b62b696c79a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808221", "to_ids": true, "type": "filename", "uuid": "5e0e6a47-6854-468b-bc2a-a4cf66fa9ad9", "value": "5f61e25af7218f11b7b7b32a5eaa0bbe.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808221", "to_ids": false, "type": "text", "uuid": "96cf2757-74cc-43f0-bdf1-39691587f1fa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859942", "uuid": "5e9a5588-9ad4-4d84-8ed7-c2b9bbb20d88", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859942", "to_ids": true, "type": "md5", "uuid": "5714e46e-8f06-4b97-b9b7-c6d9b5cea266", "value": "80305bb1f391adb645b0f63a2866d822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859942", "to_ids": true, "type": "sha1", "uuid": "d90b9066-c629-4ca3-9b0c-f37342486aa3", "value": "7e4d558e8db088eab802d5a7e7b3d976255395d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859942", "to_ids": true, "type": "sha256", "uuid": "54470ee1-cd94-4e09-bf82-5a3bf41241c3", "value": "e33912b8e077743b947ec091508af6b4fd9eb13dbafec924af1afc61e78ab321", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808243", "to_ids": true, "type": "ssdeep", "uuid": "a36d8302-b0e3-4f9e-853f-e9bfbea812f0", "value": "24576:iSML2kOL9gjAikvXb4Ao2sGeT9bX2FOwNfm9LwGduKID6Lhq5j4rbIb8/RNtfm+l:T59gMvXkAo2WYXf2lIOql4metfm+l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808243", "to_ids": false, "type": "size-in-bytes", "uuid": "9e7b4faa-f413-493b-a149-b01800085050", "value": "2408965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808243", "to_ids": true, "type": "vhash", "uuid": "18908254-d142-4a97-a249-6d8412d7c784", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808243", "to_ids": true, "type": "filename", "uuid": "f503581c-5fce-4584-ae9d-12c3d0a5b2e0", "value": "80305bb1f391adb645b0f63a2866d822.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808243", "to_ids": false, "type": "text", "uuid": "4ff95c7f-4c9c-4949-b4be-a5e57d3a8af6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859944", "uuid": "24c7cab3-47e3-4ec8-bea3-5e55397cad28", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859943", "to_ids": true, "type": "md5", "uuid": "479c013a-39d7-41c1-8c7d-f4dcd064057c", "value": "707e2f162cdba411ea92da2bfac1f534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859943", "to_ids": true, "type": "sha1", "uuid": "26a377d7-f661-4365-832b-f35260f51778", "value": "b5d956f9f09c6c1d0bd4d395f67a681f8f73ef33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859944", "to_ids": true, "type": "sha256", "uuid": "c8a40242-99bd-46b5-8e21-ddd684948731", "value": "600d2c322c34463b72f0870e08fe87e4c1a87888172ebbda8af0b004d2565ece", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808264", "to_ids": true, "type": "ssdeep", "uuid": "3d46adc6-caf5-4f6c-86f9-64117cf5cc30", "value": "12288:kfBzlIEXAJe6ANXYC3HAA+9xCDlwKdOLtxCbkNJ5YnyyzN2jLZR2HbUW8HCd8gj7:kfqQ60IWxKdtikNJ6nD2L9idNjQjE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808264", "to_ids": false, "type": "size-in-bytes", "uuid": "656ab2fc-fa72-4c1c-8824-e9d040819d7c", "value": "826819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808264", "to_ids": true, "type": "vhash", "uuid": "ce776b40-d3bf-45ff-8ca9-1ff0ba85e064", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808264", "to_ids": true, "type": "filename", "uuid": "4ad58a2e-6f08-419c-b8e3-abc464dab536", "value": "707e2f162cdba411ea92da2bfac1f534.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808264", "to_ids": false, "type": "text", "uuid": "9e510fbd-4b96-43d4-8113-adad0d6051c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859945", "uuid": "ac8fe2f4-0316-43ca-af1d-0974f87fb529", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859944", "to_ids": true, "type": "md5", "uuid": "3b495e5a-0af8-4e79-b4c7-ee5e5d9633a2", "value": "286317410d08f56c042f9f106ff6a339", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859945", "to_ids": true, "type": "sha1", "uuid": "925b1c42-287d-4fa3-a083-edbe112a7d58", "value": "b3a0d6bb00c754a8c3efb1248b1505dda85035e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859945", "to_ids": true, "type": "sha256", "uuid": "2c0291f5-0327-45fb-8731-56edff9e7b8e", "value": "07d1878fabeb968336483867a4a905a060e3f20b39d4fe9757180d4ef33f75e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808285", "to_ids": true, "type": "ssdeep", "uuid": "5cfe2778-71d9-4edc-8ce8-45434397b39c", "value": "12288:iwX0EM1k9TKTlXa+v5R9fpcKyouFKdgzlc64V1rnI4LOK3:iML2kOL9gJj4rbI8OA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808285", "to_ids": false, "type": "size-in-bytes", "uuid": "b5fd1e22-9412-495a-a2da-fc6a7f4b0e99", "value": "641342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808285", "to_ids": true, "type": "vhash", "uuid": "6aa3d35e-50b4-4c5d-9242-f198d4cc1ad7", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808285", "to_ids": true, "type": "filename", "uuid": "a3e881c2-d3c2-4ff8-991d-3f7e5bd33a4b", "value": "286317410d08f56c042f9f106ff6a339.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808285", "to_ids": false, "type": "text", "uuid": "a4ebc1ae-3720-4aa4-b590-e2d21761d9f3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859946", "uuid": "1a7db514-2403-4292-b8f4-b76f03f2d085", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859946", "to_ids": true, "type": "md5", "uuid": "3cb7d45b-6b4d-47ff-bfc7-8484daa271cb", "value": "91143d1cadf5d26927d6626cb4d0ef0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859946", "to_ids": true, "type": "sha1", "uuid": "866c939e-7181-4a90-8895-856e85727f4d", "value": "84aeb9ca460ed69c464a2720e79f47a9b403f5a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859946", "to_ids": true, "type": "sha256", "uuid": "386f9b7e-7f40-4ba4-95be-ec3488af986c", "value": "db434f9791af5ff2e27f249a9d790bd84ee224ee8acf2c158a5639be24c8a4c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808307", "to_ids": true, "type": "ssdeep", "uuid": "8296ca37-fd2b-41ce-9292-289bddb0e3fd", "value": "12288:mfBzlIEXAJe6ANXYC3HAA+9xCDlwKdtnKn54W7mwLL8fD:mfqQ60IWxK4Kn54W/87" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808307", "to_ids": false, "type": "size-in-bytes", "uuid": "f475bbb4-cb20-47af-8e20-d499d640821a", "value": "611612" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808307", "to_ids": true, "type": "vhash", "uuid": "72aa3f74-db8c-4652-b8c7-146fabb434b2", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808307", "to_ids": true, "type": "filename", "uuid": "f1bfec3d-ac77-49ac-b49a-da192e5d4f51", "value": "91143d1cadf5d26927d6626cb4d0ef0f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808307", "to_ids": false, "type": "text", "uuid": "577ac0fd-95a5-43e9-b873-cc850edf63fe", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859947", "uuid": "56f5c30d-ca60-4855-a934-7280b29a9f75", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859947", "to_ids": true, "type": "md5", "uuid": "c108c190-6e12-488d-8108-b0afe68f211c", "value": "ae498aa85b0b0eaa99d40736be989ce6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859947", "to_ids": true, "type": "sha1", "uuid": "6531115e-e8e7-411b-b39c-f241d8a8ce34", "value": "f1d9c7bf9da9b4fa0b1265e189d32f8b3ebf6519", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859947", "to_ids": true, "type": "sha256", "uuid": "023736b0-5fd3-427f-a19c-8376ffcae402", "value": "fd8173c8bdefadab77e76a300a9c70c57406b6738de2bf2f9f4dbe057fb23fe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808328", "to_ids": true, "type": "ssdeep", "uuid": "ddd41e19-8ac8-4eb0-a073-7f808bab0080", "value": "12288:mEg5F65q188LwSylCY4E/cW+mHlfS/wvVNTNtZRqIs8/plsbF0WUvyx:mbFkyxc4E/c8HlfAwzLHb/8SWPx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808328", "to_ids": false, "type": "size-in-bytes", "uuid": "efa22d7c-300d-4096-976a-9970abf857c4", "value": "604842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808328", "to_ids": true, "type": "vhash", "uuid": "29c7bca4-4d90-4375-ab29-d4f7e7fc1c16", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808328", "to_ids": true, "type": "filename", "uuid": "258537f6-500f-4345-ba0f-d0b3813d4d79", "value": "ae498aa85b0b0eaa99d40736be989ce6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808328", "to_ids": false, "type": "text", "uuid": "9ec5a6a0-1d9a-477e-94bc-b34d5d3cded7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859948", "uuid": "aebbfa3c-07fd-413d-8451-47b6e38616b6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859948", "to_ids": true, "type": "md5", "uuid": "48670a02-4328-4c9f-9281-182fb5c5b198", "value": "6bc0576a6bb23960982bccb0980256e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859948", "to_ids": true, "type": "sha1", "uuid": "12e260ff-23c4-44b1-bdf1-aa5e70b95cbc", "value": "20b53374242baeb54decccae555ada6b0b5a153b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859948", "to_ids": true, "type": "sha256", "uuid": "85e3970d-2c36-44ae-aa3d-9d2cecd6af8f", "value": "9312831a14c5da3dc6c40414728e41b1eca2f814f654c4e81cf77cfb29091f4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808349", "to_ids": true, "type": "ssdeep", "uuid": "eca57fea-2902-4e1e-8c3b-84aaaa44a2a9", "value": "12288:ywX0EM1k9TKTlXa+v5R9fpcKyouFKdAEgLmqR4vpRL+s88EKlTPpGgVDfm+N9LMv:yML2kOL9gFEgLyv7L+s88/RNtfm+nMv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808350", "to_ids": false, "type": "size-in-bytes", "uuid": "35b08100-60e9-40b8-a02c-a84969968841", "value": "897139" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808350", "to_ids": true, "type": "vhash", "uuid": "2f7d80dc-35b4-4720-92fe-2ef457403239", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808350", "to_ids": true, "type": "filename", "uuid": "6cb9a5fd-f2a6-4f40-bec2-26e76449f869", "value": "6bc0576a6bb23960982bccb0980256e2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808350", "to_ids": false, "type": "text", "uuid": "c9aa2a41-8a8b-471c-8370-62cf6c6e58fd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859949", "uuid": "e10e54bd-7b80-484f-a728-0ed432b218f8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859949", "to_ids": true, "type": "md5", "uuid": "d91297b7-ee74-43d8-96ba-367ced7213a4", "value": "bd77800b8954e394bec8649573b93d00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859949", "to_ids": true, "type": "sha1", "uuid": "40dc540b-b1fe-42e7-9891-3f97eb49d85f", "value": "fde9ae2f54d02e7770e5ca34a154d1293fceb6ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859949", "to_ids": true, "type": "sha256", "uuid": "9d3daf16-5999-4c3b-83a5-4fa5927a35d2", "value": "dc4ff34f500750580901b56880dc671f0370ca44b23433ad64e8db51274c89a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808371", "to_ids": true, "type": "ssdeep", "uuid": "56752a52-2fe7-41a6-932d-2759696e2634", "value": "12288:FwX0EM1k9TKTlXa+v5R9fpcKyouFKdRAgDAeJM0vWgvL7a7axlLi48:FML2kOL9gKAgDAgugv67axFih" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808371", "to_ids": false, "type": "size-in-bytes", "uuid": "e7231324-b3b4-4f55-8772-4cd26e420968", "value": "641342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808371", "to_ids": true, "type": "vhash", "uuid": "46673a83-6720-4e37-8e37-f3bfcbaddf34", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808371", "to_ids": true, "type": "filename", "uuid": "0fc22aa9-dcd0-40b8-83b2-c2248fd2ec4a", "value": "bd77800b8954e394bec8649573b93d00.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808371", "to_ids": false, "type": "text", "uuid": "c3bdd4fc-ecb9-4f8c-ae75-b037110829a3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859950", "uuid": "d00b6c84-65a0-45b5-9701-7df07a8d077b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859950", "to_ids": true, "type": "md5", "uuid": "cfe13a1c-af47-4e3a-846d-5c690f737202", "value": "ef88a033f3b3fddb5945cb2ea9a84bda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859950", "to_ids": true, "type": "sha1", "uuid": "14da2836-086b-434b-a96a-d1e278d7c2a1", "value": "477cce71ca1504a6cd0ba8215e6dfc78e877d505", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859950", "to_ids": true, "type": "sha256", "uuid": "033ad08f-1cc0-423c-8bf8-269089ba9dc2", "value": "6da142c8614f87039d41f4c0edc1a30a211cc42e2eba57f6e4947e0792676ef8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808392", "to_ids": true, "type": "ssdeep", "uuid": "9c68b420-ec3b-4c65-9332-df7c1e06d90a", "value": "24576:DKcJT6EcIIGctQT7B2ipZI55AgKXARtQV6qlz/hsZQBK6ut:DKcJTbctQT7B2iU4gQAXe/z/hsZQBK6m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808392", "to_ids": false, "type": "size-in-bytes", "uuid": "04249de3-1af2-484e-906d-1760cf341e71", "value": "897232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808392", "to_ids": true, "type": "vhash", "uuid": "7b6e039c-69cf-45f6-ae52-7ae65692457e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808392", "to_ids": true, "type": "filename", "uuid": "f57e3ac9-d56f-4a0c-8444-50cd2d2dc997", "value": "ef88a033f3b3fddb5945cb2ea9a84bda.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808392", "to_ids": false, "type": "text", "uuid": "7ddb3825-0140-4f85-88a8-d783b8ee339c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859952", "uuid": "ec57aea9-a4a3-42aa-874e-9824420bfd8c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859951", "to_ids": true, "type": "md5", "uuid": "0593e48a-6917-4d3f-9016-d4036e4530ad", "value": "fc9cc0d25fbdbd4db18e67c4afade094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859951", "to_ids": true, "type": "sha1", "uuid": "1d53fca1-3544-4f30-a94d-0df31c4109cd", "value": "134b29d1f3a5ae62ee5a742513a381cf5d3e2954", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859952", "to_ids": true, "type": "sha256", "uuid": "e76457a9-03f0-4b10-87be-52291d42aa85", "value": "05c094dd5c895958d24d9ff6a36d7b620b51a45bbe97dc4e34374fa28392211b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808414", "to_ids": true, "type": "ssdeep", "uuid": "6ffc6950-0555-41e2-a40d-c6e7ff1382d3", "value": "12288:8qXnqI9YMtrle5yNy7cEbZkoBuvKKd9EwTveViTJsOX7s1YXa5AI3bsD/XARx7Qx:86EcIIGctnEUcKaYseXa5AgKXARtQuiP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808414", "to_ids": false, "type": "size-in-bytes", "uuid": "e8359da6-b44d-4e32-ae93-1b58fcb48f83", "value": "897234" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808414", "to_ids": true, "type": "vhash", "uuid": "a7206a8b-8d20-442d-8184-8fadabdcfc0f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808414", "to_ids": true, "type": "filename", "uuid": "97e1b5d9-ed87-45e6-88e6-29d1e27a220e", "value": "fc9cc0d25fbdbd4db18e67c4afade094.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808414", "to_ids": false, "type": "text", "uuid": "d80c5a99-b8b3-40c6-b2eb-ca6fb7a54f66", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859953", "uuid": "2080d531-f6ec-473c-bccd-9a11dae6663e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859952", "to_ids": true, "type": "md5", "uuid": "67ebd606-b6e1-4978-8473-3c128fd96e71", "value": "05f65427b0510f19cc1c3ade4770dd13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859953", "to_ids": true, "type": "sha1", "uuid": "a9b09f31-68f6-4712-8eca-c0b1deaed1fc", "value": "1ec7f8204b61131e205c63aedbc8d02129dbca2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859953", "to_ids": true, "type": "sha256", "uuid": "9948b480-dbad-4a3f-aa82-acb7cf82f987", "value": "ad45c24c69c71482136e1715700b5692ffcb0f10f3a63ba9ef5efbd2a640a684", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808435", "to_ids": true, "type": "ssdeep", "uuid": "3097684b-51e4-455c-a8b5-e46f2295908e", "value": "12288:qwGXbSophOalMZSSnQJccBS7tKdX1sAeKCTeSVecETWLp84iLUpw:qRNZq3QJAAIpTewEcSU+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808435", "to_ids": false, "type": "size-in-bytes", "uuid": "e294661c-b127-4fa4-a7f3-d708462dc85a", "value": "689984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808435", "to_ids": true, "type": "vhash", "uuid": "3b8610ed-fd35-4605-8171-14039c24854b", "value": "56fa0fc1a9ff1fcce9bedbad01e934ff" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808435", "to_ids": true, "type": "filename", "uuid": "a52bb773-0129-48c8-a67e-e477d6132ac4", "value": "05f65427b0510f19cc1c3ade4770dd13.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808435", "to_ids": false, "type": "text", "uuid": "dbd2f898-afe2-45e7-a804-e5ce205335a3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859954", "uuid": "94c3b0ca-bf57-480c-a9c8-905a5bc9ca52", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859954", "to_ids": true, "type": "md5", "uuid": "24d67f8e-3251-46fe-a8e9-2e5603b79086", "value": "73c05671527dd449cd34468427bd1f4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859954", "to_ids": true, "type": "sha1", "uuid": "e08bd282-f7f7-40b4-ae43-c04d625c398b", "value": "bb8996f02844ab7ef29900b0510d04328b43988a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859954", "to_ids": true, "type": "sha256", "uuid": "fe21e2c3-14cb-49d2-9cd5-ca52d4fccbab", "value": "964840084d8777e9b93c7c107c4c60657f0e5cf27e50cdb570004f7dd986d8a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808456", "to_ids": true, "type": "ssdeep", "uuid": "e48b3e78-69fa-44d4-ac14-2885ca525ccb", "value": "12288:NwX0EM1k9TKTlXa+v5R9fpcKyouFKdpvWUqdfSTuFKISm3CzLKyH:NML2kOL9gYvWUqlSqC3Kc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808456", "to_ids": false, "type": "size-in-bytes", "uuid": "cb9fdc34-a26f-4c0f-8ed5-369053d6cfb7", "value": "641344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808456", "to_ids": true, "type": "vhash", "uuid": "422ae615-e7f0-43d7-a235-779be83ff136", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808456", "to_ids": true, "type": "filename", "uuid": "9dbd5022-8a2e-4ba6-a7c5-ad0f2add70d7", "value": "73c05671527dd449cd34468427bd1f4a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808456", "to_ids": false, "type": "text", "uuid": "ac86d9df-dbcb-4896-8c7e-e19f5d706b63", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859955", "uuid": "54e87507-bb43-4585-beac-8763d7de56f1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859955", "to_ids": true, "type": "md5", "uuid": "f50fbe94-3442-4a99-9023-3ebaffe23d20", "value": "30ddd2716d00b0fa6b307dabd7d61ee0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859955", "to_ids": true, "type": "sha1", "uuid": "1f55dd35-9433-48e5-bc21-c33bc9e71efd", "value": "1f3f19f894bdf9ce298e194e78d9da6db256d3df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859955", "to_ids": true, "type": "sha256", "uuid": "759619d6-be11-4635-b1d6-1768521bf821", "value": "f53947262397eaa98d559e4b784ca24d817e2c80d57e0ba8db1cf974092660d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808478", "to_ids": true, "type": "ssdeep", "uuid": "c2ff05e5-244e-40b4-9961-212b01f3b66e", "value": "24576:EGML2kOL9gjAikvXb4Ao2sGeT9bX2FOwNfm9LwGduKID6LhqGj4rbIy8/RNtfm+n:t59gMvXkAo2WYXf2lIOqy4zetfm+n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808478", "to_ids": false, "type": "size-in-bytes", "uuid": "1676a85a-5851-4bde-8b79-f1b14b454fea", "value": "2408965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808478", "to_ids": true, "type": "vhash", "uuid": "3765e7c3-cbf5-47f2-ab22-d62167305db1", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808478", "to_ids": true, "type": "filename", "uuid": "aebc2c9e-3430-4527-9cdd-528f82f7fceb", "value": "30ddd2716d00b0fa6b307dabd7d61ee0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808478", "to_ids": false, "type": "text", "uuid": "5bf86d39-a5d8-450e-bfd9-3afec1bcf371", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859956", "uuid": "75bddee1-4aae-428c-9c5b-0e10f729cec4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859956", "to_ids": true, "type": "md5", "uuid": "2c0edae8-8376-4b8e-93c9-30a183a3ea8f", "value": "14a52905a54c46eea0ffcf17961461ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859956", "to_ids": true, "type": "sha1", "uuid": "b13f5442-3e29-49e2-8456-1dd51e5d771f", "value": "efbd1e3aa1e48d07381807f221b6fb0fa2ec987e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859956", "to_ids": true, "type": "sha256", "uuid": "76fa12a3-5e63-4e7a-b054-6cda77f4890d", "value": "9cc099dd60eea0ba9d1e131c8bc56e43d45b9baa05e91b0ea87b9f2d4be0ed3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808499", "to_ids": true, "type": "ssdeep", "uuid": "6d9e70ff-6e7c-4a76-8b3f-69dc16180aee", "value": "12288:yqXnqI9YMtrle5yNy7cEbZkoBuvKKd17kcIwYHsQ+B+O/+OgGR5AI3bsD/XARx7n:y6EcIIGctv7khRyOi5AgKXARtQh0P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808499", "to_ids": false, "type": "size-in-bytes", "uuid": "8b87f821-3443-4089-ab6a-e44d04b308f5", "value": "897229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808499", "to_ids": true, "type": "vhash", "uuid": "8d52e310-b71f-44ab-ab28-a66f45eee0b6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808499", "to_ids": true, "type": "filename", "uuid": "f4c93cef-40c2-4390-90d6-d5bde9273ec4", "value": "14a52905a54c46eea0ffcf17961461ac.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808499", "to_ids": false, "type": "text", "uuid": "b2048e6f-6a76-496e-b166-d7bf7a29f299", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859957", "uuid": "128e1b82-979a-4184-85ca-6861d5be67c8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859957", "to_ids": true, "type": "md5", "uuid": "612a99a8-ffc5-4ae7-8582-0aec07af5b50", "value": "9670693894691f9aba85ec77df5ebe41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859957", "to_ids": true, "type": "sha1", "uuid": "6f78ff0b-70b6-423c-8e7f-7889f84e3b4e", "value": "6f27cc9cde5330bd74b2723e163d8e095e2682a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859957", "to_ids": true, "type": "sha256", "uuid": "8fb89092-5823-497c-941d-04e6fcb9fad7", "value": "ef76be2b4ab06bbac8f3dfadf25cee2cc3651921e65ce541db45a7242710b0be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808520", "to_ids": true, "type": "ssdeep", "uuid": "98dd121d-a994-466f-a5b5-4c2ecdbba66e", "value": "12288:jqXnqI9YMtrle5yNy7cEbZkoBuvKKd+7kcIwYHsQ+B+O/+OgGT5AI3bsD/XARx7z:j6EcIIGcto7khRyOE5AgKXARtQ/c1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808520", "to_ids": false, "type": "size-in-bytes", "uuid": "e4a6da68-fd94-4329-abdc-b405ba0fdbd7", "value": "897229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808521", "to_ids": true, "type": "vhash", "uuid": "888bcf03-8f0c-42cb-a451-69b364ba5f88", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808521", "to_ids": true, "type": "filename", "uuid": "d4997790-5b8c-44d3-9ff3-ff646595178f", "value": "9670693894691f9aba85ec77df5ebe41.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808521", "to_ids": false, "type": "text", "uuid": "ddf3adfa-e225-4c55-94d3-4bad8e5f6964", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859959", "uuid": "d9feb4b0-f63f-4067-817b-2b78b78403d4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859958", "to_ids": true, "type": "md5", "uuid": "4e261cab-61f8-4d21-a954-4d71cf910a8f", "value": "9de84449cc0861ae117dce7d6fc983fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859958", "to_ids": true, "type": "sha1", "uuid": "831b6921-95a5-42e1-b898-ff94b51d8be3", "value": "87be1edb0ba540991a6dc2e0fdc68a6366416378", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859959", "to_ids": true, "type": "sha256", "uuid": "9306dc1d-c485-49c2-9df1-1d950a1a595c", "value": "9bef80b975976ec2c50c5d49d25508394efe31e9af706f5cfb80c902ca4974cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808542", "to_ids": true, "type": "ssdeep", "uuid": "7f680fcf-42b1-47df-bf0c-a8126fb214ce", "value": "12288:iqXnqI9YMtrle5yNy7cEbZkoBuvKKdabcnFQJ4GI89m9qO+O/+aluEB5AI3bsD/3:i6EcIIGctOl4rdveEB5AgKXARtQ46J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808542", "to_ids": false, "type": "size-in-bytes", "uuid": "dc360888-c230-44a1-a5a4-3c6db51e4f09", "value": "897231" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808542", "to_ids": true, "type": "vhash", "uuid": "0e654c67-24f9-4cb4-b715-df77aea01327", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808542", "to_ids": true, "type": "filename", "uuid": "1f52c19c-d326-47a4-a4a0-b9874866ca12", "value": "9de84449cc0861ae117dce7d6fc983fa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808542", "to_ids": false, "type": "text", "uuid": "10da64ce-95e0-4ce7-9b6a-294d645f7c31", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859960", "uuid": "63483bd0-2605-4c34-b215-4b1e2d807533", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859959", "to_ids": true, "type": "md5", "uuid": "712dc178-c18c-4a04-a2ca-f2e0e5ebb144", "value": "c54e79005eb91872cee637bb6dc30e09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859960", "to_ids": true, "type": "sha1", "uuid": "4d0dbbe0-fef2-41b8-ac73-fcb48230ca8b", "value": "9bb5500eaaba68c7d82ee0b01e51fd9c62c5c97c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859960", "to_ids": true, "type": "sha256", "uuid": "ebb5dd11-b60b-457f-8517-3d567dcc0988", "value": "0c7e99dd964da91cf751daa91f0c69789f26081e252edf95e7a453ee75e632e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808563", "to_ids": true, "type": "ssdeep", "uuid": "8ffe1ed3-a66c-49b1-b104-74555b35e300", "value": "12288:bfBzlIEXAJe6ANXYC3HAA+9xCDlwKdBLh03bkNJ5YnyyzN2jLZR2HbUW8HCd8gjr:bfqQ60IWxKahAkNJ6nD2L9idNjQDI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808563", "to_ids": false, "type": "size-in-bytes", "uuid": "3b3af060-2601-4211-921b-3bd66bd656e6", "value": "826819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808563", "to_ids": true, "type": "vhash", "uuid": "f9a45fe5-e604-4a98-8f1e-fcdfdf0cab8d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808563", "to_ids": true, "type": "filename", "uuid": "459e4908-53aa-4801-89a4-5c6d886a9d4d", "value": "c54e79005eb91872cee637bb6dc30e09.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808563", "to_ids": false, "type": "text", "uuid": "d3464ed0-6e77-4103-bc6c-74b927ee58dd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859961", "uuid": "8c815747-a15e-4cb7-8b01-3d9e334bec11", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859961", "to_ids": true, "type": "md5", "uuid": "3e237b5b-0ba7-4b35-87f2-5e66dd78ef57", "value": "9261747feed10217811aeefb206bae76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859961", "to_ids": true, "type": "sha1", "uuid": "449023a5-d8d9-422d-ba68-e5a3e02fb96f", "value": "b8aab84699a7e3ddd39c7b38ce1b74f856ba6da2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859961", "to_ids": true, "type": "sha256", "uuid": "b9188471-e94c-4711-abc6-049f6b2ec8f1", "value": "81147cd836ac8a37d9bf6e18bd1cc1c3371e3714a0ee9f7ba9d373518f1b2130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808585", "to_ids": true, "type": "ssdeep", "uuid": "d08e7d17-407b-4e29-85c4-d1bc81e26016", "value": "49152:k59gMvXkAo2WYXf2lIOqHWUqlCaetfm+F:k/9vXkNHYXf2lqH8dKfmm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808585", "to_ids": false, "type": "size-in-bytes", "uuid": "901f74ca-8f66-47d7-a634-cc7e37100145", "value": "2408965" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808585", "to_ids": true, "type": "vhash", "uuid": "4494ac9c-2791-47c1-9edd-29133b33d2a6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808585", "to_ids": true, "type": "filename", "uuid": "daece7b8-fb61-4012-bcf3-c0216b309733", "value": "9261747feed10217811aeefb206bae76.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808585", "to_ids": false, "type": "text", "uuid": "e8c38c7d-8802-473c-8ff6-17182162559e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859962", "uuid": "557171a8-7acf-422d-a4d8-b47150227ac2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859962", "to_ids": true, "type": "md5", "uuid": "283eb59f-7fd9-443e-aecf-67006144e6d7", "value": "13507e740a10e9176b773240b54743d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859962", "to_ids": true, "type": "sha1", "uuid": "87968faa-e0f5-465e-a2e6-998fef0553f1", "value": "799fe7ed2b6ae2308664997ca4c8a3a5263840ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859962", "to_ids": true, "type": "sha256", "uuid": "fc7ecae4-1df0-4fd0-9da2-8c30d819bfc3", "value": "9b41d87126fa5f72bcaefe1c84e3897a0e33aa990c2bd10f986234d32124eb11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808606", "to_ids": true, "type": "ssdeep", "uuid": "c2be4546-58c9-45d3-8442-0857cc39a681", "value": "24576:SaML2kOL9gjAikvXb4Ao2sGeT9bX2FOwNfm9LwGduKID6LhqXrDhy8/RNtfm+3sk:H59gMvXkAo2WYXf2lIOqbDoetfm+h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808606", "to_ids": false, "type": "size-in-bytes", "uuid": "8285b21b-7c43-4f5f-8721-a1170cb9b77c", "value": "2408962" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808606", "to_ids": true, "type": "vhash", "uuid": "6fb1f614-f6f0-4bbc-81a1-311cfb194d5a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808606", "to_ids": true, "type": "filename", "uuid": "00009f78-823c-4b28-8a5a-8e1ee14bf171", "value": "13507e740a10e9176b773240b54743d8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808606", "to_ids": false, "type": "text", "uuid": "aade0995-28cd-44bc-ac76-4292400509ed", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859963", "uuid": "9485513b-5c14-4cad-8651-8162f3998f16", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859963", "to_ids": true, "type": "md5", "uuid": "ee23be74-2ad6-46ad-93f6-d9f557a0811c", "value": "98daf6325386d01021f7eb1d582b2588", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859963", "to_ids": true, "type": "sha1", "uuid": "4509053e-6368-426b-abe3-2bbf781acb24", "value": "0331f592ab66676640e4a2ff2076a48372d92c8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859963", "to_ids": true, "type": "sha256", "uuid": "ebcbe7dc-1034-4913-a9d9-e6134f244f82", "value": "717c73adb48d58945b6b2acae289534738ddf9a5331f5cb55913a2d44b36722d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808628", "to_ids": true, "type": "ssdeep", "uuid": "ebb5a462-6685-4a5d-a228-06d36aa2fa1a", "value": "12288:cwX0EM1k9TKTlXa+v5R9fpcKyouFKdBvWUqdfSTuFKISm3CXLOqG:cML2kOL9gUvWUqlSqCbOp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808628", "to_ids": false, "type": "size-in-bytes", "uuid": "58f213ff-5ddd-4962-8864-07e90edb08f2", "value": "641344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808628", "to_ids": true, "type": "vhash", "uuid": "d02cb5dc-a255-4844-b024-17941cd7d04a", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808628", "to_ids": true, "type": "filename", "uuid": "4896609f-7878-49d7-bb8a-88098d2173b9", "value": "98daf6325386d01021f7eb1d582b2588.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808628", "to_ids": false, "type": "text", "uuid": "21cf94f7-5d7a-4f70-87f7-9729ba356215", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859964", "uuid": "8effdcf8-d356-4854-9e67-29b14e0ca351", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859964", "to_ids": true, "type": "md5", "uuid": "55a3da03-63f1-4e11-bb27-2d50b6542954", "value": "a325a2073368d6d16579fbbbf3b6ef82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859964", "to_ids": true, "type": "sha1", "uuid": "527f5e6c-c1aa-469e-a454-e2d7dc88fa4e", "value": "8449837f90ab21bf1d24a92d72e9b81b92be0f23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859964", "to_ids": true, "type": "sha256", "uuid": "9dd182c4-f86f-454b-8047-fdfe47fbeac4", "value": "4a0611563a88439c0ae7fb267ffd8d9e0e9de61d923a037a0ab3964d30cc2941", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808649", "to_ids": true, "type": "ssdeep", "uuid": "6edec332-a91f-4aac-b4ad-e4df9a990289", "value": "12288:7fBzlIEXAJe6ANXYC3HAA+9xCDlwKdzcv7qy0VJMrAF2uf08Le6T:7fqQ60IWxK0YqyMjF2NQeg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808649", "to_ids": false, "type": "size-in-bytes", "uuid": "7df1e8f3-3e58-4f4a-81b9-37e216dbc64f", "value": "611610" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808649", "to_ids": true, "type": "vhash", "uuid": "dcb95a6c-f2ab-4be6-ac5e-f39a49eaebf7", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808649", "to_ids": true, "type": "filename", "uuid": "8b02a5db-0490-486b-b7df-66d71df27711", "value": "a325a2073368d6d16579fbbbf3b6ef82.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808649", "to_ids": false, "type": "text", "uuid": "49c1fb26-1df2-4286-af87-fe618509a5a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859965", "uuid": "057137a3-ff98-48fa-9a8a-3623b912f887", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859965", "to_ids": true, "type": "md5", "uuid": "803e9334-d182-4106-a0b5-df02c8e39d4a", "value": "68ce33c0497e9ead371c563ac9b5d0a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859965", "to_ids": true, "type": "sha1", "uuid": "4a88f363-ca97-4c9f-8e7c-8e3c669ea897", "value": "ee9460f6d7e0ec4f1aa37c49d957e46a598c899e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859965", "to_ids": true, "type": "sha256", "uuid": "ab61dfa8-693b-41da-8760-e5ffb0b2d1dc", "value": "a987fe2aad873eab97062164adf40bcbf713f34031fb8f570a4db5ef8de6dfe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808671", "to_ids": true, "type": "ssdeep", "uuid": "dfb8dfca-d575-4ff4-9abe-71c5ed9126e2", "value": "12288:hfnVpeyXauRl4u5NjfgOvIKyqSY97wA1bdncZ3LMT/lz8PYlfdfbEuW:h7eyXauRlv5NrjXVwA1KLEB8glfVIuW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808671", "to_ids": false, "type": "size-in-bytes", "uuid": "e92c81fe-19bf-4043-8e0e-ac78d2d1c39a", "value": "595758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808671", "to_ids": true, "type": "vhash", "uuid": "c383a970-c46b-4910-a649-796f50356363", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808671", "to_ids": true, "type": "filename", "uuid": "a6bbef59-c1b1-4a1b-b7f6-7520767e808a", "value": "68ce33c0497e9ead371c563ac9b5d0a6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808671", "to_ids": false, "type": "text", "uuid": "9aaf5f46-95a3-4542-a45f-d29bd4b8c576", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859967", "uuid": "f937fc20-aee7-45ac-89de-a59fe667d742", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859966", "to_ids": true, "type": "md5", "uuid": "e06edd97-d9e3-4209-88d7-820f23fd8079", "value": "3b0432f969f98a42bfacf3910ba0a30a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859966", "to_ids": true, "type": "sha1", "uuid": "2a576677-9428-44a1-841d-6fb32c5f484e", "value": "b00414c42d87cad756006039e3bc106bf9d07286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859967", "to_ids": true, "type": "sha256", "uuid": "fa871b1f-6afe-4cb7-844c-89034229d849", "value": "0568dbad0eac5e1912cafe853434a480b6d47c28b745fe2ca2d38df73fb318b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808692", "to_ids": true, "type": "ssdeep", "uuid": "e1facc6b-9a6d-43b7-a08a-6f8e4a91511d", "value": "12288:1fBzlIEXAJe6ANXYC3HAA+9xCDlwKdZtdOfoGGtJD8vhU8lUfELWiY:1fqQ60IWxKwjCGg5U+hWz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808692", "to_ids": false, "type": "size-in-bytes", "uuid": "72e3ac27-2d39-4372-9791-5939875d5222", "value": "611607" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808692", "to_ids": true, "type": "vhash", "uuid": "fc0b355f-0e90-4d41-b784-50ece1f416f6", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808692", "to_ids": true, "type": "filename", "uuid": "14117ab3-2e5e-44c5-8f77-73c8b207ec7c", "value": "3b0432f969f98a42bfacf3910ba0a30a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808692", "to_ids": false, "type": "text", "uuid": "4a53078f-097f-4744-a52b-2583ffa884fc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859968", "uuid": "3cca9e15-e4d0-4bc4-b9be-8110d336896f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859968", "to_ids": true, "type": "md5", "uuid": "df58cd9c-51a5-4a56-88a6-5818cdb21916", "value": "29ebe51ce86d48692fa8cabedb5134c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859968", "to_ids": true, "type": "sha1", "uuid": "bcb66375-2122-43b5-b92a-7f16e23968e1", "value": "6bf44379c13ab7a195d54fa1187230c82b68eced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859968", "to_ids": true, "type": "sha256", "uuid": "2e7b077d-2994-4d32-a9ec-8dd04fb44908", "value": "8d54ad9bd3e4bf7bb4bb34e34b6cdbb8eebdfb1918c55820493fa6999da73c6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808713", "to_ids": true, "type": "ssdeep", "uuid": "f0b3ae96-8769-4a25-92f1-afb7b32993a9", "value": "12288:dfnVpeyXauRl4u5NjfgOvIKyqSY97wA1bdncZ3LMT/lz8PYlfdfbEu2:d7eyXauRlv5NrjXVwA1KLEB8glfVIu2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808713", "to_ids": false, "type": "size-in-bytes", "uuid": "18551e89-9817-4c25-b783-cda17466f278", "value": "595758" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808713", "to_ids": true, "type": "vhash", "uuid": "aba94426-bc04-452d-bd12-71a05950a980", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808713", "to_ids": true, "type": "filename", "uuid": "43b69bb1-ba49-4b10-b810-0be8c3c6216d", "value": "29ebe51ce86d48692fa8cabedb5134c9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808713", "to_ids": false, "type": "text", "uuid": "42ca3c33-7800-4f92-adc5-0ec6dbb6b798", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859969", "uuid": "1095ef65-b5a7-44f6-a9c7-a9b6f63e9980", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859969", "to_ids": true, "type": "md5", "uuid": "49784563-12b4-433f-9c8e-8e698aebea34", "value": "a45bcaaf0eba6ef5cda14e567d9db978", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859969", "to_ids": true, "type": "sha1", "uuid": "6ef0bcca-cfe9-4a1c-a2b9-d6ee7a2f5cb2", "value": "4a8453a22eb48e140f0fdd3b94e3a8fccf6f4dff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859969", "to_ids": true, "type": "sha256", "uuid": "4fff618b-656b-43e2-b05c-332381874452", "value": "2be0aa26aacd96c086c24f04e59a279fbf2c2a052b30f60e98f50979a7b6caee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808735", "to_ids": true, "type": "ssdeep", "uuid": "24301030-d321-4267-ba82-9ef8b9ea9a1a", "value": "12288:776vbin/x+A9uaMQrYmvh4BN0RHjOAybZrfXcqFTbNw9mlQsFXt80+:75/x+I4gY4o+OzbZrfXcgN4oT0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808735", "to_ids": false, "type": "size-in-bytes", "uuid": "8d125480-fc2f-47a4-91df-7253784b7d1b", "value": "581947" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808735", "to_ids": true, "type": "vhash", "uuid": "8de75dc0-b01d-4153-b154-1f7450f7be17", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808735", "to_ids": true, "type": "filename", "uuid": "297a974a-a11c-4968-ab6b-134fcf913168", "value": "a45bcaaf0eba6ef5cda14e567d9db978.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808735", "to_ids": false, "type": "text", "uuid": "380e8e2c-b515-43e4-b061-a64972bc8283", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859970", "uuid": "57512308-217e-4daa-8665-212b3e4049c3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859970", "to_ids": true, "type": "md5", "uuid": "58638ff4-2e0e-4fe3-ad9e-e6f1274afcb6", "value": "0dea751d497dc443b3a7f422c8527eca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859970", "to_ids": true, "type": "sha1", "uuid": "595ed41e-91f3-4438-9031-e654866c2770", "value": "6c779a7ba4be76a69b0ec547a79e5f84509ecb01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859970", "to_ids": true, "type": "sha256", "uuid": "cabc3070-fbb1-4b87-98e2-6034d556af85", "value": "e8b00780a8b85f3ae142f964e669a1752ffde0992c4bec318ac80ecbab16d18b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808756", "to_ids": true, "type": "ssdeep", "uuid": "1b6e6f9d-9154-4b1f-8cac-94348e83b256", "value": "12288:Jfj8cJdT026cyGIgjUqJBeo2pWMpafc9f94xt8X:Jr8cJB026cyyUqJBNEPpaUl9UuX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808756", "to_ids": false, "type": "size-in-bytes", "uuid": "5d78789a-8fdf-42bb-bce6-b7a07f713a39", "value": "595721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808756", "to_ids": true, "type": "vhash", "uuid": "acb0c6ab-6867-45c2-ac5c-5adb45f2d056", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808756", "to_ids": true, "type": "filename", "uuid": "a942f536-2826-4e7d-bc97-dfb081bb648a", "value": "0dea751d497dc443b3a7f422c8527eca.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808756", "to_ids": false, "type": "text", "uuid": "aa7f9be9-0f09-45dd-a717-aa923594953f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859971", "uuid": "b4e8a204-fd83-4e4f-a1a8-58b25ae4b8e6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859971", "to_ids": true, "type": "md5", "uuid": "2f4d6d59-7fed-4163-96e1-d991fcd4e190", "value": "dd837657e58fe88545ecaacdf696e3dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859971", "to_ids": true, "type": "sha1", "uuid": "64309917-c5a2-45ad-821b-357476012394", "value": "ee073e97acebdeabdedc0c150af426f2fe6f129c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859971", "to_ids": true, "type": "sha256", "uuid": "7bece35d-1c17-4686-a8a5-d5eebcd0391b", "value": "9b5baa7dc02f2077273aef16dff8f458b8eab8c31023f58b63fb5c424106a5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808777", "to_ids": true, "type": "ssdeep", "uuid": "bb57bf42-44fc-4756-9fda-28d723a01ce9", "value": "12288:Ev43QWVjTgGSSvNCQwpSHK6VoaAYnGtGTxeXcqFTbBglQCv5Whlu:EYVjTgow9OAY+6xeXcgBEhIlu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808777", "to_ids": false, "type": "size-in-bytes", "uuid": "ac96aad6-f7a2-4450-8d47-d97de07c6500", "value": "581953" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808777", "to_ids": true, "type": "vhash", "uuid": "686da50e-0e35-490d-b628-36e8afb9806e", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808777", "to_ids": true, "type": "filename", "uuid": "cdee5741-163c-4667-b553-7c3e8a9b6107", "value": "dd837657e58fe88545ecaacdf696e3dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808777", "to_ids": false, "type": "text", "uuid": "4755363d-61b7-4047-b792-6f064b1f3b23", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859973", "uuid": "70a801cf-cba0-4be6-a354-dd0eac63d409", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859972", "to_ids": true, "type": "md5", "uuid": "f80fdba6-7fcd-4ccf-bb2b-c74293c0a654", "value": "9e89d09c64f08fc080bbeb0910a3c748", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859972", "to_ids": true, "type": "sha1", "uuid": "79c737c9-c6fe-44c7-b465-d7da643b0f96", "value": "76c603212b81b6e030fdc7a57ae6e8820e0485e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859973", "to_ids": true, "type": "sha256", "uuid": "84e34be5-4f87-47d8-8ec8-deff3ca56f42", "value": "c3865a248e20767a4b552a0b96e4a4edf42d594663b46a823eb1f8e1f6960be4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808798", "to_ids": true, "type": "ssdeep", "uuid": "332dd10b-7d43-4546-8ee3-47209007791b", "value": "12288:ZfBzlIEXAJe6ANXYC3HAA+9xCDlwKdRTrfl2Bm6VJq7iF2koyLcXx:ZfqQ60IWxKgnM0SiiF2koCcB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808799", "to_ids": false, "type": "size-in-bytes", "uuid": "933cb6f3-e83c-455d-b784-74a60df96bfb", "value": "611609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808799", "to_ids": true, "type": "vhash", "uuid": "4056dc72-fc5d-497e-a664-56c5e37628a1", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808799", "to_ids": true, "type": "filename", "uuid": "f034b867-0491-4909-9435-0fb0f545e402", "value": "9e89d09c64f08fc080bbeb0910a3c748.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808799", "to_ids": false, "type": "text", "uuid": "09d3ea35-0c38-4fae-8a33-2cfb9e99dbd1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859974", "uuid": "01961844-96e8-4070-9c66-1049bd1d133e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859973", "to_ids": true, "type": "md5", "uuid": "ad3289fc-1a31-4fa6-82ff-be8febfa2848", "value": "ebcb74e348306f3152c589d93e5be6d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859974", "to_ids": true, "type": "sha1", "uuid": "f09d24c1-c3fc-4277-adfd-717306940f9f", "value": "cb93a224daf89565312850f0a19e3a11f14fd8ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859974", "to_ids": true, "type": "sha256", "uuid": "882ed51d-f7ac-4c57-b6a3-2cc8163a5bc7", "value": "7846b750705c413a42e144687f829cd99a76db6032d0a0fa6b977b0f3d893dfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808820", "to_ids": true, "type": "ssdeep", "uuid": "fe0dc58b-865d-4258-8bfd-87265c1ca1b3", "value": "12288:dfTP0S0UX7cyOrQssMQU3SdvTchj9/m3q05dpDYkE91dCen2pg/ut:drGULcyOrQsJn3SdvTIO6mMsXt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808820", "to_ids": false, "type": "size-in-bytes", "uuid": "3b8b5c93-e378-47d3-8aa0-203cf50a31f1", "value": "595810" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808820", "to_ids": true, "type": "vhash", "uuid": "98aecb55-f3d7-4114-822d-c98ed3882829", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808820", "to_ids": true, "type": "filename", "uuid": "2b4995cf-779c-438e-9581-985710f1c77c", "value": "ebcb74e348306f3152c589d93e5be6d7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808820", "to_ids": false, "type": "text", "uuid": "074f1bd7-48e5-44fc-b342-b56781493255", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859975", "uuid": "75809af5-d763-4688-ad72-e8f17a7549ab", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859975", "to_ids": true, "type": "md5", "uuid": "63d20e9b-911d-4337-9788-dcf5588a39b7", "value": "be1b04f01c081c06c8cc22c4a1f5913d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859975", "to_ids": true, "type": "sha1", "uuid": "3ee2434e-c993-4695-b65b-75e856f2dcc1", "value": "0d6fcce08fa0329ad140a02dfcf91ee8a055911c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859975", "to_ids": true, "type": "sha256", "uuid": "02b87d61-6e30-4a2a-a4c0-bcb3b8ea696a", "value": "1f8e72703358e6c89e0e231730195408e118c4b27d0d73b94c06abefb643c25c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808841", "to_ids": true, "type": "ssdeep", "uuid": "674ff85d-2d0e-486f-9636-938a09ec1511", "value": "12288:+yPJD3kDq188LwSylCY4E/cW+mHlfSb4fUeGjvK7Ya+v4V8K9OnQ:+gDWyxc4E/c8Hlfh1Ya+v4990Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808841", "to_ids": false, "type": "size-in-bytes", "uuid": "80946e4b-dd94-4a94-8ac8-471b7761450d", "value": "604834" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808841", "to_ids": true, "type": "vhash", "uuid": "93c64e0d-de73-4be8-9081-535d35b30d24", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808841", "to_ids": true, "type": "filename", "uuid": "ea696f92-0772-454e-af9f-e738976087ad", "value": "be1b04f01c081c06c8cc22c4a1f5913d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808841", "to_ids": false, "type": "text", "uuid": "1c0bae91-d2bb-4ef2-b15a-060d1760623d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859976", "uuid": "2240a784-1825-4658-9e27-a2ad345e18b3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859976", "to_ids": true, "type": "md5", "uuid": "914ebcce-2664-4c2d-8ef7-dafaaee0ace0", "value": "0556d3af0b1bf13bd3008c760ddb0832", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859976", "to_ids": true, "type": "sha1", "uuid": "1410cfc8-23e3-4971-837c-0d1ace0220f2", "value": "4a96080b61a3ecd4fa74458c679a1fa676ec606b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859976", "to_ids": true, "type": "sha256", "uuid": "7864f835-feb2-49aa-92f8-4353cebe5e7a", "value": "c761e944078811788cc8be175bd4616eb6287d29beb04c853398674e7709be19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808862", "to_ids": true, "type": "ssdeep", "uuid": "9bc24189-3984-4c0c-8538-e467f8c0b710", "value": "12288:WfBzlIEXAJe6ANXYC3HAA+9xCDlwKdqL9JpW89PDjbFolGGaa7JhFkN+K1ros4Hn:WfqQ60IWxKZ9ltjWGGaAJhFkNv1MNJYk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808862", "to_ids": false, "type": "size-in-bytes", "uuid": "7ce164df-4eee-4519-bf8e-c30a2b2d6a5f", "value": "826824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808862", "to_ids": true, "type": "vhash", "uuid": "92579e77-3b98-47cd-8e52-8caed216b39d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808862", "to_ids": true, "type": "filename", "uuid": "33aa4713-6ef3-4873-bedb-c787d006d55f", "value": "0556d3af0b1bf13bd3008c760ddb0832.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808862", "to_ids": false, "type": "text", "uuid": "642cbb02-5144-4ca9-ada5-ed55b22da2bf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859977", "uuid": "2cd4ac12-0b34-4c0f-8e00-8fa4b8cbf4b7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859977", "to_ids": true, "type": "md5", "uuid": "54ab2182-9e3a-4626-a166-c1122b207999", "value": "ad508cc2cbe1e1c364a08c520852bbfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859977", "to_ids": true, "type": "sha1", "uuid": "4bd97342-fd0a-4e46-b1e7-0ac1d5f6196f", "value": "2abffd3e17ac3a61dd21cc550387053c9b657026", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859977", "to_ids": true, "type": "sha256", "uuid": "fca013de-1642-4cdb-9965-e97f6e6aa5f9", "value": "838592f17c1e69ccd5ecefeea6bfc8c49b57c86830f867896fb8e59fd300adf6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808884", "to_ids": true, "type": "ssdeep", "uuid": "c10e4fd1-c3e1-4d88-a987-7c7324b9aea7", "value": "12288:JfBzlIEXAJe6ANXYC3HAA+9xCDlwKdYfG/G6Vy+d+UGBLCIU:JfqQ60IWxKxO/G63dqCJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808884", "to_ids": false, "type": "size-in-bytes", "uuid": "6c39e02c-b875-4246-b547-643bd592a276", "value": "611595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808884", "to_ids": true, "type": "vhash", "uuid": "ee18a736-a95b-434d-8410-e73714e555cb", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808884", "to_ids": true, "type": "filename", "uuid": "5c8f6bd3-f9a8-4df5-9301-2498d2fcef1a", "value": "ad508cc2cbe1e1c364a08c520852bbfb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808884", "to_ids": false, "type": "text", "uuid": "a1bb8c85-9dcc-4a35-a62b-7a315d278ed1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859978", "uuid": "286fb895-1d57-4116-b014-a17ff7ff08eb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859978", "to_ids": true, "type": "md5", "uuid": "c7af9dca-9e0a-475d-a9e6-b053a4fb2422", "value": "7fb4b564ce6641f8a6c682bb4c0dd296", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859978", "to_ids": true, "type": "sha1", "uuid": "93f9e055-5dbd-4c24-9717-04bcf2b06ef8", "value": "0f2a280fe2422b153b1c6bfe3f1ee5636194d29b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859978", "to_ids": true, "type": "sha256", "uuid": "377e5706-18fc-4a01-8cd5-ae616fc8afc0", "value": "0d8e3cd3d00fc09ae0d15b01b9aa6a42bdc74c2b91b7d2e6deb1c5e24a8abdd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808905", "to_ids": true, "type": "ssdeep", "uuid": "e4da7f85-ed63-44dd-a3a3-2a5451f8b16c", "value": "12288:NfBzlIEXAJe6ANXYC3HAA+9xCDlwKddLlg/HsOv8QPNQPFUwcr+cp+MSOhT3qoYY:NfqQ60IWxKqlCNQP7g+cAcd1YY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808905", "to_ids": false, "type": "size-in-bytes", "uuid": "c6edc1f0-092c-4bad-92b2-f050560d3d6d", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808905", "to_ids": true, "type": "vhash", "uuid": "f77cfcd7-5189-4bd4-bcc8-f3046eb954b5", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808905", "to_ids": true, "type": "filename", "uuid": "5436578d-896c-41fb-972a-63a00dd65253", "value": "7fb4b564ce6641f8a6c682bb4c0dd296.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808905", "to_ids": false, "type": "text", "uuid": "9a4d6fa9-ddbf-4fa0-91dd-f75bf8802c6b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859979", "uuid": "961dace0-6542-4bc3-852f-5a75f1ee67c1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859979", "to_ids": true, "type": "md5", "uuid": "e621778b-9e00-4f47-b519-10c201a559c6", "value": "baa48874af9d2b87221aaa325f155111", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859979", "to_ids": true, "type": "sha1", "uuid": "84ba7fd5-76fd-4c92-ac64-b3a78673ee1b", "value": "6bd64722216ce72e28ae2c18c66e3f848df99275", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859979", "to_ids": true, "type": "sha256", "uuid": "c1ad2b93-bec3-4f3b-8159-01ca6b946cec", "value": "b56229ab97ef77bafe8834f305122209c881094a08bf59bf8c37b9237518c764", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808926", "to_ids": true, "type": "ssdeep", "uuid": "99223a8a-9ff9-455a-ba94-11fc233aecd5", "value": "12288:ZfBzlIEXAJe6ANXYC3HAA+9xCDlwKdSL1JSipSUrBH8uyWPcvaKCdcDpxmWgV:ZfqQ60IWxK11c6SUrBH8uJtdcDr+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808926", "to_ids": false, "type": "size-in-bytes", "uuid": "2a74d1c8-30b6-4b37-8fea-69b49ff89728", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808926", "to_ids": true, "type": "vhash", "uuid": "57678ffe-f293-4d16-a45e-759bc179db8f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808927", "to_ids": true, "type": "filename", "uuid": "3fb3aab7-e0e4-4478-a69d-4ba54dbbd36b", "value": "baa48874af9d2b87221aaa325f155111.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808927", "to_ids": false, "type": "text", "uuid": "85c45d5e-151e-44ce-98bd-db7eb0f1aa66", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859980", "uuid": "3e39c4c3-9006-492f-87af-1038a984abaa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859980", "to_ids": true, "type": "md5", "uuid": "2e16cdf2-c8f0-4c32-abd5-1bdc7c22367b", "value": "5df183ebe43c60ad7e886f71b1c339a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859980", "to_ids": true, "type": "sha1", "uuid": "75b30d33-ff73-444b-aae6-ac0acca95d14", "value": "3f2286c4e1d081400fe5b10600934df65e6b20f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859980", "to_ids": true, "type": "sha256", "uuid": "38a808b1-c5e4-4c6f-9b3c-d8cccfd2b0c7", "value": "bb4683221571511fde92f429b15193e172b3bce9cbbf0a73bed86ecd4836abd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808948", "to_ids": true, "type": "ssdeep", "uuid": "1236c024-61ad-4580-ad0b-304854c6f775", "value": "12288:zfBzlIEXAJe6ANXYC3HAA+9xCDlwKdjfG/G6Vy+d+UGzLKyN:zfqQ60IWxKeO/G63d8KS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808948", "to_ids": false, "type": "size-in-bytes", "uuid": "06c9182d-3a14-425c-9dee-6bb5db4f760b", "value": "611595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808948", "to_ids": true, "type": "vhash", "uuid": "73887c59-7007-4bab-a106-e3ce9be55300", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808948", "to_ids": true, "type": "filename", "uuid": "f3e084f7-0f8e-4882-8e14-cc9abfd9b489", "value": "5df183ebe43c60ad7e886f71b1c339a9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808948", "to_ids": false, "type": "text", "uuid": "6f3078bf-c0f9-4989-a678-4599d986e375", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859982", "uuid": "ae5fee11-2871-4c46-a2f8-6eded8fcbd65", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859981", "to_ids": true, "type": "md5", "uuid": "80991584-cfe2-454d-965c-b49bdb620481", "value": "460a800dc621022cb80a2f8649ef352f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859981", "to_ids": true, "type": "sha1", "uuid": "ac88387d-b0dd-4657-892f-73f7f4fcdcea", "value": "cf9b88c79f963d3e744cc3807992cc638e01912e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859982", "to_ids": true, "type": "sha256", "uuid": "4f42f525-68ca-4111-b9f2-86ba84e63ddf", "value": "af5c70c13c787ff907380a12a2bd62271380ec34cd213059fb03865dfbf9d79c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808969", "to_ids": true, "type": "ssdeep", "uuid": "5d6179c8-faa3-4f58-9025-25e1476dfa9a", "value": "12288:0mfBzlIEXAJe6ANXYC3HAA+9xCDlwKdEfG/G6Vy+d+UGxLG4h:0mfqQ60IWxKlO/G63dqGc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808969", "to_ids": false, "type": "size-in-bytes", "uuid": "f461a9cc-a921-40c7-a0a6-e3983579e13c", "value": "611595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808969", "to_ids": true, "type": "vhash", "uuid": "caa47689-ff5a-4fba-adfd-ec0650102b33", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808969", "to_ids": true, "type": "filename", "uuid": "d2331fdd-00ac-49ef-af24-a2cb4f0d69f2", "value": "460a800dc621022cb80a2f8649ef352f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808969", "to_ids": false, "type": "text", "uuid": "ca373893-73e7-4b5b-8348-8fba10d97ebe", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859983", "uuid": "3b1385a6-c5c1-4489-9924-6f15aacf03ae", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859982", "to_ids": true, "type": "md5", "uuid": "b7ad9709-1949-4483-958a-bc50923e63a5", "value": "a8913cc85ecd1c40bfdc5a3a788894ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859982", "to_ids": true, "type": "sha1", "uuid": "895a261e-a6f9-4223-9622-eb229e45e8e8", "value": "eef463530fff552be5aa0143bfa61de18ebf754b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859983", "to_ids": true, "type": "sha256", "uuid": "bb5b726d-a88b-42b0-a9fd-9ef2d8a3023c", "value": "5a5424ae94171ce6e6613411665e23bced74dac8991a9c734ff1577e810fe51a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740808990", "to_ids": true, "type": "ssdeep", "uuid": "28e09329-8887-4c39-98e8-6390ab3c5cca", "value": "12288:zfBzlIEXAJe6ANXYC3HAA+9xCDlwKdrfG/G6Vy+d+UG/LGyx:zfqQ60IWxKaO/G63dUGG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740808991", "to_ids": false, "type": "size-in-bytes", "uuid": "854a3cb2-fc5b-4e8e-9aaa-a1bb1d1c8c65", "value": "611595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740808991", "to_ids": true, "type": "vhash", "uuid": "9cc93687-b506-4daa-805d-d6607783ccfa", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740808991", "to_ids": true, "type": "filename", "uuid": "19ac5479-a28a-47ae-b03e-f0d5be51d0f3", "value": "a8913cc85ecd1c40bfdc5a3a788894ea.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740808991", "to_ids": false, "type": "text", "uuid": "1e0fef90-a27b-43fb-87f5-5fa6060175bd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859984", "uuid": "71e19c87-e76e-4fcf-a562-ffa5ae22e25a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859983", "to_ids": true, "type": "md5", "uuid": "44254d54-2aab-41bd-855a-7941cd541c44", "value": "ec499164c6cc507787052cc83cfaa6f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859984", "to_ids": true, "type": "sha1", "uuid": "5fccd5ef-aa29-41f6-b964-ce2497436ddb", "value": "bcf5437c76aa3cab567da4ab822d9d4de83736b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859984", "to_ids": true, "type": "sha256", "uuid": "97b5fc16-f712-49b5-b9bc-7348980e94ea", "value": "49614bbb1523dccd17832cf4ad66eac99d3407b9bd7f9d3dc652dbde23440b8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809012", "to_ids": true, "type": "ssdeep", "uuid": "b746669e-6177-404b-933f-6ce5845f8b53", "value": "49152:Lf1607KsnNzqWyiRkwpoAv4BA4ZFL3skWUBHE8fz:LI0tNzq2RkgoAvoAosS5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809012", "to_ids": false, "type": "size-in-bytes", "uuid": "f752eda1-bbdf-4759-a02c-292185e21fab", "value": "1722780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809012", "to_ids": true, "type": "vhash", "uuid": "188fb18e-70e6-4bf1-8c3c-05ead4f7b1fc", "value": "8747e2cffd9ff515b8d62fcdf71dade9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809012", "to_ids": true, "type": "filename", "uuid": "173bcd9b-45e5-4c4c-af71-7c4ceb2a84f0", "value": "ec499164c6cc507787052cc83cfaa6f0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809012", "to_ids": false, "type": "text", "uuid": "bf968846-1686-480d-9e9b-e628c940203c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859985", "uuid": "433413f2-88c2-4406-969f-63b4b10e504b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859984", "to_ids": true, "type": "md5", "uuid": "2834183e-e18e-43f7-a53a-def1d4ef9595", "value": "66b80a5affb2faf0219608eccb11c64c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859985", "to_ids": true, "type": "sha1", "uuid": "95b347ba-8bc9-42ab-8aa3-5880d54a7620", "value": "dd40d6a05cba394a3c3cf4f3e2d6b822e9602cde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859985", "to_ids": true, "type": "sha256", "uuid": "efb1afcb-a7d9-4b60-aaa0-0ec560e061c4", "value": "1e6173b08ee74e33d0613d2833cdc0fa21cabefdab4d058ba2d814083dc3bea9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809033", "to_ids": true, "type": "ssdeep", "uuid": "8b67e264-23e9-4f74-a9b8-b4dff918986a", "value": "12288:QfBzlIEXAJe6ANXYC3HAA+9xCDlwKdbfG/G6Vy+d+UGsL0du:QfqQ60IWxKqO/G63dP0Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809033", "to_ids": false, "type": "size-in-bytes", "uuid": "0c2f2734-352f-414e-ba5d-1f1c42c7d2d4", "value": "611595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809033", "to_ids": true, "type": "vhash", "uuid": "f07e67ab-9a78-4d12-8ae8-417e26dd4c23", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809033", "to_ids": true, "type": "filename", "uuid": "6e60eac4-0b72-4e8b-85bc-e0d2a313be5f", "value": "66b80a5affb2faf0219608eccb11c64c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809033", "to_ids": false, "type": "text", "uuid": "6ba47f7d-2bc6-4598-b760-20193169e41b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859986", "uuid": "de308e2e-3809-47b3-9e4b-4469cb31d88c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859986", "to_ids": true, "type": "md5", "uuid": "860334ae-d94f-4e12-9137-f7177a32b5ff", "value": "2380db68674bad7710285ddf7aa34856", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859986", "to_ids": true, "type": "sha1", "uuid": "48768e4f-e9c3-4245-8620-56f369562703", "value": "64863b4a3cf338584cbcf304f2bcd680102cdff5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859986", "to_ids": true, "type": "sha256", "uuid": "150cdc2f-1026-458d-b59e-beba9812cc03", "value": "bd5867d1b941c0ba144eab7a48d347ea0a797cf2ae3fbb2858e882189f595852", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809055", "to_ids": true, "type": "ssdeep", "uuid": "51b70746-7a5d-45ff-8b41-5e3b5e0a045b", "value": "12288:dfBzlIEXAJe6ANXYC3HAA+9xCDlwKdQLpDbipSUrBH8uyWPcvaKCdcDpxmWgK:dfqQ60IWxKvpX6SUrBH8uJtdcDrB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809055", "to_ids": false, "type": "size-in-bytes", "uuid": "41ba4f56-8a77-4914-800c-a7cee6ad76c9", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809055", "to_ids": true, "type": "vhash", "uuid": "98ccac72-f95a-4e2a-a1ef-1841e365705a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809055", "to_ids": true, "type": "filename", "uuid": "991816fb-87e2-43a3-bbe3-6b893ece20ae", "value": "2380db68674bad7710285ddf7aa34856.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809055", "to_ids": false, "type": "text", "uuid": "3860755b-b0de-443e-8ab4-5b53472d3a05", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859987", "uuid": "78e70cc1-aadd-4a94-b843-3422e3388409", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859987", "to_ids": true, "type": "md5", "uuid": "7ca7ed1d-05e6-4359-afa0-ed85c4761238", "value": "e57654657366eb1d5c931519029d9330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859987", "to_ids": true, "type": "sha1", "uuid": "b071c7d0-26cd-487c-90cc-dd80b8fbfbd2", "value": "0e3878116163aa642aa69dc87da736d796072436", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859987", "to_ids": true, "type": "sha256", "uuid": "5c335659-d0c3-4344-98d9-6ff0ac68903f", "value": "33f30edff6c588a1aaef9606b896a637384e0a1de5f13fadd5489ad5a8456713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809076", "to_ids": true, "type": "ssdeep", "uuid": "4512308e-ba34-4c71-8bad-d2937f75b166", "value": "12288:ifBzlIEXAJe6ANXYC3HAA+9xCDlwKdjRE7sd+JaN2B4TjL248:ifqQ60IWxK0Laa2p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809076", "to_ids": false, "type": "size-in-bytes", "uuid": "1c7699c1-2aee-49f2-904b-4b8c1d0f404e", "value": "611609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809076", "to_ids": true, "type": "vhash", "uuid": "69194389-d27b-498c-9a68-763a5301b880", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809076", "to_ids": true, "type": "filename", "uuid": "31d67466-a5e6-4c2d-b28e-8e3a90f94b69", "value": "e57654657366eb1d5c931519029d9330.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809076", "to_ids": false, "type": "text", "uuid": "c5502530-8cff-442a-8f0f-8b2f66727074", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859988", "uuid": "6a8634e9-b999-4aa4-ad39-1ab98dec9852", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859988", "to_ids": true, "type": "md5", "uuid": "dc10b211-5e23-4d93-bc91-28b0100f5ef1", "value": "f7167fba63bb47f4cae2b8aa8d1b79aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859988", "to_ids": true, "type": "sha1", "uuid": "910b03c5-04ee-4cb1-8189-b1c05e4f5511", "value": "038649c067d72a5e6a08df10545149c0d805becc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859988", "to_ids": true, "type": "sha256", "uuid": "71fb3a0a-6a9c-4ef9-8bca-24d3171634fc", "value": "ddd78e86a0de0363981cdcb924331847bf4826fa65df634e9b23c0ce38a19816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809097", "to_ids": true, "type": "ssdeep", "uuid": "1f68ec24-c67d-46eb-bf73-3a2281a6d26b", "value": "12288:9fBzlIEXAJe6ANXYC3HAA+9xCDlwKddLlIvHsOv8QPNQPFUwcr+cp+MSOhT3qoYI:9fqQ60IWxKqlaNQP7g+cAcd1YI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809097", "to_ids": false, "type": "size-in-bytes", "uuid": "256b8e62-56f3-4ece-8250-3092dacd4853", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809097", "to_ids": true, "type": "vhash", "uuid": "a4abc93e-d9f7-4fc9-92d0-b824e15925f0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809097", "to_ids": true, "type": "filename", "uuid": "97fff0b6-e557-422e-8a00-1f3ec8bd8b90", "value": "f7167fba63bb47f4cae2b8aa8d1b79aa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809097", "to_ids": false, "type": "text", "uuid": "e443b3e9-7147-41ce-ab5e-800a580c43f5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859989", "uuid": "1c4b72dd-2823-4186-9382-f2b981739621", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859989", "to_ids": true, "type": "md5", "uuid": "b4f144df-008c-4688-b997-62cf264d16f9", "value": "0f5df1e0b90f0a86ffd5f229ef2f517b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859989", "to_ids": true, "type": "sha1", "uuid": "c62f8805-1cca-480e-b268-f748d05e57c1", "value": "267c0b45df39344e14b7a7981cb5ee42c8ea9a49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859989", "to_ids": true, "type": "sha256", "uuid": "514d139a-4e32-470e-a501-9b79c5edd8ff", "value": "3dd87c45b0de4162bb55e1967a8b03e03d54341110d2baad510eec74abd20031", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809119", "to_ids": true, "type": "ssdeep", "uuid": "61042b1e-2d34-4395-83fd-9fc09013b635", "value": "393216:widNTQupR+gO9vLim7Wwq95NbbLJBc7DocKwckTp:XphpogO9vLi+Wwq9jPL/cXocKwcW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809119", "to_ids": false, "type": "size-in-bytes", "uuid": "a3f2360b-9acf-4995-8d7e-8cd9139158ba", "value": "16867962" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809119", "to_ids": true, "type": "vhash", "uuid": "1e756019-8d5f-4d91-98a7-71ad1847ab90", "value": "01bd3af75cad29a28e3ca1ac0e841f26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809119", "to_ids": true, "type": "filename", "uuid": "3af538b0-0e63-472a-8850-ac836fb8b0fd", "value": "0f5df1e0b90f0a86ffd5f229ef2f517b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809119", "to_ids": false, "type": "text", "uuid": "fa068e9e-7694-4adf-b504-e0de5b61f4b4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859990", "uuid": "f0ff5473-6cd8-44be-aa3d-d65540f4b837", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859990", "to_ids": true, "type": "md5", "uuid": "cc2359b3-1229-4be2-8d49-b47da62f7de7", "value": "ade8be980e232afa460dacad826453f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859990", "to_ids": true, "type": "sha1", "uuid": "7e7e4082-ff3f-4a33-8945-56d482deab39", "value": "921308061a3557f8726c47e573c05fb5ff32b384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859990", "to_ids": true, "type": "sha256", "uuid": "63f87cb7-89d4-4d51-bc77-6d9ea602c9ea", "value": "5977d18b4b13d9df7f6a7f2eb4c9d8cc7b8ab07c4f6a70617d5fdfc10c9dbddb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809140", "to_ids": true, "type": "ssdeep", "uuid": "66fa7b66-dd9e-4ba4-8554-dd0891af6079", "value": "98304:fyDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrKGI0RjKkTW:6DUC2n/zgMs6uzvNOAQi4IxgYrK4RKki" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809140", "to_ids": false, "type": "size-in-bytes", "uuid": "c73f277a-8d32-407d-96bd-69dade1630dd", "value": "5621074" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809140", "to_ids": true, "type": "vhash", "uuid": "559d66ac-8765-4579-8579-8fca59044df8", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809140", "to_ids": true, "type": "filename", "uuid": "dcad9d5b-34e7-45e2-b9bc-ff0fe5853a5e", "value": "ade8be980e232afa460dacad826453f5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809140", "to_ids": false, "type": "text", "uuid": "8c0a33dd-2f16-4c43-9f85-e3ccea592d76", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859991", "uuid": "ba4c30aa-e676-45d3-b10f-b222407d8231", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859991", "to_ids": true, "type": "md5", "uuid": "350f5311-da7b-47e4-bcf2-e98c108e39da", "value": "b76f060e4980af26cceecf5ec6fe37b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859991", "to_ids": true, "type": "sha1", "uuid": "a606c7dd-1577-440e-8a46-170ede2eb8d3", "value": "9b5b22ff6ebde900e2d85cc52c5e1d3640925bca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859991", "to_ids": true, "type": "sha256", "uuid": "d77eff53-2ee0-4f04-a0e8-d8a9fdae125d", "value": "2725b364a57c08b65e5b4a52e5bf27384296e301abbbc5f25ee92f01079ce364", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809162", "to_ids": true, "type": "ssdeep", "uuid": "a2f2f6a7-f0ff-4074-9bd6-f152d8a8164d", "value": "12288:9fBzlIEXAJe6ANXYC3HAA+9xCDlwKdrKyfEW6jLoMaE0v5VfnKQ5ZX7251UPXEYX:9fqQ60IWxKEKypltXvrX7a1NK+QC0cI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809162", "to_ids": false, "type": "size-in-bytes", "uuid": "ee2f2ab8-056d-4a25-9abd-c79f86c90c86", "value": "887911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809162", "to_ids": true, "type": "vhash", "uuid": "342d443c-551d-4971-a444-22d4377e0736", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809162", "to_ids": true, "type": "filename", "uuid": "b21b76d9-4e58-4a6c-9b3f-704553c9417f", "value": "b76f060e4980af26cceecf5ec6fe37b9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809162", "to_ids": false, "type": "text", "uuid": "a3f29c07-f370-45b3-8fe7-d089811b75a3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859992", "uuid": "45d97166-f46a-4c95-be1b-09b3b3f9b4fc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859992", "to_ids": true, "type": "md5", "uuid": "01cb02d5-41b9-4814-88b5-86fa3dc3d332", "value": "aad475d9b640b63e92c8907bbb23d7c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859992", "to_ids": true, "type": "sha1", "uuid": "508bc52a-bf03-40bc-83ea-cf5315c0442d", "value": "0fe95613ba4dd0c74ad7a9fa9c022834ca7f1518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859992", "to_ids": true, "type": "sha256", "uuid": "7ddfd518-1080-4cae-8d5d-96b603d80595", "value": "03e6917de9d493263583b2057e5a8054c8a25b3d20be4f60f56de37ddf88330d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809183", "to_ids": true, "type": "ssdeep", "uuid": "418b8731-855c-45c3-ab3f-e68dd65079b1", "value": "98304:Ub2VpMW2jWu28oRVE2O5bzQMKX3DGb3o2lTeuJ4PUlJcx6XLOYMFGWI0MjJkT1:Ub+pAPxYHDGb3BlfJ48VLIFdgJkT1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809183", "to_ids": false, "type": "size-in-bytes", "uuid": "d02815af-fbee-47ee-be60-89d0ae16865e", "value": "5860968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809183", "to_ids": true, "type": "vhash", "uuid": "885fc2f1-f2fe-45eb-a9f4-42574075e179", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809183", "to_ids": true, "type": "filename", "uuid": "5dbd8294-cfad-444d-b3af-fc074e63c203", "value": "UDS-Trojan.AndroidOS.Boogr.gsh-03e6917de9d493263583b2057e5a8054c8a25b3d20be4f60f56de37ddf88330d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809183", "to_ids": false, "type": "text", "uuid": "28aaff38-447f-4b6b-8c09-34cbf431cba4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:27/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859993", "uuid": "1065ffaf-7e92-4929-aa55-8fc56ba7c433", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859993", "to_ids": true, "type": "md5", "uuid": "141a495f-793e-4e32-a63d-a55df90b67c0", "value": "bd8a96818bb1f9a134856b7e47015499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859993", "to_ids": true, "type": "sha1", "uuid": "88088a78-bde4-4b81-8796-d43ff9005010", "value": "8771154eab866298223dec79bc8daae1b642b99d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859993", "to_ids": true, "type": "sha256", "uuid": "c2c1bcaa-a40f-4f30-8bc0-1ffa0b006af2", "value": "fc271be47fe317ba421f20fa4314c55a03e9fe521e24f00965b10b6109c97c1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809205", "to_ids": true, "type": "ssdeep", "uuid": "0312e77a-bbbb-478a-9a93-b4697d85d568", "value": "98304:PPg04Tijss4xxv5r/d/+2QuKIKI0Qywi3kT8:3PocshxBr1G2QuKvQywukT8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809205", "to_ids": false, "type": "size-in-bytes", "uuid": "521e887f-4212-4146-8e73-27c04c7a616b", "value": "3755624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809205", "to_ids": true, "type": "vhash", "uuid": "04480d30-d39d-42d2-aa6f-6749570645eb", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809205", "to_ids": true, "type": "filename", "uuid": "7f3b21dd-4969-4f07-b09a-97dfc72889ed", "value": "bd8a96818bb1f9a134856b7e47015499.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809205", "to_ids": false, "type": "text", "uuid": "6743e91e-d928-430d-b04d-897523d5acb1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:25/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859994", "uuid": "91b12a8f-2bff-4b3c-9503-aa84312ca886", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859994", "to_ids": true, "type": "md5", "uuid": "47cf076c-b2b8-4e86-a744-25a85e2e815f", "value": "cec097ab633335ce6f2fe9ef16a40043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859994", "to_ids": true, "type": "sha1", "uuid": "45ba4814-1faa-4865-ac76-3354fdb7dd86", "value": "a07966f8737d416c31d54903063fd362b5244fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859994", "to_ids": true, "type": "sha256", "uuid": "b5c12f41-4963-4643-8b92-d2b35b0842dc", "value": "102ab640d8206bb95d12efc70d2addccae8cf1ccc710342b74e1c61e9a9a2380", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809226", "to_ids": true, "type": "ssdeep", "uuid": "a3fbb972-1900-4f5f-8e78-fd8a3402c84e", "value": "98304:IyDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrK+I0RkT6:PDUC2n/zgMs6uzvNOAQi4IxgYrKARkT6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809226", "to_ids": false, "type": "size-in-bytes", "uuid": "1489701a-6901-48d9-a03a-0d401d4e0be2", "value": "5621319" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809226", "to_ids": true, "type": "vhash", "uuid": "7105904b-932c-4ba1-9d02-61629d3683c1", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809226", "to_ids": true, "type": "filename", "uuid": "b4aff0a8-fbf1-4fe5-8c56-0200e80e3c4f", "value": "cec097ab633335ce6f2fe9ef16a40043.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809226", "to_ids": false, "type": "text", "uuid": "d9da31a9-ac6f-4882-82b6-71b493038127", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859995", "uuid": "e5ce502e-fff8-4064-a940-04bd58801ec2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859995", "to_ids": true, "type": "md5", "uuid": "2cf11c91-5047-4e92-8da4-3c145ca8c463", "value": "efc219a1db302c35266f035095076c58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859995", "to_ids": true, "type": "sha1", "uuid": "c4c074df-319a-4f07-819f-14a2246b4940", "value": "d0a5f0c89919c77082cf9b29fd3467817d5c9d1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859995", "to_ids": true, "type": "sha256", "uuid": "51a254d8-66d9-42a2-8e35-461c1cc080ae", "value": "08483541bff577686eb8add67b666bcc00bb10ed273ce06fea3c0b13d5c26cd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809248", "to_ids": true, "type": "ssdeep", "uuid": "2e7358a6-6361-40d4-b9a6-003f17cde9d8", "value": "98304:wb2VpMW2jWu28oRVE2O5bzQMKX3DGb3o2lTeuJ4PUlJcx6XLOYMFGfI0DkTG:wb+pAPxYHDGb3BlfJ48VLIFuDkTG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809248", "to_ids": false, "type": "size-in-bytes", "uuid": "1fe3723b-2087-4d77-889e-c4a8c000a4a0", "value": "5861213" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809248", "to_ids": true, "type": "vhash", "uuid": "47eb0409-b4fd-4243-874c-3b1ff6ceb1a9", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809248", "to_ids": true, "type": "filename", "uuid": "bf9018af-13b3-4965-ba93-2b7cff68bc85", "value": "efc219a1db302c35266f035095076c58.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809248", "to_ids": false, "type": "text", "uuid": "08144c61-f675-4fee-9c9f-b181e3161ece", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859997", "uuid": "8d33c7d0-dfd8-475b-b0cd-6035bf07220f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859996", "to_ids": true, "type": "md5", "uuid": "f30e60b1-3abf-4bf3-9d99-5831c5f17b05", "value": "987a8f51cfb33462f9b098f151c9afa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859996", "to_ids": true, "type": "sha1", "uuid": "7ba174c2-9633-4f9c-9ac7-f1d7643f1e48", "value": "5f775efe84b51a6977dafea385890a86296950d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859997", "to_ids": true, "type": "sha256", "uuid": "191aa462-4c8c-48c2-a41e-c7c89fdb6a19", "value": "531fcd446dca9c0f861b9bbc03095fa0009c2e82237c4e6e8fc59a5b31be68b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809269", "to_ids": true, "type": "ssdeep", "uuid": "c4146fbe-7a11-4016-8d27-6183903ff23f", "value": "12288:vfgMMbFxvHlB9I7ZL2UljpnKS+SGjKgmsXSgvcj461FKtkDdaIIj54C04x:vqZlo7HjAoGjKgpZvcj46XeIk5M4x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809269", "to_ids": false, "type": "size-in-bytes", "uuid": "69e55c07-5c46-487b-8f22-076002162343", "value": "595819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809269", "to_ids": true, "type": "vhash", "uuid": "fa03f2c2-17c1-4430-8c00-3f390e9526ee", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809269", "to_ids": true, "type": "filename", "uuid": "1b193669-0df5-424f-b80c-406948541a94", "value": "987a8f51cfb33462f9b098f151c9afa6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809269", "to_ids": false, "type": "text", "uuid": "db555ee5-5a11-44a5-8960-a9119b719497", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859998", "uuid": "8171be23-02a0-404f-8983-8197220096b2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859997", "to_ids": true, "type": "md5", "uuid": "d1fa613c-7030-4a4e-9a73-771e0f459815", "value": "872a2daf96e40cb7f559f7996f2af6e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859998", "to_ids": true, "type": "sha1", "uuid": "373402b0-204f-4dea-bc80-c5a2cf1e4fb0", "value": "50aa9f1db95ff2e114ce92f7dd61f9922ab54971", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859998", "to_ids": true, "type": "sha256", "uuid": "01729779-f5b0-4acb-936e-2539cc08290c", "value": "7bae492d60ec2e6c89c19e4b67bfb8939a9ef3a1188adbc6bd8de3901a843696", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809291", "to_ids": true, "type": "ssdeep", "uuid": "5c8dac02-751e-4d9a-bc28-79de501c57b3", "value": "12288:qfBzlIEXAJe6ANXYC3HAA+9xCDlwKdxIcrJjpasgYpZX7251UPXEYtZUawimjpwg:qfqQ60IWxK+FrRgKX7a1NK+QCUcd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809291", "to_ids": false, "type": "size-in-bytes", "uuid": "81f9d632-9718-47e7-8a45-e7deec06322c", "value": "888156" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809291", "to_ids": true, "type": "vhash", "uuid": "acebfe5a-d909-426a-9f13-b089f7d07a55", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809291", "to_ids": true, "type": "filename", "uuid": "d7a1dd06-1f68-46b5-880e-7ff92f26549d", "value": "872a2daf96e40cb7f559f7996f2af6e6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809291", "to_ids": false, "type": "text", "uuid": "f6de8a99-1486-430e-9740-82e44e42c923", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740859999", "uuid": "9359a6cc-b24d-4b90-a6f3-65377a7b033b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740859999", "to_ids": true, "type": "md5", "uuid": "e5d6ca94-184b-4203-8d0f-55061ecebde6", "value": "e5fd7ebaae86ad84e6f4a138fb565e04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740859999", "to_ids": true, "type": "sha1", "uuid": "7e513806-2375-41fd-8fbd-47533bbf1cff", "value": "dd932fa37552b0ab162670778719b69b42440d2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740859999", "to_ids": true, "type": "sha256", "uuid": "909a95ed-83ee-42a8-9593-5defdfcf34a3", "value": "7719f84a7db2977bc2a0970c7ea728955a3f3ebfc89c4de65418a5640496bc5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809312", "to_ids": true, "type": "ssdeep", "uuid": "b864505a-3239-422e-a251-8346b6559c24", "value": "12288:BfBzlIEXAJe6ANXYC3HAA+9xCDlwKd9IcrJjpasgYlZX7251UPXEYtZUawimjpwt:BfqQ60IWxKqFrRguX7a1NK+QCw0Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809312", "to_ids": false, "type": "size-in-bytes", "uuid": "a292bc07-20d2-4b46-9d3a-720ad1282dbe", "value": "888156" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809312", "to_ids": true, "type": "vhash", "uuid": "f24da7b7-13ab-45dc-a806-f6188e862087", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809312", "to_ids": true, "type": "filename", "uuid": "4983cd03-3574-4118-b666-dba3058db908", "value": "e5fd7ebaae86ad84e6f4a138fb565e04.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809312", "to_ids": false, "type": "text", "uuid": "a423ee04-38b7-4f50-a93d-fac2fdd82aac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860000", "uuid": "a2c57150-e4fa-42cd-9c99-f6d6277f2f65", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860000", "to_ids": true, "type": "md5", "uuid": "fc2ea39b-8562-4412-bfa1-cf471fc413e0", "value": "4dbc15479e4d9eb8d0c36bf05e2447ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860000", "to_ids": true, "type": "sha1", "uuid": "5a6b13be-f5b1-4b24-9fd9-87ee048446be", "value": "c2ad7aab5ecc90ef7bfea03dd98dd752faf3fe2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860000", "to_ids": true, "type": "sha256", "uuid": "9b5f2092-a1b4-4b74-a178-d001c0befe5f", "value": "a8f270824bd0f0ba95ebf29620782f1b7682b5a7b9e144731a6e6b64322f8bdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809334", "to_ids": true, "type": "ssdeep", "uuid": "0fee705b-7f39-4180-ad0d-1185c8a5d782", "value": "49152:smkPg0YjjTijss4xxv5rqKI+7yesbr4TTXNfmoSRnuKHobwf1607KDnG1NK+QCq:oPg04Tijss4xxv5r/d/+2QuKIwI0AkT+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809334", "to_ids": false, "type": "size-in-bytes", "uuid": "5161cb45-9e92-4d80-a165-a6d94f8f9b9f", "value": "3755868" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809334", "to_ids": true, "type": "vhash", "uuid": "bf2a9b9d-ac24-41c7-b37d-30d184c9f271", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809334", "to_ids": true, "type": "filename", "uuid": "1c88d558-1a0f-4d61-a1eb-7a653f820d1e", "value": "4dbc15479e4d9eb8d0c36bf05e2447ff.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809334", "to_ids": false, "type": "text", "uuid": "0ef440ff-8502-496c-9619-a93b32057d34", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860001", "uuid": "ffdb4be4-05b1-447c-8630-9b5fe55cf87b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860001", "to_ids": true, "type": "md5", "uuid": "d5eac8a4-9385-4985-8e9c-ce38628b2f9f", "value": "ca006900f713bb372c3386469283435e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860001", "to_ids": true, "type": "sha1", "uuid": "8501a09a-c66f-4f3d-85c3-5f69a407cc82", "value": "a7e4c00c2c35858b65420b4993a3566878c2bc3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860001", "to_ids": true, "type": "sha256", "uuid": "e43c0a1f-7be9-417d-b621-83482920c079", "value": "b2e37b629ceadb8a8d32261ba7f0b12c5319d7992ba2916914d01f2df45f2038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809355", "to_ids": true, "type": "ssdeep", "uuid": "110d0061-799b-426e-8f37-49a968b6a8ad", "value": "12288:PBRR8UG3/rHgVHaQDPxqP3aatB8Kv93FTiW5qEpzx9hwy/8KqP:PR83zoNxiBTvyW5V1xX8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809355", "to_ids": false, "type": "size-in-bytes", "uuid": "fad84611-b2c2-481d-8808-e32b8578bbf8", "value": "604889" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809355", "to_ids": true, "type": "vhash", "uuid": "a6602c90-13f6-4129-9a93-7506a35b2fb3", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809355", "to_ids": true, "type": "filename", "uuid": "6fe71321-307a-4fd8-bfad-e6e8a87353bb", "value": "ca006900f713bb372c3386469283435e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809355", "to_ids": false, "type": "text", "uuid": "180c5c6e-835c-4820-afb0-6a212ca15f4a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860002", "uuid": "e8af4338-a28e-422f-9cb7-669e36de5864", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860002", "to_ids": true, "type": "md5", "uuid": "14486370-2447-4beb-80cf-475d4418a17c", "value": "d086aac40376b6f724357b2856f34f9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860002", "to_ids": true, "type": "sha1", "uuid": "6f2b214f-b944-44bd-88b5-92c15412f3d8", "value": "67357353ecad1e01d3a5387d2e572d77f63f832a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860002", "to_ids": true, "type": "sha256", "uuid": "8d3ada30-f10e-497c-84cc-95ca522d6b81", "value": "8ec993ca1d68dfaf99c50269917badfb33264b199b6599ea86800b64baf4eace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809376", "to_ids": true, "type": "ssdeep", "uuid": "ccc38b26-bdcb-412b-9690-b66ead53a2cd", "value": "12288:DfKiKcsRb2YFLnJikJ5uXa+sgMqj5szxESmKc6B8hx:DiVR6YFLR5uXAgQKSfl8hx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809376", "to_ids": false, "type": "size-in-bytes", "uuid": "298a8aa6-affe-4196-af24-2f4762324bda", "value": "595719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809376", "to_ids": true, "type": "vhash", "uuid": "b5445df6-19a3-489e-994a-4c277a457e36", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809376", "to_ids": true, "type": "filename", "uuid": "65c36118-2450-4120-b15e-2f6f716a9d37", "value": "d086aac40376b6f724357b2856f34f9d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809376", "to_ids": false, "type": "text", "uuid": "8abd0067-472e-418a-880a-3efbcdcf8521", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860003", "uuid": "824e3e35-95c1-4aad-a313-cf8ab32d42ef", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860003", "to_ids": true, "type": "md5", "uuid": "676a4058-2f1c-4f8f-9a20-3f0311a5d061", "value": "b7ac5a483b9c84ae9c490c2a54e1fe0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860003", "to_ids": true, "type": "sha1", "uuid": "22262836-28ad-4d75-bf41-46a04ae07baf", "value": "d7e2a5750944831404f0758c58651a9d4a1c317e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860003", "to_ids": true, "type": "sha256", "uuid": "70bb1796-7674-429b-a560-e6e9971d5329", "value": "09f4c550a370e6b8d85dae171e5c84c7b1e01aa6aea0573017f56bc615c7144b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809398", "to_ids": true, "type": "ssdeep", "uuid": "00ddb5a0-b23d-47be-b502-79f73960609d", "value": "12288:lr0mncmSvbUWl7LHvVjKsBObK3XMrn9Cpfi3Ty72ua4V84r0re:lrHA7LHvRKsMmMKxPa4Ire" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809398", "to_ids": false, "type": "size-in-bytes", "uuid": "87422c20-4a1d-4037-bbe0-d4a319d8610a", "value": "604840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809398", "to_ids": true, "type": "vhash", "uuid": "cf446a80-49d1-415b-8900-5000df252749", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809398", "to_ids": true, "type": "filename", "uuid": "d91134e9-ef6e-43b6-9fba-52cf9444addc", "value": "b7ac5a483b9c84ae9c490c2a54e1fe0f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809398", "to_ids": false, "type": "text", "uuid": "1a0a4972-9fc9-4391-ac6c-4c2fa6b88d89", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860005", "uuid": "210ef50f-dd30-4b9b-a531-27cb4de039dc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860004", "to_ids": true, "type": "md5", "uuid": "7ef34c23-b7b8-485e-b92b-af292b0afa01", "value": "1edc6b2a82c867e91bca6c4caea07bfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860004", "to_ids": true, "type": "sha1", "uuid": "56fb175a-52df-4170-99ef-362c26809b45", "value": "aeeb2622d10e613c911639ed4bfb8463a0afa88d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860005", "to_ids": true, "type": "sha256", "uuid": "c89c14e8-7b65-4efe-b111-c8228afbe6fc", "value": "f1515d2fac1deed35fa7ca104db2437b87ab6c2b28904da7a7b9a470272eb842", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809419", "to_ids": true, "type": "ssdeep", "uuid": "cc34e848-c478-452f-aa58-9e8f036bc587", "value": "12288:mfBzlIEXAJe6ANXYC3HAA+9xCDlwKdiMt9wpRygqNFju4/SmB4UHyKMZX7251UP5:mfqQ60IWxKEt9uqOmaI+X7a1NK+QCG8Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809419", "to_ids": false, "type": "size-in-bytes", "uuid": "f131d7d7-18a9-4a68-9836-978f7798d977", "value": "888151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809419", "to_ids": true, "type": "vhash", "uuid": "291cff4d-c3b4-4357-8d5c-26b3f69132d8", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809419", "to_ids": true, "type": "filename", "uuid": "54a14832-248e-4ef7-811b-fde62b17c1b2", "value": "1edc6b2a82c867e91bca6c4caea07bfb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809419", "to_ids": false, "type": "text", "uuid": "a92122f9-49b2-4f8c-9270-eb4e9474947e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860006", "uuid": "448cd9fd-fb77-44ef-9082-a7eee7c42dde", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860005", "to_ids": true, "type": "md5", "uuid": "24cffe2a-f936-45b5-abc6-2496d9c534f3", "value": "dcc4df603b2a40302dce75c9ebce7c6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860006", "to_ids": true, "type": "sha1", "uuid": "5a25b4f5-9686-43e0-9255-22ac5e8a7b36", "value": "f962e56f02947e240fe60fddfce3d701719fb6d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860006", "to_ids": true, "type": "sha256", "uuid": "94031686-4324-4a0d-bb8e-7ba3edba1a07", "value": "d82317e577c9bad1f340d50b66d75f727fc09dc3f9f46f763f80ec1c957ced73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809441", "to_ids": true, "type": "ssdeep", "uuid": "1207d3e4-1fda-4c30-9b84-2bb472ea8eb6", "value": "12288:zf/4RHFOTPmwyvsIGyteGdouTCuYAyy7x7yxX:z4RUTewybN8uWFQMF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809441", "to_ids": false, "type": "size-in-bytes", "uuid": "27ed59e0-bee5-473e-8f3b-2dc31904f0f6", "value": "595777" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809441", "to_ids": true, "type": "vhash", "uuid": "e05ead6b-417e-42dc-8224-8b256a0d612a", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809441", "to_ids": true, "type": "filename", "uuid": "265fce8f-6818-46ce-94ac-6d6cfc92b8ea", "value": "dcc4df603b2a40302dce75c9ebce7c6d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809441", "to_ids": false, "type": "text", "uuid": "4ec65c62-e1d3-4daf-a51a-1cd2eb74a77f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860007", "uuid": "07c5603e-25d8-4734-9bd4-a164b3879144", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860007", "to_ids": true, "type": "md5", "uuid": "b89f80ca-5b65-4fca-a137-32908aa241d0", "value": "b5c44094c79223a1f5579c3cbc0896f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860007", "to_ids": true, "type": "sha1", "uuid": "e77fd133-1dc6-4e95-ada7-7b1c115fbca8", "value": "235eef1a44d6c36016ab77e4fcd98fa01deef643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860007", "to_ids": true, "type": "sha256", "uuid": "b2688979-d4ad-49b6-b20d-469f02821a65", "value": "85a5bf1a51c31804d44a96e589635c13cac7c3d9901ed4b58fd97beb44b5ec5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809463", "to_ids": true, "type": "ssdeep", "uuid": "84cea6ea-46bb-4844-8be5-254d28f5ddcf", "value": "12288:V0Yuhc/H0BKui7668xQpgndU2nUHhdaau0fyc38wmUqvlk:VgccBKuFtmpodU2nUBrKU8k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809463", "to_ids": false, "type": "size-in-bytes", "uuid": "1f676b34-d9a3-4cfe-a6bc-cc2ccb5c7c4e", "value": "604839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809463", "to_ids": true, "type": "vhash", "uuid": "0252aaa5-01ca-4413-ad53-d17cf1419705", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809463", "to_ids": true, "type": "filename", "uuid": "9e17a811-4468-4425-8bcc-91a375415f90", "value": "b5c44094c79223a1f5579c3cbc0896f1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809463", "to_ids": false, "type": "text", "uuid": "1963def4-4812-458e-a5cd-d6e7a0cdd98d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:32/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860008", "uuid": "5ffb3268-397c-425e-8a87-e9704df1a770", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860008", "to_ids": true, "type": "md5", "uuid": "a71b42fe-c95f-4618-851e-2307d8f98350", "value": "e1cdb8f27393782862506be530731a50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860008", "to_ids": true, "type": "sha1", "uuid": "4c84fb88-8feb-4446-a745-915003d0e3f2", "value": "86e276521b92486f03c9608fe72f042a874ca722", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860008", "to_ids": true, "type": "sha256", "uuid": "01221394-b2da-47ab-a612-d170f1a7289f", "value": "706ae60ebcc0ae1cd37b287eace3bb068c64682d3da93c854156dc3c0b228cfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809484", "to_ids": true, "type": "ssdeep", "uuid": "87fb63d5-b9c3-4bac-acad-3ba03982863c", "value": "12288:WfBzlIEXAJe6ANXYC3HAA+9xCDlwKdMMt9wpRygqNFju4/SmB4UHyK+ZX7251UP9:WfqQ60IWxKyt9uqOmaIoX7a1NK+QCkca" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809484", "to_ids": false, "type": "size-in-bytes", "uuid": "30424d18-13e2-41f9-a06d-dd147a9e0489", "value": "888151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809484", "to_ids": true, "type": "vhash", "uuid": "bfc323fa-6b24-4d0a-9957-c1cd3bb84ddf", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809484", "to_ids": true, "type": "filename", "uuid": "25edacbb-f38c-4d64-9dca-5d687d68a820", "value": "e1cdb8f27393782862506be530731a50.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809484", "to_ids": false, "type": "text", "uuid": "7125b6ee-1def-4f48-9f56-5830070ee272", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860009", "uuid": "4bcf2b69-21ed-4f00-b257-fade9cf93f1c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860009", "to_ids": true, "type": "md5", "uuid": "d86fe268-bce3-45ad-991f-844adc70ab89", "value": "6a40b234a827f284973ae14eb616074c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860009", "to_ids": true, "type": "sha1", "uuid": "0af40c1d-b36f-45d9-bbd9-98afe0a61d28", "value": "4a65f909543e2eab41f853c4ab2dfa26bcec7fc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860009", "to_ids": true, "type": "sha256", "uuid": "f8625236-0b40-4c00-9920-1fb11f11ab82", "value": "093773b89f6130dbef65fdd9d45d33790167a2b9f674dfea31f672cddce2b642", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809505", "to_ids": true, "type": "ssdeep", "uuid": "cac2c834-2c9a-4e46-b832-d19a90111e9d", "value": "12288:Lf/ThlfNswzlZIN2dD2KgMq0AIWQd2GtXUabS3m:LzhlfzRZw2ELMw/Qd24XUabS2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809505", "to_ids": false, "type": "size-in-bytes", "uuid": "ad552d59-01a1-4f77-a1ca-a145d5bc4325", "value": "595610" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809505", "to_ids": true, "type": "vhash", "uuid": "3ffab546-5dd9-47e6-b555-7051686a31f4", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809505", "to_ids": true, "type": "filename", "uuid": "8776d13c-e277-4227-aa68-68d0db3d3fe8", "value": "6a40b234a827f284973ae14eb616074c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809505", "to_ids": false, "type": "text", "uuid": "cf70d6c6-dcda-4a98-934f-1ed7933f50ab", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860010", "uuid": "13d5a196-132e-4641-a67e-294c3ac7e917", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860010", "to_ids": true, "type": "md5", "uuid": "ca54e1b1-e71b-4931-a6b5-7b041a9588a3", "value": "d7535a8b387fcbeb280f6cf4f041a7b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860010", "to_ids": true, "type": "sha1", "uuid": "104357c2-01a2-410f-91ac-7bcb522908b3", "value": "ba9c05568d5656ce5c337c6147803abb11b664b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860010", "to_ids": true, "type": "sha256", "uuid": "38d0fc85-bf39-4352-a472-64249d5b15eb", "value": "e9fa6f26581cad4bedd4c35932606137bf1a712991b9e3076be6766225fd0edd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809527", "to_ids": true, "type": "ssdeep", "uuid": "7c7fb548-4d13-43d2-888d-0e42422c0b7c", "value": "12288:/fnXwDHoGJKFcwZMlhxrx0tqPKIJha1ZWpzxWtX5xXhOXm6:/vwDH36pWlvAqPVSglstPROX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809527", "to_ids": false, "type": "size-in-bytes", "uuid": "a0570041-6ccb-4083-8bf0-0736843a638b", "value": "595611" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809527", "to_ids": true, "type": "vhash", "uuid": "8939abb8-9414-40d0-bcfb-9afb5511b764", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809527", "to_ids": true, "type": "filename", "uuid": "23499bbb-13ae-4ee7-92ed-42b995ebe6b8", "value": "d7535a8b387fcbeb280f6cf4f041a7b1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809527", "to_ids": false, "type": "text", "uuid": "60c336ad-02fc-4fa6-b8a3-d71503134d4e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:29/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860012", "uuid": "68e51041-3c7e-4748-90d7-c68f9b90ad07", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860011", "to_ids": true, "type": "md5", "uuid": "289d1ddd-2a3e-4704-b279-81ccee424b83", "value": "1a8c092a724c066f1864bcdb115f8072", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860011", "to_ids": true, "type": "sha1", "uuid": "cc7d7b37-cf45-4955-acb1-00356ef09054", "value": "cb0f0cc1b82353cee6e54bfab9eaee0ec03369df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860012", "to_ids": true, "type": "sha256", "uuid": "5963afd2-b55e-46cf-b854-577a713c7a92", "value": "57236c684e3a7b9110f79f2ab3ea8d74162a543a0ea8c7f5b5d561b51ea5481c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809548", "to_ids": true, "type": "ssdeep", "uuid": "df3624d1-4c5f-4ab9-abf5-97bc9a8de3f9", "value": "12288:owO5BH0BKui7668xQpgndU2nUHhdaau0fyc38wmzmel/plsbF0WUvyT:o5qBKuFtmpodU2nUBrKzR/8SWPT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809548", "to_ids": false, "type": "size-in-bytes", "uuid": "63ecd679-9cb7-42f8-a5fb-fd48605213d9", "value": "604842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809548", "to_ids": true, "type": "vhash", "uuid": "e1ac160a-fe74-43e7-be26-0c8c69303e60", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809548", "to_ids": true, "type": "filename", "uuid": "c677bc94-902f-4274-b942-6f1a70b93c0d", "value": "1a8c092a724c066f1864bcdb115f8072.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809548", "to_ids": false, "type": "text", "uuid": "1a5cc260-1876-45ae-91cf-cf478481d447", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:32/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860013", "uuid": "bb10d57c-09d0-4e8c-9de4-95e3b96fddb4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860012", "to_ids": true, "type": "md5", "uuid": "592ba0c1-240c-4939-816a-112b421427f9", "value": "99dba768b3a15c2adf4d23fabf706618", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860013", "to_ids": true, "type": "sha1", "uuid": "44e2ad73-6ffc-40a4-9e93-7c9c9b79a17f", "value": "6f8dadd3c091691327fc0c338517ee32cf0f05c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860013", "to_ids": true, "type": "sha256", "uuid": "9835c8f9-67ab-40e6-a3a2-4ffe1502bc64", "value": "069ddc8f0dcddf425cd50f14d3f120c6241e18eb1d53e00a52d21c1a4f5886da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809570", "to_ids": true, "type": "ssdeep", "uuid": "4f21d815-5e37-43b8-9b40-f10cf14f6ff1", "value": "393216:hidNTQupR+gO9vLim7Wwq95NbbLJBc7DocKgkTy:aphpogO9vLi+Wwq9jPL/cXocKgp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809570", "to_ids": false, "type": "size-in-bytes", "uuid": "16a5ffc5-85c5-4941-828c-70b989fe5342", "value": "16867833" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809570", "to_ids": true, "type": "vhash", "uuid": "e827f9be-4bec-4dc1-ba05-e207e0208e29", "value": "01bd3af75cad29a28e3ca1ac0e841f26" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809570", "to_ids": true, "type": "filename", "uuid": "b7df344e-4a9d-46c0-ae01-495496099cf2", "value": "99dba768b3a15c2adf4d23fabf706618.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809570", "to_ids": false, "type": "text", "uuid": "1169228b-b3d5-47c3-ad88-d158cfe96164", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860014", "uuid": "a26e3cb6-4c21-4362-bb26-6501b4d1a0f7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860014", "to_ids": true, "type": "md5", "uuid": "6b6b49a7-ec72-4e4c-85b6-da9c7f290f87", "value": "3f84fc15cf40fe47bf2d06dde8599432", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860014", "to_ids": true, "type": "sha1", "uuid": "cb5b0460-3683-4fd6-bea0-28f912f53d0e", "value": "f5dd0de3ebe44081c81a2fea9150fd5c0e725a5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860014", "to_ids": true, "type": "sha256", "uuid": "555ab3ae-c494-4e71-a7bf-3c03630868aa", "value": "a16a176d794c136e2f56d616f0f9a9f84125dd056127479d95c01acced269c9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809591", "to_ids": true, "type": "ssdeep", "uuid": "d6f5fc20-3051-41b8-8571-182db188f975", "value": "98304:8yDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrKSI0Z4kT9:7DUC2n/zgMs6uzvNOAQi4IxgYrKMGkT9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809591", "to_ids": false, "type": "size-in-bytes", "uuid": "67129dd3-536b-450a-8e66-5eb1d8f28ca8", "value": "5620954" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809591", "to_ids": true, "type": "vhash", "uuid": "4610c44b-33cd-4ad0-96d7-14fa851a74a5", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809591", "to_ids": true, "type": "filename", "uuid": "2f0ed7e4-ab18-47fe-b59d-72240476c831", "value": "3f84fc15cf40fe47bf2d06dde8599432.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809591", "to_ids": false, "type": "text", "uuid": "c28eb71c-3cde-4fae-965d-53589d008ff4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860015", "uuid": "c31bccbe-34d3-41c7-80f5-a502f045ffa9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860015", "to_ids": true, "type": "md5", "uuid": "8500b590-2f27-4877-a13e-506c3ae2309e", "value": "183914e9ae74a4e4287d6458716e525c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860015", "to_ids": true, "type": "sha1", "uuid": "ff5115ce-d120-4425-a3f5-6b0603efd319", "value": "39277347a8d565f055a5209b16b7015fa6fc5f88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860015", "to_ids": true, "type": "sha256", "uuid": "9502891d-d3ab-403c-aaa5-590419137fba", "value": "f0381132e54e66cea54cd5facfc1ff50d036965ddf6f1a8070fbd4e7037be7fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809613", "to_ids": true, "type": "ssdeep", "uuid": "00b9bf0e-7478-4b88-b14c-348932fafc79", "value": "98304:EPg04Tijss4xxv5r/d/+2QuKIII04dkT9:8PocshxBr1G2QuKFGkT9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809613", "to_ids": false, "type": "size-in-bytes", "uuid": "3410e06c-7752-446a-9283-26cec701e609", "value": "3755499" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809613", "to_ids": true, "type": "vhash", "uuid": "e7236920-be2e-4fc2-8584-dab90ce0b96a", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809613", "to_ids": true, "type": "filename", "uuid": "b572bcc3-719d-449a-a7fa-eddf424a1343", "value": "183914e9ae74a4e4287d6458716e525c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809613", "to_ids": false, "type": "text", "uuid": "f85afe78-fb6e-49ef-acbe-4145bc688acf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860016", "uuid": "3ba74782-79ec-4637-9f2b-d291ea227f08", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860016", "to_ids": true, "type": "md5", "uuid": "80c2a03c-ff01-411c-bad9-9b61fc9ebed0", "value": "ee877bd88d97eb351fd326acbe432209", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860016", "to_ids": true, "type": "sha1", "uuid": "9e56cae5-68f4-4cb6-bec4-fe59d18cd9bb", "value": "ac9adf61d65d567f7f46653d0afa64fdbaba273f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860016", "to_ids": true, "type": "sha256", "uuid": "ea4421db-1a72-4be7-aff3-a53b930f0e98", "value": "da0ef745b9b3edca8df3aa37a94651adea1e54ade61ad55118f9d2042d323a47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809634", "to_ids": true, "type": "ssdeep", "uuid": "cd445497-dd98-4654-91bd-fd4fe73fb0f4", "value": "24576:9fqQ60IWxKBtN/Ppdg2doX7a1NK+QC36c:9f1607KBtNHpdgRG1NK+QC7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809634", "to_ids": false, "type": "size-in-bytes", "uuid": "a5c09295-fe5f-4d67-8aee-6e3a4b05a707", "value": "888154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809634", "to_ids": true, "type": "vhash", "uuid": "10961409-de0e-4de0-bf65-497031a83fa5", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809634", "to_ids": true, "type": "filename", "uuid": "67082460-188e-4851-a603-6d4fd081e50c", "value": "ee877bd88d97eb351fd326acbe432209.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809634", "to_ids": false, "type": "text", "uuid": "80d5bb40-f4b6-488a-a1f7-7366637166bd", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860017", "uuid": "f7a7cd31-4705-45a2-8061-d5278a3c08c8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860017", "to_ids": true, "type": "md5", "uuid": "966f6202-19cd-4996-a404-f88ff3da4f40", "value": "fa787de110e00b0688f993c338f6d9b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860017", "to_ids": true, "type": "sha1", "uuid": "d7234445-df53-447b-aa8b-36381a71157f", "value": "28102453a3f06123812161c2e48735ef3aadbed2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860017", "to_ids": true, "type": "sha256", "uuid": "73bed054-8db8-45c9-b3b0-e5fab39de5b6", "value": "d5b7b3a67a4e42a3624bbee16234cbff21a15a63b654034382caed3799d19b39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809656", "to_ids": true, "type": "ssdeep", "uuid": "dee12d38-68f5-4e98-99b7-383c018a0dd7", "value": "12288:DfBzlIEXAJe6ANXYC3HAA+9xCDlwKdPMt9wpRygqNFju4/SmB4UHyKtZX7251UPW:DfqQ60IWxKrt9uqOmaI3X7a1NK+QCNim" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809656", "to_ids": false, "type": "size-in-bytes", "uuid": "37b852d5-fd34-47bd-938e-0b93bc251d12", "value": "888151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809656", "to_ids": true, "type": "vhash", "uuid": "618c48ce-c576-4d60-8920-da3f79894ffe", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809656", "to_ids": true, "type": "filename", "uuid": "c9261b81-c9ad-4bc7-9811-17a20bdf3fca", "value": "fa787de110e00b0688f993c338f6d9b0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809656", "to_ids": false, "type": "text", "uuid": "b4a7e964-1afe-495e-b3be-a050201cf36c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860018", "uuid": "d9299d22-a473-4133-8dee-cab72799e620", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860018", "to_ids": true, "type": "md5", "uuid": "1931bc77-c59e-4f0b-9859-9cbb942d4d15", "value": "e12c42dab1d6cdf8db67d57e6f60ea09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860018", "to_ids": true, "type": "sha1", "uuid": "ce65c665-ef52-42eb-a17c-ccd3b0fdc2b8", "value": "ab01e47d3c823ad633581ed217cf3b1a67a21e57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860018", "to_ids": true, "type": "sha256", "uuid": "672083f7-fff4-40a9-b525-7dfddebfc169", "value": "bd8dce23498dcf879d7bb0fdc2615afab7ee86a82439e5e946fad7a5428c51a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809677", "to_ids": true, "type": "ssdeep", "uuid": "ad6b9846-fb9b-4ed9-a1de-4f33777a0de6", "value": "12288:lVK/4a1Ni6FJIHLdhjMyWHfVkypwHKwUefqAgAjJ+u+VaOdDelOK/uA2:lZaKmIrvQ/VN2HQ0bl+kOdDvA2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809677", "to_ids": false, "type": "size-in-bytes", "uuid": "ebc77027-82df-4504-b6b8-69e4e8cba519", "value": "604558" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809677", "to_ids": true, "type": "vhash", "uuid": "d5ec4dd9-495c-495b-8ff5-c63cd7c4af5f", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809677", "to_ids": true, "type": "filename", "uuid": "d01fcbc3-473e-458f-b66d-945d6832b4cc", "value": "e12c42dab1d6cdf8db67d57e6f60ea09.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809677", "to_ids": false, "type": "text", "uuid": "462f4cda-e20a-40c4-824e-e7b1b58a0d3c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860020", "uuid": "ed52ce00-e949-42b7-b687-6ceeabdcdfd4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860019", "to_ids": true, "type": "md5", "uuid": "0d0ad899-9ade-463f-b5d9-85e5b1e5e02d", "value": "9524eac407844010c546245ce78e7ffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860019", "to_ids": true, "type": "sha1", "uuid": "c7daa255-ddfc-41fd-9618-6cf3ee375ee1", "value": "9a95d6d885ccb145e47ea5ff4c328a78ba156dc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860020", "to_ids": true, "type": "sha256", "uuid": "d26f6e59-bb8d-4708-a94f-ffe5c2bd27d5", "value": "522ac81c89d9536eb5e91729c745afa84cfc2694abcd3f4b27d093cacd8dc8ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809698", "to_ids": true, "type": "ssdeep", "uuid": "82a9bed1-0563-46ab-8a66-24712dc8ed42", "value": "196608:5iuhQAllkMqk1GCImlqP2oQMhNYbk4+5QGiCpkTJ:5inAcx4PImlqPZQM7JPIukTJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809698", "to_ids": false, "type": "size-in-bytes", "uuid": "1251a260-4e4b-4579-bd7c-0b36e8c37c17", "value": "7134436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809698", "to_ids": true, "type": "vhash", "uuid": "5fccd6ba-3c19-49f2-8d0e-57bd0505ffa5", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809698", "to_ids": true, "type": "filename", "uuid": "d88a76f0-4d9b-45d5-b5a9-fd57318b4e1c", "value": "9524eac407844010c546245ce78e7ffe.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809698", "to_ids": false, "type": "text", "uuid": "51401015-124f-4819-82f4-22180db083b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/C2Lop\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860021", "uuid": "0b77638d-5546-4387-b0cf-9245940b7a31", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860020", "to_ids": true, "type": "md5", "uuid": "31c5ba55-a06a-43ed-8ac9-fc6e5825c95a", "value": "b73ae6b57e8e6bdfd3db9937975694d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860021", "to_ids": true, "type": "sha1", "uuid": "8e151b1e-0a6e-45e6-9268-26e89f5fed16", "value": "7d70e0e6e0aa5a5aa8841b37886e8b005c99329f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860021", "to_ids": true, "type": "sha256", "uuid": "08c91f40-f969-4928-b96d-83148202cabc", "value": "44530906218ce4b149a175f5f63e18718b54e8ecd49d642419b7fe25995578ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809719", "to_ids": true, "type": "ssdeep", "uuid": "b43a4d11-4ffd-4583-b438-69280861242a", "value": "196608:oiuhQAllkMqk1GCImlqP2oQMhNYbk4+5EGL+kT6:oinAcx4PImlqPZQM7JPjL+kT6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809719", "to_ids": false, "type": "size-in-bytes", "uuid": "7fb04b30-bd65-410a-94b5-e8cf8eaa77ff", "value": "7134437" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809719", "to_ids": true, "type": "vhash", "uuid": "e636feca-9c2c-4be2-bea0-26957d3f70e7", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809719", "to_ids": true, "type": "filename", "uuid": "7cefbcc8-e161-4205-beed-506517ec70a8", "value": "b73ae6b57e8e6bdfd3db9937975694d4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809719", "to_ids": false, "type": "text", "uuid": "bee2a81c-e124-4b21-b93c-f33cd653d6b4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/C2Lop\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860022", "uuid": "2e627900-75bb-4425-96e6-b0baa15790d8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860022", "to_ids": true, "type": "md5", "uuid": "0c2caf18-a2aa-4c62-93b2-35336d34e2b3", "value": "9dd113a1b9194a6553b9bff3072ca282", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860022", "to_ids": true, "type": "sha1", "uuid": "0ce8b832-3a47-4a34-96f4-9d4f05de470e", "value": "c5432306eafd9092c57243273e26584455db00dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860022", "to_ids": true, "type": "sha256", "uuid": "31cc848e-0753-4612-859e-a6ba4c3b6650", "value": "fbbe0b8217a1129123cb3fb6ca32273bfb7a330a7f0f04e9d014e0f12406c1ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809741", "to_ids": true, "type": "ssdeep", "uuid": "a947e2f0-ba0b-4d74-bf3b-f351d32239b8", "value": "196608:HiuhQAllkMqk1GCImlqP2oQMhNYbk4+5YTkTk:HinAcx4PImlqPZQM7JPmkTk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809741", "to_ids": false, "type": "size-in-bytes", "uuid": "a1150f85-c1a1-4fd4-a41c-2bbe785f17a6", "value": "7134791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809741", "to_ids": true, "type": "vhash", "uuid": "fca55283-2d20-4930-94e7-2a7d0ed1cb35", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809741", "to_ids": true, "type": "filename", "uuid": "dab4750c-5b1f-490e-9b46-2cf7dc6f47aa", "value": "9dd113a1b9194a6553b9bff3072ca282.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809741", "to_ids": false, "type": "text", "uuid": "1dcf295d-fd44-4c23-8ebe-62158a9cbaee", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/C2Lop\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860023", "uuid": "2a9e7737-ebd8-44fc-95e3-83e836be28ad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860023", "to_ids": true, "type": "md5", "uuid": "0e3aa39f-2ffd-4840-bd05-5af24486ef61", "value": "897d90b5fb439f20ced3d1b2031dbdc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860023", "to_ids": true, "type": "sha1", "uuid": "9d63763b-83b4-4b4a-bc1b-23317e5b27eb", "value": "1172b979591f2037dcaa8074db1f2883b3491149", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860023", "to_ids": true, "type": "sha256", "uuid": "0c629116-6ca5-47e9-aa23-a5e1ba1ce3e4", "value": "02b70af6305b44904aeeceb15f5ed0de4bcfc4c6f0752eacafb4f6da8a18d930", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809762", "to_ids": true, "type": "ssdeep", "uuid": "23051c9e-4201-4636-9c54-313146fc5cd2", "value": "196608:IiuhQAllkMqk1GCImlqP2oQMhNYbk4+5gvkTr:IinAcx4PImlqPZQM7JPCkTr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809762", "to_ids": false, "type": "size-in-bytes", "uuid": "b26d1f31-bf3b-451e-82af-d97e4a188b9e", "value": "7134791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809762", "to_ids": true, "type": "vhash", "uuid": "44d8e421-7f1f-4cee-b580-8ab05b73452e", "value": "8e6ac9240098ced230afcb999879b88c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809762", "to_ids": true, "type": "filename", "uuid": "aa6306be-dbbf-4b7e-8ec0-8418a8946dcf", "value": "897d90b5fb439f20ced3d1b2031dbdc4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809762", "to_ids": false, "type": "text", "uuid": "fda52da5-8ceb-45a0-baee-b0866d57eeb6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/C2Lop\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860024", "uuid": "82cd8542-60b0-4084-96c8-18f45b0398f0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860024", "to_ids": true, "type": "md5", "uuid": "2908265a-8adb-4140-9f0d-4237b3688fe0", "value": "f4889adf74ffbb3ac7485e80b0490817", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860024", "to_ids": true, "type": "sha1", "uuid": "f8b04a1c-35fe-4fdd-98cf-689749fabe3a", "value": "145055ae8f99b98dba60acc95db6c5a447663782", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860024", "to_ids": true, "type": "sha256", "uuid": "e6ea60e7-2c18-4761-a642-3f8a37793ea1", "value": "4aca90f8fd683cf6cbffb8bc0c7ea125b6c069520513b07de498662f7bb469cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809784", "to_ids": true, "type": "ssdeep", "uuid": "fcc0db83-12bf-4ef1-8804-2b7b64da533d", "value": "12288:RfBzlIEXAJe6ANXYC3HAA+9xCDlwKd4LxfzyHLdRc/wZ9/dVsTKSiS4NPVu5HdUd:RfqQ60IWxKTxGL70wZ9/dqD4ZVW9Ud2S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809784", "to_ids": false, "type": "size-in-bytes", "uuid": "ba39b688-51a6-4f8a-b8f8-68a43b196d15", "value": "826821" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809784", "to_ids": true, "type": "vhash", "uuid": "03e45c68-57d4-4556-b37f-20315e32b1ad", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809784", "to_ids": true, "type": "filename", "uuid": "13421f4f-a769-4c3e-9fe0-c6a485e97c42", "value": "f4889adf74ffbb3ac7485e80b0490817.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809784", "to_ids": false, "type": "text", "uuid": "732d7100-ef95-42f4-a118-0a2ebd56d802", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860025", "uuid": "4b11d766-2d19-4f82-aa88-9c63e101ce9f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860025", "to_ids": true, "type": "md5", "uuid": "b67c732f-1f2b-4f5a-bcad-5e2d6ef7d64c", "value": "c6d73243e83b77329dacba2435851949", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860025", "to_ids": true, "type": "sha1", "uuid": "00b85de1-9535-481a-9809-869353dc7e62", "value": "6f3b28881a0401cd9e66d57717631f0698910415", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860025", "to_ids": true, "type": "sha256", "uuid": "ef877be1-16b7-47b4-b4f4-cabb110164b7", "value": "b6d85c98cc360d38a61a21ed04e90e2dd9978f09c15dd43ccc0d0a8bdb238c0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809806", "to_ids": true, "type": "ssdeep", "uuid": "34e2d6cc-aee0-450d-bb3b-77c4dff8e3c8", "value": "24576:IfqQ60IWxKXtN/Ppdg2dwX7a1NK+QCvSJ:If1607KXtNHpdgpG1NK+QCK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809806", "to_ids": false, "type": "size-in-bytes", "uuid": "99e74874-c5fc-47d8-8630-e9077e94addf", "value": "888154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809806", "to_ids": true, "type": "vhash", "uuid": "edf6e641-1a6b-4bf8-86c1-6671ee889da0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809806", "to_ids": true, "type": "filename", "uuid": "20f46bb6-fad6-4a24-ad4e-a0746ef0948d", "value": "c6d73243e83b77329dacba2435851949.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809806", "to_ids": false, "type": "text", "uuid": "86b95b0b-2f39-44ac-9a45-c97237ea32ea", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860026", "uuid": "b62d7d5a-e01a-4c40-b1f4-72b9b42024c5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860026", "to_ids": true, "type": "md5", "uuid": "3526ee0d-c801-4206-855d-9a7855994eb3", "value": "91285d19dff79664cc24f876dfbf0a01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860026", "to_ids": true, "type": "sha1", "uuid": "4bcc92d5-b1c1-4368-be76-b39b71c93860", "value": "d1b3a708548eb7ab8aab7487669c76062a2ce2ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860026", "to_ids": true, "type": "sha256", "uuid": "c66d8e1f-6602-43e5-be58-a3dc3c2f0f67", "value": "e52f2d96222f420d3f0cf26db60a4175184fc924f2a36ac03c6ddbe5e8cb3d61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809827", "to_ids": true, "type": "ssdeep", "uuid": "0b4d503c-d0fd-4ec9-a766-a49c85233b6b", "value": "12288:KfBzlIEXAJe6ANXYC3HAA+9xCDlwKdK/Pupgxt4ssx9ZLElKwYN/ZOxG3q1qgoi5:KfqQ60IWxKZXupgZMxBBN/ZOxfJX2P23" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809827", "to_ids": false, "type": "size-in-bytes", "uuid": "ef127480-3eb3-4d94-85b8-350a63d10415", "value": "887010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809827", "to_ids": true, "type": "vhash", "uuid": "9232389b-ad97-435e-8e96-88a955e6c944", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809827", "to_ids": true, "type": "filename", "uuid": "70392ed8-570e-43d2-9bfa-663c63c9b1ac", "value": "91285d19dff79664cc24f876dfbf0a01.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809827", "to_ids": false, "type": "text", "uuid": "cd007154-21be-4837-9b66-3ea0a4930000", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860028", "uuid": "6681e39d-33c6-429e-bf23-9a0d604666ea", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860027", "to_ids": true, "type": "md5", "uuid": "9eb86f44-5d42-48e2-be92-ccd98adab670", "value": "2017ae784ad60a31b0685502b244a605", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860028", "to_ids": true, "type": "sha1", "uuid": "1f79070a-3cab-4cdb-b685-55c482bdce2a", "value": "8ca0919a188c4d937fc0818638823b18e971b1d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860028", "to_ids": true, "type": "sha256", "uuid": "1f6c4fb6-388b-4006-9fdf-559f87333c93", "value": "8dd3efba3ab9367079cd9e93804cd139ec88c474916f39182cc185a6f5bf898b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809848", "to_ids": true, "type": "ssdeep", "uuid": "a64d6d22-2793-4cdc-8f1d-a533f16afc62", "value": "24576:PfqQ60IWxKA16pVGtlSLpMX7a1NK+QCwMd:Pf1607KTqspqG1NK+QCr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809848", "to_ids": false, "type": "size-in-bytes", "uuid": "5ec023b8-5c8d-46fd-a75f-209f182e8c4e", "value": "888148" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809848", "to_ids": true, "type": "vhash", "uuid": "246ee9f6-b576-47f8-977a-e07c05f2877a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809848", "to_ids": true, "type": "filename", "uuid": "8debce28-1e47-43a7-a564-a0b9a0371fc8", "value": "2017ae784ad60a31b0685502b244a605.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809848", "to_ids": false, "type": "text", "uuid": "25519478-16c6-464d-9baf-5a7614f69e7b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860029", "uuid": "3c434893-9b97-4e1e-917e-b948a28e1f99", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860029", "to_ids": true, "type": "md5", "uuid": "1951a605-5441-4c02-9742-568f9771c116", "value": "5cd391b56a190669622dc0307f3df06a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860029", "to_ids": true, "type": "sha1", "uuid": "71702e9a-ec6a-4bab-9dd6-fd348ae4390d", "value": "eb17b09934e1e9493c7ea3b8b6ca8f45ad86ff67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860029", "to_ids": true, "type": "sha256", "uuid": "e10fdec5-d0fb-4f91-b599-8dc74afa80f4", "value": "a1c4114027c885cffc575125daf5f752e1c26d1bbfcca882cc5b83725266f647", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809869", "to_ids": true, "type": "ssdeep", "uuid": "b3e13631-d0c0-44c9-a467-763ca480380e", "value": "12288:2fBzlIEXAJe6ANXYC3HAA+9xCDlwKdNRLEa7ymN1ZX7251UPXEYtZUawimjpwTTl:2fqQ60IWxKw97tNfX7a1NK+QCJKD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809869", "to_ids": false, "type": "size-in-bytes", "uuid": "623acc2a-aa42-4481-8226-1023da5999b6", "value": "888149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809869", "to_ids": true, "type": "vhash", "uuid": "93f187f5-af7f-40cd-ad9d-424b3243eb5a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809869", "to_ids": true, "type": "filename", "uuid": "e24352e9-7e19-4f9f-8add-67fda9fcbf57", "value": "5cd391b56a190669622dc0307f3df06a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809869", "to_ids": false, "type": "text", "uuid": "abf51608-71ff-4686-8e6f-2c915df22eab", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860030", "uuid": "9837d8c8-689a-4ce1-b08d-1037a50ec3c9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860030", "to_ids": true, "type": "md5", "uuid": "a71484d7-0314-47cd-8ed9-d78c69a47260", "value": "3dd48e761d54efae9eab6bb2d2ab58ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860030", "to_ids": true, "type": "sha1", "uuid": "b76380b8-6719-431d-b3d5-fcc396be5eba", "value": "fd0d60411fa23c9e4fcdaea00e6b19275133f847", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860030", "to_ids": true, "type": "sha256", "uuid": "3dbde308-41bd-4112-9de3-853caa9f14b1", "value": "82d073f06b0664880c8f6368e0c71d621db1845858896fb8d0f5d6805e7172d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809891", "to_ids": true, "type": "ssdeep", "uuid": "31294748-6733-42fa-9067-4ce3fc4f7833", "value": "12288:QfBzlIEXAJe6ANXYC3HAA+9xCDlwKd6s9ViMSew+71lIMcMpPhki2gtVLcrW:QfqQ60IWxKOTi8w+74BIZ1ci" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809891", "to_ids": false, "type": "size-in-bytes", "uuid": "42ab570e-3954-4a3f-aeec-5836b8ecf3f2", "value": "630645" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809891", "to_ids": true, "type": "vhash", "uuid": "33ab2dad-1e92-4bba-ab44-dcdbd7f96787", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809891", "to_ids": true, "type": "filename", "uuid": "3a6471e1-a72c-4c02-818e-585340090215", "value": "3dd48e761d54efae9eab6bb2d2ab58ac.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809891", "to_ids": false, "type": "text", "uuid": "1133f8f1-cc93-4a95-a635-874f784c8293", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860031", "uuid": "1169a231-615f-4e24-9f6c-e76be8fc4002", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860031", "to_ids": true, "type": "md5", "uuid": "2604cfcb-2325-480d-8fc5-fe2cd425aedc", "value": "4d360664454fcd38f300386d5d8e2803", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860031", "to_ids": true, "type": "sha1", "uuid": "40d00de8-8871-482c-9c25-1d8bce96a55d", "value": "57ed698e98175a6ff4c07889bb431f5052d7f316", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860031", "to_ids": true, "type": "sha256", "uuid": "f5f1bba4-3a23-463c-9540-49148474d7be", "value": "7f9e02ccd7b8089fc7c063163400bafa144062da20ecee6ed41516609f5b5daf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809912", "to_ids": true, "type": "ssdeep", "uuid": "b0799b65-fd20-4566-bc3c-eb148604fb5d", "value": "24576:LfqQ60IWxKO6nEfuEca97X7a1NK+QCOMW:Lf1607KOIE7ccbG1NK+QCy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809912", "to_ids": false, "type": "size-in-bytes", "uuid": "3a99aa13-3d65-494d-8acf-4af50c06e0ba", "value": "888150" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809912", "to_ids": true, "type": "vhash", "uuid": "da338abd-b425-4252-8264-17e2a89600f0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809912", "to_ids": true, "type": "filename", "uuid": "f8112285-27ea-4010-b46d-85da10228a59", "value": "4d360664454fcd38f300386d5d8e2803.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809912", "to_ids": false, "type": "text", "uuid": "6a693ace-eb0b-450c-bd0d-5f695fed6249", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860032", "uuid": "b5e58439-74ba-4341-b17c-2358f990418e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860032", "to_ids": true, "type": "md5", "uuid": "b0a09e1b-67ba-4d87-81d2-8e53e5f8ffc7", "value": "f5a62e74d27835fc8b75e86150d1fce9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860032", "to_ids": true, "type": "sha1", "uuid": "5e5649d1-8348-4414-a79f-3e4c75752a7b", "value": "778dd234089a1f4d234025ec943b302ed9ea4169", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860032", "to_ids": true, "type": "sha256", "uuid": "c7068b5a-465f-42a7-a494-cb02ddbd905e", "value": "d5f3494c80b1fe9ac75be358be16587f9479a7289edbf4c3e5a0335efd72e37e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809933", "to_ids": true, "type": "ssdeep", "uuid": "f9d0e550-b5fc-4df9-a65f-23a972359ef9", "value": "12288:OfBzlIEXAJe6ANXYC3HAA+9xCDlwKd57yNIj8b7Svv/AyiQZjZX7251UPXEYtZUx:OfqQ60IWxKIjESFrX7a1NK+QCxWk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809933", "to_ids": false, "type": "size-in-bytes", "uuid": "8d062fb8-c3e0-4521-b888-8f9424e84063", "value": "888154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809933", "to_ids": true, "type": "vhash", "uuid": "647bb5de-fc2e-4b68-a507-9b7f21716e19", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809933", "to_ids": true, "type": "filename", "uuid": "706cd940-8311-4913-bce8-ca686138cb5a", "value": "f5a62e74d27835fc8b75e86150d1fce9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809933", "to_ids": false, "type": "text", "uuid": "9ab357a6-8d60-4634-a847-d8a533c10f39", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860033", "uuid": "84cb87d5-583e-4a89-9fde-620797178013", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860033", "to_ids": true, "type": "md5", "uuid": "fb751197-ebe0-43fa-95ad-b9365f3c64fc", "value": "999b9b7475f2cd4012a1bb019dfe38e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860033", "to_ids": true, "type": "sha1", "uuid": "48c753f7-afbe-48e3-b410-0b4880fa71b7", "value": "885e21465e0cf146d20ad0d9a7ebbcaeb455458d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860033", "to_ids": true, "type": "sha256", "uuid": "776e4cd6-a2c8-4738-bba1-fb32715b0ce2", "value": "db8cb747c8fec9634a61f5a35fc09f58c8277036e5679091c30f216c3620458f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809955", "to_ids": true, "type": "ssdeep", "uuid": "a3ab89ef-3764-4345-b4c4-90785d0f822c", "value": "12288:ofBzlIEXAJe6ANXYC3HAA+9xCDlwKdvRLEa7ymNaZX7251UPXEYtZUawimjpwTT6:ofqQ60IWxKG97tNMX7a1NK+QC487" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809955", "to_ids": false, "type": "size-in-bytes", "uuid": "8fbccbd9-f969-45f4-a39a-16ab025e57c3", "value": "888149" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809955", "to_ids": true, "type": "vhash", "uuid": "20d8c824-0069-474f-979c-e0d92fdf8930", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809955", "to_ids": true, "type": "filename", "uuid": "ce73dfa5-0124-459c-a7d4-d9d5961afd83", "value": "999b9b7475f2cd4012a1bb019dfe38e6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809955", "to_ids": false, "type": "text", "uuid": "192f0384-c325-42e4-a931-68e56df6a98e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860035", "uuid": "6d16e9b5-b0a0-4168-bf47-737d661ee7df", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860034", "to_ids": true, "type": "md5", "uuid": "1821ea55-ba41-483c-aa7e-673f2abc640f", "value": "52200ae85461e8f3962a157a0fe303bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860034", "to_ids": true, "type": "sha1", "uuid": "c690494d-3638-4e4d-80c9-7c26fb879c68", "value": "b758ddf068817dd991e5f011f40ffed29e49e560", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860035", "to_ids": true, "type": "sha256", "uuid": "2dd4173f-02cc-40ac-b15c-71175704fb7b", "value": "91d8ca5d3407d9892f453211733693adeac8caa2eb0c22dfc8c86b374ac4439f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809976", "to_ids": true, "type": "ssdeep", "uuid": "62970f4c-abff-47cd-bba9-f9578c9a3dfb", "value": "12288:TfBzlIEXAJe6ANXYC3HAA+9xCDlwKdK/xYFdmSzZ31SLitipBNF/ZOxG3q1qgoiv:TfqQ60IWxKZgdmSzZB+NF/ZOxfJX2P2l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809976", "to_ids": false, "type": "size-in-bytes", "uuid": "0fc91c86-2d58-47a0-b5ca-99e44b901284", "value": "886919" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809976", "to_ids": true, "type": "vhash", "uuid": "7ffd4b31-53f7-4f7f-ba8f-ced3b7577c24", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809976", "to_ids": true, "type": "filename", "uuid": "7e6927be-4aa0-4338-8930-d34b00883347", "value": "52200ae85461e8f3962a157a0fe303bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809976", "to_ids": false, "type": "text", "uuid": "d4d1de25-d98b-4061-a1e7-2a271b7c9c3d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860036", "uuid": "acd8c7b6-8a73-48f4-9873-1a2803ed3ee6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860035", "to_ids": true, "type": "md5", "uuid": "1d158a81-ca54-4807-be26-6a9649234a57", "value": "c08b9e41fa90a7efa118c821d28d4855", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860036", "to_ids": true, "type": "sha1", "uuid": "fc2d829c-5933-415b-8b93-f7f8b72d03ca", "value": "f2a74fb227e32499d3e63fa4f7c051e8a556996e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860036", "to_ids": true, "type": "sha256", "uuid": "f8af3dae-ade9-4189-9886-b7191a96b8bf", "value": "95e026233101f9d6e18632b7b2bed1ab754f81f10d1bd3521c765c96e86127a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740809997", "to_ids": true, "type": "ssdeep", "uuid": "904405ad-f1a6-4407-9afa-d6ffdcc1701e", "value": "12288:qkH9Pl8NwseS8YtAj1ttJ/5uqofFYwcft8d0+H3l1nIhxtWi3ZpyoQa:qy8qagrIqMYwcl8dv11kxQNw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740809997", "to_ids": false, "type": "size-in-bytes", "uuid": "dd7a43b1-5b3f-41ec-805b-0f6b886a8284", "value": "604839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740809997", "to_ids": true, "type": "vhash", "uuid": "5e4d0ba4-f0ab-4b23-b92d-b249cb9b81e5", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740809997", "to_ids": true, "type": "filename", "uuid": "11b3b38c-9a1e-4582-bba8-328fa9622146", "value": "c08b9e41fa90a7efa118c821d28d4855.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740809997", "to_ids": false, "type": "text", "uuid": "041cf004-2342-4612-adc6-98ad140abcac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860037", "uuid": "47df5d95-0931-4720-95d4-c8f8ad1507ce", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860037", "to_ids": true, "type": "md5", "uuid": "51c8037a-0c68-4d19-b32e-8f298501a9fa", "value": "189c0a56875fc3d3446e5710088e092f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860037", "to_ids": true, "type": "sha1", "uuid": "f86a855a-7121-4c54-9c47-13eca081eb0b", "value": "4bc520ce4315012f3c153ce85583fcf35de73963", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860037", "to_ids": true, "type": "sha256", "uuid": "48c2d729-9cda-4dee-bda2-e48c1cab2949", "value": "ca8e8b5aee58b316e56f37bf8701ad9695b1d34168842ad5e4b20be9be8d211a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810019", "to_ids": true, "type": "ssdeep", "uuid": "f4ce7c46-86e8-4a6c-a708-cd4fd9ba391a", "value": "12288:QfBzlIEXAJe6ANXYC3HAA+9xCDlwKdK/bupgxt4ssx9ZLElKwY5/ZOxG3q1qgoiL:QfqQ60IWxKZjupgZMxBB5/ZOxfJX2P29" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810019", "to_ids": false, "type": "size-in-bytes", "uuid": "715567bd-33a0-41a9-87da-c54af53ac1d9", "value": "887244" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810019", "to_ids": true, "type": "vhash", "uuid": "75450c59-3449-4a43-ae55-122dc4a65a2b", "value": "d0d3b9eef37f4f0e67407586a6b48dc5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810019", "to_ids": true, "type": "filename", "uuid": "225c2397-2428-4a91-9852-45b8aa1e7050", "value": "189c0a56875fc3d3446e5710088e092f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810019", "to_ids": false, "type": "text", "uuid": "de41a026-1faa-46d6-9406-2f38d2661c4e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860038", "uuid": "762a284e-350c-4adc-8ee6-41eae6f4a62b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860038", "to_ids": true, "type": "md5", "uuid": "d1590591-977d-423b-9c95-f1cd437bcbb8", "value": "b2293f03abea42152cbe9bbf14551274", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860038", "to_ids": true, "type": "sha1", "uuid": "21941c6b-8534-44fd-96d7-47de84f560e0", "value": "e6752c78a3ddbad8b95402fabddabcee361e55d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860038", "to_ids": true, "type": "sha256", "uuid": "159cf155-d37b-494f-b564-830b43f731be", "value": "1dcde64041ba51488ae3d3346d880411dada9a68af2b6f4c87ef9d4e38e11f24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810040", "to_ids": true, "type": "ssdeep", "uuid": "ccf33254-6c58-487a-a11d-dd23e95f2dbb", "value": "12288:afBzlIEXAJe6ANXYC3HAA+9xCDlwKdbs9ViMSew+71lIMcMpPhki2gtALWKX:afqQ60IWxKBTi8w+74BIZkWo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810040", "to_ids": false, "type": "size-in-bytes", "uuid": "d5d5c674-9f68-46a6-9431-760fb42de58c", "value": "630645" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810040", "to_ids": true, "type": "vhash", "uuid": "ee28a4d1-be9a-4e25-8dab-9149797191b9", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810040", "to_ids": true, "type": "filename", "uuid": "dabdfc8f-6634-467c-bce9-b371fcd7ad4e", "value": "b2293f03abea42152cbe9bbf14551274.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810040", "to_ids": false, "type": "text", "uuid": "78765bfe-bb73-479b-afe2-49db67f573c4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860039", "uuid": "910d33aa-0907-4d76-9558-c94b6fcf4406", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860039", "to_ids": true, "type": "md5", "uuid": "4282ff58-648b-46b6-b76e-68fc2f584edd", "value": "0c678d27002cfa66b904b0428517403a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860039", "to_ids": true, "type": "sha1", "uuid": "2430ed80-38b5-4f36-8868-6ffcff5d5e6d", "value": "7122ce8ac118fefa69f20b9fe0ad52d3d44f948b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860039", "to_ids": true, "type": "sha256", "uuid": "efeb3a4f-b3c0-495a-b074-fe3e6a60dc2b", "value": "dbea9419d8ec96e9d7d8f3901d45383d2b5cf2c29810b4d1af08bd363fd1cad2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810061", "to_ids": true, "type": "ssdeep", "uuid": "821f9e9e-9fcd-470d-833e-492aaa4f735f", "value": "12288:4fBzlIEXAJe6ANXYC3HAA+9xCDlwKd7mTFAZkObOFW1soUsn+fhLuaK:4fqQ60IWxKumuVbBFWu5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810061", "to_ids": false, "type": "size-in-bytes", "uuid": "542620f9-9ae2-49fc-b117-3504d6fc99a0", "value": "611614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810061", "to_ids": true, "type": "vhash", "uuid": "09f753e7-665b-4e0a-8bdd-e24023569817", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810061", "to_ids": true, "type": "filename", "uuid": "d78319a5-f544-4a97-9e0a-198489a758a6", "value": "0c678d27002cfa66b904b0428517403a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810061", "to_ids": false, "type": "text", "uuid": "cc8ad1d2-aef9-4cfe-a67e-da670420d7ea", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860040", "uuid": "f90d2d45-8cee-40ea-8e58-f637b6d4e182", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860040", "to_ids": true, "type": "md5", "uuid": "67c5a878-a8d8-4203-a79e-7253732e4886", "value": "7b6f85b4715d24625757619733605ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860040", "to_ids": true, "type": "sha1", "uuid": "c7f74c22-f5ae-41e9-a0ce-a73ddc78e50a", "value": "ed4cdc83597e76fe962cff4382e09a6444484122", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860040", "to_ids": true, "type": "sha256", "uuid": "6520f0d1-4df5-4381-8a81-5bf7c50a1b4b", "value": "1e81c37f2d4d676015d821876ceac9848c3ff2e9221c2f65469762fdb367c65b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810083", "to_ids": true, "type": "ssdeep", "uuid": "604e0ae5-a4ec-49c4-b272-9dd8ca6f457c", "value": "12288:efBzlIEXAJe6ANXYC3HAA+9xCDlwKdes9ViMSew+71lIMcMpPhki2gttLEzY:efqQ60IWxKaTi8w+74BIZtEc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810083", "to_ids": false, "type": "size-in-bytes", "uuid": "6a6c9b67-2232-4be5-bcde-d02b7ac9e3d4", "value": "630645" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810083", "to_ids": true, "type": "vhash", "uuid": "f60b2c8e-1996-47d0-b08d-993bd90032cb", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810083", "to_ids": true, "type": "filename", "uuid": "60b385d1-bc02-4749-b499-e6a6e57bad08", "value": "ed4cdc83597e76fe962cff4382e09a6444484122.tzg" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810083", "to_ids": false, "type": "text", "uuid": "b4a9cbf3-3a17-41c5-9711-59b6edb8c060", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860042", "uuid": "61da60b5-6c59-4587-a554-72e55045a3f2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860041", "to_ids": true, "type": "md5", "uuid": "1d50959f-7165-42e5-acc3-6c1470cf0cce", "value": "8d016079e4206b3407aacf3a8226406d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860041", "to_ids": true, "type": "sha1", "uuid": "780216e9-1017-4d2d-bab7-fdc21e039204", "value": "63146a0eca13d3cdf998552e452891ecb1309d16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860042", "to_ids": true, "type": "sha256", "uuid": "60184da7-4692-4d3a-a811-0999e4a8f334", "value": "246eb43de6df2bfc7bad0ff129ad932f288bbe8984cf8939e673cb2a5e748cad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810104", "to_ids": true, "type": "ssdeep", "uuid": "53028f91-b780-43ef-8494-425f386b79f2", "value": "12288:DfBzlIEXAJe6ANXYC3HAA+9xCDlwKd2mTFAZkObOFW1soUsn+fWLUVy:DfqQ60IWxKfmuVbBFNUI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810104", "to_ids": false, "type": "size-in-bytes", "uuid": "dace2230-d141-4780-ae14-65faa802b858", "value": "611614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810104", "to_ids": true, "type": "vhash", "uuid": "74a143f7-9595-448b-9241-9decb1575417", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810104", "to_ids": true, "type": "filename", "uuid": "22cf88d4-6f3a-4b4b-b351-2b9fb63d66f8", "value": "8d016079e4206b3407aacf3a8226406d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810104", "to_ids": false, "type": "text", "uuid": "9c4bfbc7-b263-4dd6-b954-f2acdf97e6a6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860043", "uuid": "e98684fd-31eb-4c22-b734-380be3041b3d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860042", "to_ids": true, "type": "md5", "uuid": "44e4fdc0-af48-4951-b7f7-f5d011069007", "value": "3173fae606281e29352d54935c532de4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860043", "to_ids": true, "type": "sha1", "uuid": "14fa925a-e0e0-4bc3-b699-2e8f2b299bf6", "value": "7d62c1838a409cd3eba13088d812eaa8940f95e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860043", "to_ids": true, "type": "sha256", "uuid": "21891f6a-c2c8-4455-ad41-dbcf3e482247", "value": "f9eb7ad3e0016978ee21f4e543138ca5aee149873673689bd59e5e272756c77e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810126", "to_ids": true, "type": "ssdeep", "uuid": "bc2b1148-3523-4bfb-8e55-07d887e11993", "value": "98304:LUI0vBzsBUenO9BxQfdFLlLMoJobY8vMGB9B7t2l7+iK0C5uuF/t8atVFLZ0P23+:CiO/CdBJMoJRw/sl7QICpePwssu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810126", "to_ids": false, "type": "size-in-bytes", "uuid": "6540a99c-465a-4e6a-948b-02bda1b9ae28", "value": "6333126" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810126", "to_ids": true, "type": "vhash", "uuid": "50a791db-2bcd-43ce-8aa4-442c287c8ad4", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810126", "to_ids": true, "type": "filename", "uuid": "8d6c920f-7d8b-4b32-a7c1-9f7414025ca8", "value": "3173fae606281e29352d54935c532de4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810126", "to_ids": false, "type": "text", "uuid": "73223311-21ab-4ede-85ec-c758291e806b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860044", "uuid": "6050cf54-b1f9-47ac-9567-74a9bee8848f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860044", "to_ids": true, "type": "md5", "uuid": "b357f071-edc9-4f6b-8153-198513f06231", "value": "1f17406c214c2b57b645351ef094b1e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860044", "to_ids": true, "type": "sha1", "uuid": "61a3ce31-8dc4-4caa-a966-e3a2f2de99b1", "value": "487c8eaacf3abcb3e069dcfa7e7cd0eb49716831", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860044", "to_ids": true, "type": "sha256", "uuid": "53fbc662-4e02-4b2b-b39f-020bc1530edf", "value": "69a6a1a62f9d58981e8edcdf53bb19acd87d4b481d323526ad6e20670cae80c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810147", "to_ids": true, "type": "ssdeep", "uuid": "92e41c5c-3fc5-4dc3-923f-1c9069a28022", "value": "12288:VpfBzlIEXAJe6ANXYC3HAA+9xCDlwKdfLJ5OePew+/JXzqOFodYbyLER8:VpfqQ60IWxKONQeGw+/JXz8REC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810147", "to_ids": false, "type": "size-in-bytes", "uuid": "bc349e35-4c6d-412f-a703-361af203adc2", "value": "630650" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810147", "to_ids": true, "type": "vhash", "uuid": "17f57108-bd09-4024-bbee-ae45df94f188", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810147", "to_ids": true, "type": "filename", "uuid": "a10a1e92-c6bc-4a84-83d0-82c20ce8fa85", "value": "1f17406c214c2b57b645351ef094b1e1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810147", "to_ids": false, "type": "text", "uuid": "e8893d7a-e94b-4603-83c3-c4e4f73c2799", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860045", "uuid": "ab2dda07-4324-4334-aa5f-ece0e0f422a6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860045", "to_ids": true, "type": "md5", "uuid": "414a4fbd-c49e-42c0-99dd-f6dece63cbb0", "value": "bfe4c0dabb31a0859cf608fba9611d1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860045", "to_ids": true, "type": "sha1", "uuid": "8f9301a2-92e7-4f30-acc3-d4deee648c57", "value": "69da0c9724e4703e52a23055bdb74cdaa7776fcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860045", "to_ids": true, "type": "sha256", "uuid": "baf6fc28-8c1d-4b4e-960f-17f4abbce272", "value": "f16fdf5997255792bd9a1070e218eb1b63b7ce03b60d56eea722a8f6365f4269", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810168", "to_ids": true, "type": "ssdeep", "uuid": "d3ed886a-bfcc-40a5-a0e9-cb580a8bfb7d", "value": "12288:qfBzlIEXAJe6ANXYC3HAA+9xCDlwKdes9ViMSew+71lIMcMpPhki2gtMLyOo:qfqQ60IWxKaTi8w+74BIZgyj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810168", "to_ids": false, "type": "size-in-bytes", "uuid": "1ba6d9d4-32d6-4e2f-badf-04ee3f6e9412", "value": "630645" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810168", "to_ids": true, "type": "vhash", "uuid": "9af30428-7d28-446b-ae36-4f4db4970b67", "value": "62f9d15caf7d002d049093706b1c9bcd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810168", "to_ids": true, "type": "filename", "uuid": "85f842c4-2563-4ed7-8c1d-ed1ba5fa9ada", "value": "bfe4c0dabb31a0859cf608fba9611d1e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810168", "to_ids": false, "type": "text", "uuid": "cb85f534-09d6-4657-9d64-5755e0f98182", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860046", "uuid": "ccb04478-ef53-4e11-8621-650b093a753a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860046", "to_ids": true, "type": "md5", "uuid": "d070ee55-1433-4deb-bd40-bb38359a727a", "value": "a5de75be15f0bbd3679090efed69adbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860046", "to_ids": true, "type": "sha1", "uuid": "a6304952-c14c-43d2-b975-cbc4fea1d6b6", "value": "15c67046baaf35b694fd488ada1f2c5f2deb309f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860046", "to_ids": true, "type": "sha256", "uuid": "93d89070-1321-4f77-a311-6bb27d47c6e6", "value": "3dce2793956623eb4f4c56928aac388220995eace4b2c1a4e17e62cd575239a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810190", "to_ids": true, "type": "ssdeep", "uuid": "522c4395-69ae-4003-8ae4-4d29202a7a0b", "value": "24576:eNfqQ60IWxKK18c03jSEdN9pI6VeaEelKAOdhS5Tr19:eNf1607KB3NT9p79Eelv5Trz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810190", "to_ids": false, "type": "size-in-bytes", "uuid": "533265b6-9887-4311-bba5-d05c8a4623f9", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810190", "to_ids": true, "type": "vhash", "uuid": "24c70cfc-eb47-4700-a035-9c88e6cf84e8", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810190", "to_ids": true, "type": "filename", "uuid": "1cca3524-cf52-485b-8bb9-13e313162d12", "value": "a5de75be15f0bbd3679090efed69adbc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810190", "to_ids": false, "type": "text", "uuid": "69c3c78d-3d14-45b6-826d-0e4758f99db2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860047", "uuid": "f90f597f-f495-40b2-9cfb-1eee3dabac80", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860047", "to_ids": true, "type": "md5", "uuid": "6ca660e1-f1bc-4833-bc9f-6c54225b258b", "value": "a9b2717ba7beb1673ae71ca8340440d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860047", "to_ids": true, "type": "sha1", "uuid": "ed7dc426-1c11-41d4-80d5-f6604640421b", "value": "7bc3c85b1b0f06258a17cf7817996248ed6d23f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860047", "to_ids": true, "type": "sha256", "uuid": "35e27104-fb9e-496f-876e-5e91ed6612da", "value": "35e48e92dccfcc31b66d0e408d7a350b01d8923c5994f704c387da4f5b9d70a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810211", "to_ids": true, "type": "ssdeep", "uuid": "a7fd1bbe-e082-4928-b69d-b3fd026c14da", "value": "12288:LfBzlIEXAJe6ANXYC3HAA+9xCDlwKd5hsnZaoMJEMlUkt/ZX7251UPXEYtZUawiL:LfqQ60IWxKOhCz4USX7a1NK+QCTiN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810211", "to_ids": false, "type": "size-in-bytes", "uuid": "4bb52a98-67bc-46e0-8ae5-96b3cd514477", "value": "868080" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810211", "to_ids": true, "type": "vhash", "uuid": "8e6ffa3f-6bbd-4ab0-bcd6-9d1bde9f6c8e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810211", "to_ids": true, "type": "filename", "uuid": "e4f4c25e-a554-4df3-a22d-28762b85ecc1", "value": "a9b2717ba7beb1673ae71ca8340440d1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810211", "to_ids": false, "type": "text", "uuid": "55fef97a-9430-46db-8bcf-bc7e0dc8ba8e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860048", "uuid": "9dd66ae7-2b68-405e-8304-f4c4b7b85685", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860048", "to_ids": true, "type": "md5", "uuid": "bc26f289-6e47-419a-83e1-ce3fd281d99c", "value": "f7145796758376be37638e438589b17b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860048", "to_ids": true, "type": "sha1", "uuid": "545a6550-1c54-44d4-b85c-401796c34044", "value": "9331fef881280211acfb875626f25a53c808c93e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860048", "to_ids": true, "type": "sha256", "uuid": "ac6ba88b-7fa0-4715-9502-ef8b2a6090cf", "value": "c74306ff933a578235eb78e10fb3324d6a298eeb591124cde2fbf3ce32bface4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810232", "to_ids": true, "type": "ssdeep", "uuid": "58d842f9-2989-459f-a504-257b05f78519", "value": "12288:Xf7fAkHt31jOXLWs88YAlW834XKB8Ww7f4I9wAXHhncU+gD3M2Aq4YG54C02s:XFVJ6Cs88Yr83leAIGAXBrx3o5Mf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810232", "to_ids": false, "type": "size-in-bytes", "uuid": "5a537b2d-87e8-48d0-8503-277c307ebabc", "value": "595819" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810232", "to_ids": true, "type": "vhash", "uuid": "114c008a-ee73-471b-9fe8-c6e091952298", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810232", "to_ids": true, "type": "filename", "uuid": "60d30f1b-a6a2-42cb-87b5-9b5b67656d65", "value": "f7145796758376be37638e438589b17b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810232", "to_ids": false, "type": "text", "uuid": "7c542386-6fd2-4612-9c6b-6b1d4c9a5a1b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860050", "uuid": "26f8530c-1aef-4f38-ab0f-9b60e228db6c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860049", "to_ids": true, "type": "md5", "uuid": "687bc54f-bd44-44fa-b4f9-7eeb7db76b5e", "value": "430c2a3ce7804201cc7ccc908a440ee3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860049", "to_ids": true, "type": "sha1", "uuid": "7cf45ec0-6511-4328-ba2a-eb7b006512ba", "value": "94cacf124e96b075bceb82992adb9029eb031751", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860050", "to_ids": true, "type": "sha256", "uuid": "c9873e80-6a71-4058-8d74-8e15f925a983", "value": "aad57a6c8c2452c66b70d6a5145409e0986862c83af0c02f04f23a075167c8c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810254", "to_ids": true, "type": "ssdeep", "uuid": "99d7fbc6-32a5-48f0-8468-d898637b7a1b", "value": "196608:6IO/QdBnMoJRw/sbHs5C5SHct++ioiboBtssFL:S/gBnM6Rw/sjMvJSHL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810254", "to_ids": false, "type": "size-in-bytes", "uuid": "1a9e1e11-7e61-40b3-8c1e-9a3546e1a20e", "value": "6333126" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810254", "to_ids": true, "type": "vhash", "uuid": "0213d103-5677-447b-93d6-4fecd558732f", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810254", "to_ids": true, "type": "filename", "uuid": "f93654f4-2622-402c-9bd2-dfee57a18f27", "value": "430c2a3ce7804201cc7ccc908a440ee3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810254", "to_ids": false, "type": "text", "uuid": "bc079e34-50a4-4cf9-9e9a-10b977cd06ed", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860051", "uuid": "f94fef37-3a69-484d-8407-abace9c81b37", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860050", "to_ids": true, "type": "md5", "uuid": "ab9c615f-8309-4e22-913b-bdece0a96843", "value": "884e8e31a4bb1a413833dc6ba47b41dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860051", "to_ids": true, "type": "sha1", "uuid": "d3097890-3295-40bc-ad61-1d6e8292c538", "value": "6c363e2425c1d23926d631d4a6b14284300bf1e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860051", "to_ids": true, "type": "sha256", "uuid": "27721d72-8e1f-4ccd-a8cf-7251a2911bf8", "value": "cf3ce2edcf1ea8511e6303369b055600b62cbd6e2a547fd28423ec739b797e7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810275", "to_ids": true, "type": "ssdeep", "uuid": "d8adbe7c-6f86-4e42-9ae4-1a972e380cfc", "value": "196608:02I/tdXcM+JrF/0T3lxBi1o2Ww2UBDbsGN:k/jXcMQrF/0rlxBiCmbBLN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810275", "to_ids": false, "type": "size-in-bytes", "uuid": "cb810771-d0f1-4680-9b73-5b1b966f3389", "value": "6332952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810275", "to_ids": true, "type": "vhash", "uuid": "4242e98b-e78a-4baf-8805-615413ba9eb6", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810275", "to_ids": true, "type": "filename", "uuid": "5ef3d828-42e5-433d-acb8-4c36719f2067", "value": "884e8e31a4bb1a413833dc6ba47b41dd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810275", "to_ids": false, "type": "text", "uuid": "52e13ef8-a581-4063-a0fc-8f82a8b2f66d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860052", "uuid": "a07108c3-e5b0-4e74-81ca-313e5a0be69b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860052", "to_ids": true, "type": "md5", "uuid": "787880e5-569a-4c8a-b369-5999eeab8691", "value": "1fca6e80777b2bcf0a2865aa8ba81693", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860052", "to_ids": true, "type": "sha1", "uuid": "625fd241-013d-474c-bf62-8aeaa9f1c135", "value": "3c0d9f996f57236cb720d3d65dd9266ff096eaf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860052", "to_ids": true, "type": "sha256", "uuid": "24ca8400-1c39-40ce-88bd-83c87cec50aa", "value": "b062e6c65c08830297c39ce054ce457d3dfd26eab7f5cb53606ca2df17938322", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810297", "to_ids": true, "type": "ssdeep", "uuid": "18304a08-3263-4dd9-9323-5ca7d0bc986b", "value": "12288:ufBzlIEXAJe6ANXYC3HAA+9xCDlwKd4a9sHt17wGj8PZX7251UPXEYtZUawimjpr:ufqQ60IWxKsQP7wrX7a1NK+QCdqa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810297", "to_ids": false, "type": "size-in-bytes", "uuid": "ce2e7253-1f50-4d37-ad1e-74c84394324a", "value": "867760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810297", "to_ids": true, "type": "vhash", "uuid": "be67c6d4-1500-4e98-abbe-1d08e1e5dc05", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810297", "to_ids": true, "type": "filename", "uuid": "7e29cbc1-4350-46ee-9e92-7eab5f78146c", "value": "VirusShare_1fca6e80777b2bcf0a2865aa8ba81693.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810297", "to_ids": false, "type": "text", "uuid": "5ab493da-63b1-4729-97c1-c83dd2e75696", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860053", "uuid": "a6676999-8768-453e-9963-1718cca87f8e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860053", "to_ids": true, "type": "md5", "uuid": "05bcb910-e9ad-4e23-a781-e4e21faa7e0e", "value": "c5072449c47270815e311bb56d61cec0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860053", "to_ids": true, "type": "sha1", "uuid": "3f0c21d5-9fba-42a6-989f-a5d2702a2c26", "value": "1eb8c69ad8de3c4b367970fe45c99d9764f5f972", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860053", "to_ids": true, "type": "sha256", "uuid": "58f0ff2a-9604-41e4-bb45-8a2d36a24f1a", "value": "faf70d91f57b96aec23b0d9f5b178acf4d5796976cdd73359b09410a4b583377", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810318", "to_ids": true, "type": "ssdeep", "uuid": "4d08ca9c-eebe-4463-bbf8-2d4f7307d01f", "value": "12288:cfBzlIEXAJe6ANXYC3HAA+9xCDlwKdQtEWYUytM94ciYZX7251UPXEYtZUawimjj:cfqQ60IWxK5qMGiX7a1NK+QC2IIg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810318", "to_ids": false, "type": "size-in-bytes", "uuid": "836914c4-2c04-4776-90d2-d2f3f5ae6600", "value": "863951" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810318", "to_ids": true, "type": "vhash", "uuid": "6b911c3e-6ee7-45e0-8292-36e8e33b6e9e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810318", "to_ids": true, "type": "filename", "uuid": "58af0ad5-043d-454c-ad61-8bdd70480cf1", "value": "c5072449c47270815e311bb56d61cec0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810318", "to_ids": false, "type": "text", "uuid": "92e3570c-0210-44a9-8aad-8423db73c45d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860054", "uuid": "d9807845-c78c-4abf-bee6-d2859cf37386", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860054", "to_ids": true, "type": "md5", "uuid": "a15ede8d-8052-4270-814d-5ed56aee8543", "value": "e7d0ead9b6b743e18778da3afa247973", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860054", "to_ids": true, "type": "sha1", "uuid": "9289ba06-4dff-47cc-bc20-ba14757f3b5a", "value": "7ca307c6e6f112c8091a90850628e35e3e81a648", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860054", "to_ids": true, "type": "sha256", "uuid": "9e932056-d1ff-4aa5-89f3-d98836c2f58a", "value": "71db3050155dd30bc70354438dac42b491cfe81c4e221354b2e2243aff776a6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810339", "to_ids": true, "type": "ssdeep", "uuid": "d65e62f4-af45-4402-803b-2a65deee01c7", "value": "12288:OfBzlIEXAJe6ANXYC3HAA+9xCDlwKd+ZX7251UPXEYtZUawimjpwTTvakSL84B1r:OfqQ60IWxKpX7a1NK+QC98RoD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810339", "to_ids": false, "type": "size-in-bytes", "uuid": "691e2916-e636-434a-b7bd-361b05e0f1c4", "value": "871820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810339", "to_ids": true, "type": "vhash", "uuid": "ae7d0a90-c7be-47bd-8a84-52edadafcce2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810339", "to_ids": true, "type": "filename", "uuid": "d1afedc5-c7eb-49a5-9a00-e9036bca980d", "value": "e7d0ead9b6b743e18778da3afa247973.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810339", "to_ids": false, "type": "text", "uuid": "dbe6dcec-b9fd-430c-b66e-1f666b634973", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860055", "uuid": "1cbd9f89-e6c9-4bec-9627-4ce17fc8b8b7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860055", "to_ids": true, "type": "md5", "uuid": "b325593f-142c-4f64-b4ad-ecb7726df9e5", "value": "a6734e7819f78acfb30c1cdbd623efad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860055", "to_ids": true, "type": "sha1", "uuid": "8f8a77d3-73ef-487b-bfd6-3f11d4d25ab0", "value": "349d048f959476b9b11e9d44fbb2c3fa1482af58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860055", "to_ids": true, "type": "sha256", "uuid": "2681b1a6-8529-43e2-9e3a-0ec75846a551", "value": "cc8157ce2d8faceaf21a4ff153ac343966df5f7e303255975d1459f9cc4e3342", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810361", "to_ids": true, "type": "ssdeep", "uuid": "7a13a119-749d-4c78-90c6-47a96615189e", "value": "6144:53KsvsOs3zFKDZTMdz8bXgx6EOOdqJIbNV5xaVsltFBaiP/btavhH/wX5k:FKsv/wFURq2AWqxblvMhH65k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810361", "to_ids": false, "type": "size-in-bytes", "uuid": "ffffc558-b08a-4999-a982-1659464942be", "value": "256468" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810361", "to_ids": true, "type": "vhash", "uuid": "7bddc5b7-9f7b-4f5d-890e-6d51fad8c6b7", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810361", "to_ids": true, "type": "filename", "uuid": "3814a151-ce67-4d42-866e-bfd038816c0e", "value": "a6734e7819f78acfb30c1cdbd623efad.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810361", "to_ids": false, "type": "text", "uuid": "c8bd2818-2eb9-4d86-bdc0-6e5447f6cd3b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860057", "uuid": "2c715aba-8e74-4eb0-810a-6d327340acab", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860056", "to_ids": true, "type": "md5", "uuid": "1b4cc082-a0b2-47a8-b71d-a65bdd489234", "value": "2f14fde8d8d857d167c533a1473966b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860056", "to_ids": true, "type": "sha1", "uuid": "ae59c965-1528-4c9b-b40b-c2586dea881d", "value": "441542068e66e766cb0ca5305484d62a7002ae27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860057", "to_ids": true, "type": "sha256", "uuid": "bdc57128-2c2f-4ae4-89f2-cf5149b2902a", "value": "98cd9f10cb8c4cb9b1c33aef48569054f9fc050c292c8ffb5360346ec5f9ddbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810382", "to_ids": true, "type": "ssdeep", "uuid": "f06edb42-df6a-4740-9e8b-ea88d5215918", "value": "12288:WfBzlIEXAJe6ANXYC3HAA+9xCDlwKdOtEWYUytM94ciXZX7251UPXEYtZUawimja:WfqQ60IWxKfqMGJX7a1NK+QCLlIn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810382", "to_ids": false, "type": "size-in-bytes", "uuid": "3ef2e1e0-7de5-48f9-a822-ca65dad39f8b", "value": "863951" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810382", "to_ids": true, "type": "vhash", "uuid": "759b3cf4-a541-491c-884c-acdfa90be7a9", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810382", "to_ids": true, "type": "filename", "uuid": "031227e4-5ccc-4af4-8599-91d6962a567a", "value": "2f14fde8d8d857d167c533a1473966b6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810382", "to_ids": false, "type": "text", "uuid": "7cf5a9d4-5d49-4ef9-8208-c237f9af9870", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860058", "uuid": "914f9302-5b8f-4d82-a298-443f0af9aa76", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860057", "to_ids": true, "type": "md5", "uuid": "738aacd2-f118-4797-9254-9237c58ecd84", "value": "eadf8a9889c85563eb0cd994f3ffaa45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860058", "to_ids": true, "type": "sha1", "uuid": "75fbf578-937c-4c34-8e7b-ba8610298c4b", "value": "b3a13d15f4a95f16088ea49f7a94fc1e3aca4b5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860058", "to_ids": true, "type": "sha256", "uuid": "9aa78695-24c8-4b5f-86e4-e178ea58b3e0", "value": "7aee9573e25e185b712b61df3b23a815288e11cfb740aedae02e0d33c6199b38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810403", "to_ids": true, "type": "ssdeep", "uuid": "e88240e9-9cf1-4054-8bef-588ef4b32cfe", "value": "12288:ofBzlIEXAJe6ANXYC3HAA+9xCDlwKd1K1OQCSNJznF7NMZX7251UPXEYtZUawimG:ofqQ60IWxKPCSLF7N+X7a1NK+QC02I9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810403", "to_ids": false, "type": "size-in-bytes", "uuid": "a69e8388-6b5a-4848-b5ed-b19c2faac029", "value": "865073" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810403", "to_ids": true, "type": "vhash", "uuid": "2f4f9cc4-8907-4141-acdb-cb850b06cdcf", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810403", "to_ids": true, "type": "filename", "uuid": "e6e0c710-0705-4033-bbb2-6ad06ce817c5", "value": "eadf8a9889c85563eb0cd994f3ffaa45.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810403", "to_ids": false, "type": "text", "uuid": "e10b7f63-5a2c-48c3-9ea4-833d5d0a146f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860059", "uuid": "5515f7d9-62be-4954-9e58-ea0edd3207bb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860058", "to_ids": true, "type": "md5", "uuid": "f8a906b2-0e16-40b3-9739-642fe3c41919", "value": "1a1a41b39ecc8d5b722d785bc7885bd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860059", "to_ids": true, "type": "sha1", "uuid": "076de052-d733-42b0-b219-f84ad6106b98", "value": "5cdbdb489f6e5a0408fc827872cf84f165f8cf2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860059", "to_ids": true, "type": "sha256", "uuid": "192a7e12-b75a-4a8f-9da6-7292eb109426", "value": "4ce82b821d255927502ce9496bc6dd7625df38edfc5970802bf593b534461a06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810425", "to_ids": true, "type": "ssdeep", "uuid": "e3257814-55ca-46e6-b1f9-075c35f90de4", "value": "12288:YpPoR4qxOgYxt64kOqWvdwLYKdvDehu60bdnu8VkJe8xS+7p/aDP/2XWKS11s6BM:YpJfxcfOH6QYJu8Ke8xSO/aDHYIvs6C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810425", "to_ids": false, "type": "size-in-bytes", "uuid": "398c25d1-f419-4873-b76b-8b8576757f0a", "value": "811193" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810425", "to_ids": true, "type": "vhash", "uuid": "919dbe57-32d5-4df5-9cb8-1f1e2a5d0fd6", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810425", "to_ids": true, "type": "filename", "uuid": "53f260ec-05ea-49d6-85e5-08db77da9780", "value": "1a1a41b39ecc8d5b722d785bc7885bd1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810425", "to_ids": false, "type": "text", "uuid": "c5bbff68-31a1-4b6e-8a3d-c6f4aadbabb4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860060", "uuid": "d756f21c-9b00-4da4-aae5-986dca54adfc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860060", "to_ids": true, "type": "md5", "uuid": "8320e024-e260-4304-9241-db158a9b82c9", "value": "946c0736d9a191c0167e790f33529376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860060", "to_ids": true, "type": "sha1", "uuid": "08b18580-861d-416d-8ed2-cade8d1172c4", "value": "d7b7d3ace7049fcaebb6f09787ecb488e9d2bc34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860060", "to_ids": true, "type": "sha256", "uuid": "d4c1058c-d917-42f2-a63d-c5a833991a4a", "value": "42324d453aaca52b729eaaa2324640bba493dc5388d799dfc556b3002b42aca6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810446", "to_ids": true, "type": "ssdeep", "uuid": "cf869e54-3090-47cb-b27a-6d5955c57d89", "value": "6144:lyYPtM6a8iUv9tki30AM0zrDYKeWS5XhC3X7FP/Lqqfhy0mZeUk4JQ1:EYPgUTkiG0PD9S5RC3X7FPmM21kiQ1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810446", "to_ids": false, "type": "size-in-bytes", "uuid": "3f7f3de9-c1bf-460f-9cad-bce0cc981ae5", "value": "253437" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810446", "to_ids": true, "type": "vhash", "uuid": "a50be58b-13e3-4845-9383-fc28afa848e7", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810446", "to_ids": false, "type": "text", "uuid": "bb2b7443-f2bc-4802-a4e6-6c2c645d0c02", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860061", "uuid": "8c1e24fb-3d97-4da1-b42e-233e3b1956ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860061", "to_ids": true, "type": "md5", "uuid": "bc97a2ee-8a99-4d0e-b70d-391b24179553", "value": "eaf225dac3524c289c8b446fd8b72d24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860061", "to_ids": true, "type": "sha1", "uuid": "ada31ae2-b303-4299-831e-a42eecd9770e", "value": "5e6b00e72c598435b96411fe8d6f04e81611ce3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860061", "to_ids": true, "type": "sha256", "uuid": "cbc16c85-7d7c-4dce-8b15-7aaed1eccd2f", "value": "e10dc9c17e2a7a722184c54c6bcc72f91eb4a370d3c0ce85309b40fc15883330", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810468", "to_ids": true, "type": "ssdeep", "uuid": "c0da10e9-6701-4a9b-8543-fae084ca97ce", "value": "12288:nfBzlIEXAJe6ANXYC3HAA+9xCDlwKdBFNTAEBjNWiZX7251UPXEYtZUawimjpwTy:nfqQ60IWxKWFNAAbX7a1NK+QC5DIY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810468", "to_ids": false, "type": "size-in-bytes", "uuid": "962251a1-f618-49bb-9b70-ce52405916f8", "value": "865083" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810468", "to_ids": true, "type": "vhash", "uuid": "36e64efa-832c-476a-bef4-314f6932c15b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810468", "to_ids": true, "type": "filename", "uuid": "6277fc9e-6950-4611-98b8-85db71174bbe", "value": "eaf225dac3524c289c8b446fd8b72d24.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810468", "to_ids": false, "type": "text", "uuid": "d0adbff7-d4c8-4aa7-800d-7fa972b80175", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860062", "uuid": "ced9e30c-69e7-4d7b-bd07-37d8896fa279", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860062", "to_ids": true, "type": "md5", "uuid": "88c393ca-bea9-4ae4-a922-fd78b5ce8123", "value": "bd7f406c90e783ea4f6687a92e60144a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860062", "to_ids": true, "type": "sha1", "uuid": "d54c7f1b-4dc1-42e1-951d-96c0a85bfc94", "value": "6a5652b3a06f5ab769f0e71eec2e799067eb9f21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860062", "to_ids": true, "type": "sha256", "uuid": "b3685496-500e-4a82-bd4d-d0bcc9399070", "value": "f05ac1f0f0da223bbaac63462ef590e021744d2f79b751abd9ad95007e30e22d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810489", "to_ids": true, "type": "ssdeep", "uuid": "f07b8d81-a3c1-4a01-854c-d0483a47c975", "value": "12288:hfBzlIEXAJe6ANXYC3HAA+9xCDlwKdK6DbOL7saiZX7251UPXEYtZUawimjpwTTt:hfqQ60IWxKROb7aUX7a1NK+QCJaL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810489", "to_ids": false, "type": "size-in-bytes", "uuid": "529086ef-2b0d-440c-9aeb-a78defcf1455", "value": "868677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810489", "to_ids": true, "type": "vhash", "uuid": "18251eab-659d-4327-8d47-650e83f3ec8a", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810489", "to_ids": true, "type": "filename", "uuid": "34a6f3d7-607e-410d-b96b-f84b6aa53f4f", "value": "bd7f406c90e783ea4f6687a92e60144a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810489", "to_ids": false, "type": "text", "uuid": "1069d647-5866-4aa7-8eb2-82130f351783", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860063", "uuid": "fd0eac66-e6c1-43e8-bada-32e45807c80d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860063", "to_ids": true, "type": "md5", "uuid": "67a94d77-47d6-4a59-b424-8a01a3b72c22", "value": "35f04a33a1f38069fb983bc1ff17eac6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860063", "to_ids": true, "type": "sha1", "uuid": "3f1e4a9e-9d99-44c4-830d-06415605cc10", "value": "3fa86998d9adc1cc696615a40add2b28fedda7c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860063", "to_ids": true, "type": "sha256", "uuid": "514d0991-d186-4f1f-89bc-7a9b81d8400d", "value": "1507931f0e3df17d22a704276625e9c5804da342e2364f3209f311ff83556222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810510", "to_ids": true, "type": "ssdeep", "uuid": "6c5de7fd-5db8-4d8a-a3c0-3c13ab35e27b", "value": "12288:BfBzlIEXAJe6ANXYC3HAA+9xCDlwKdnLFadrqlsaF3EvP4VMjuayBaEsoedUdl19:BfqQ60IWxKMFsqX3IivayBfaUd79" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810510", "to_ids": false, "type": "size-in-bytes", "uuid": "cb673ef7-1bf6-4c4a-b178-19e3f825c971", "value": "826822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810510", "to_ids": true, "type": "vhash", "uuid": "4764489c-36e2-4db6-9893-ae2342a8de1a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810510", "to_ids": true, "type": "filename", "uuid": "04a5a710-7c91-4a5c-bfba-197743d5d313", "value": "35f04a33a1f38069fb983bc1ff17eac6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810510", "to_ids": false, "type": "text", "uuid": "de0493e1-dcc4-42e0-9121-aa9cf14b3633", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860065", "uuid": "b4eb6b10-627c-483c-ade1-629441b6c917", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860064", "to_ids": true, "type": "md5", "uuid": "50cb5f02-9e46-456c-baf7-8f0c2bae64be", "value": "7a44334114f3b407fe3dbe791bf70d9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860064", "to_ids": true, "type": "sha1", "uuid": "6ef748e3-78a6-407a-8dee-4822658c4dc3", "value": "e8628a15713bdacf242cb96c310d2be7d3218e58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860065", "to_ids": true, "type": "sha256", "uuid": "36124d22-7b6b-4147-98a3-7ce5cb288399", "value": "8ea085fcca1c5ff1655cba759afdd35f6138f11b463e1d2ad8408ad327e1d4c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810532", "to_ids": true, "type": "ssdeep", "uuid": "608ac90d-7737-4787-abf4-85184916878c", "value": "12288:bfBzlIEXAJe6ANXYC3HAA+9xCDlwKd93WSuldTAzGbp4riFHZX7251UPXEYtZUaP:bfqQ60IWxK83cTAab6WX7a1NK+QCSkQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810532", "to_ids": false, "type": "size-in-bytes", "uuid": "9e2fc4de-3904-4171-9b24-f166e171f1f9", "value": "867730" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810532", "to_ids": true, "type": "vhash", "uuid": "c0e8dae2-baa6-46e4-9528-7b9dd6ea39b7", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810532", "to_ids": true, "type": "filename", "uuid": "23070867-bd1f-4980-868b-d842af83e101", "value": "7a44334114f3b407fe3dbe791bf70d9b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810532", "to_ids": false, "type": "text", "uuid": "e7a1510c-a192-4486-bf5b-56e5c655f5c1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860066", "uuid": "190a49b4-dfbc-4481-aea0-0178e3318678", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860065", "to_ids": true, "type": "md5", "uuid": "109ef24f-b0ce-4dff-a856-87cbcc10a178", "value": "71bdb374c51b1d3fcd05cf4acd42e909", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860065", "to_ids": true, "type": "sha1", "uuid": "2f625bc8-eaa1-4612-86af-c8e84950cb2c", "value": "219d5720f35912b735ed4860d3177a39a91109c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860066", "to_ids": true, "type": "sha256", "uuid": "d3191893-416e-4b8e-a172-7577544925be", "value": "e81da98f73d78a7c923fbc3822536cfa18f8da40e029775ef05d6f75817786b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810553", "to_ids": true, "type": "ssdeep", "uuid": "1489b584-b99c-4793-afe1-956b23297024", "value": "24576:8/fqQ60IWxKX52c03jSEdN9pI6VeaEelKAOdhS5TrjpMVeKb3LVj3+XOwQd:8/f1607Ko3NT9p79Eelv5Tr6b3LZ3+X+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810553", "to_ids": false, "type": "size-in-bytes", "uuid": "c9235e34-cc87-46f8-ab47-6d028823bddb", "value": "1280376" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810553", "to_ids": true, "type": "vhash", "uuid": "41a9b64c-8770-4d2e-9433-d54d92c26f63", "value": "81e2581071732de87c30ffc2a1ee9cbb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810553", "to_ids": true, "type": "filename", "uuid": "542b2000-f5e3-4896-a57c-ee3b0559bfce", "value": "71bdb374c51b1d3fcd05cf4acd42e909.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810553", "to_ids": false, "type": "text", "uuid": "468ed6d3-ab20-412d-8e78-cbcd434b091d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860067", "uuid": "0892a7f8-2ee7-47ca-9aee-ce8be20877b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860067", "to_ids": true, "type": "md5", "uuid": "0ddf4aa7-7bbd-4c09-8cbc-89ab0f6e2bab", "value": "b160ae56d5a8558964c2b3c26e8df24f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860067", "to_ids": true, "type": "sha1", "uuid": "29a415f0-2298-4788-9a5f-598e99c43a6b", "value": "3293da3dbe270604217459e50a803bf4b2a08851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860067", "to_ids": true, "type": "sha256", "uuid": "deaa046c-39cc-45b2-b407-0dedf90d14fa", "value": "fff29c6b12f811baddf4efb65389e1e4d4441573956eb8e0c08d121722f03cdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810574", "to_ids": true, "type": "ssdeep", "uuid": "9323b157-ff7a-4afc-871e-cf82bbdd5764", "value": "12288:XfBzlIEXAJe6ANXYC3HAA+9xCDlwKdM6DbOL7sa4ZX7251UPXEYtZUawimjpwTTT:XfqQ60IWxKXOb7aCX7a1NK+QCraT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810574", "to_ids": false, "type": "size-in-bytes", "uuid": "cbaff541-e8ba-47a3-95a8-6987535f88ef", "value": "868677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810574", "to_ids": true, "type": "vhash", "uuid": "790ddc8c-481a-4689-a575-2a31d2cbbd77", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810574", "to_ids": true, "type": "filename", "uuid": "e38afa09-4d24-4178-a494-35efc2bf6e89", "value": "b160ae56d5a8558964c2b3c26e8df24f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810574", "to_ids": false, "type": "text", "uuid": "353591aa-a9ec-49d4-a596-a497becd038b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860068", "uuid": "08e82091-a457-4ade-8d10-3527d6151ccb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860068", "to_ids": true, "type": "md5", "uuid": "07cededb-abf3-49a6-bf72-f8768a523856", "value": "b5761ee3f43b12b6713f29b33d3b7adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860068", "to_ids": true, "type": "sha1", "uuid": "394c2500-c68b-48c3-a7d2-5d8392bbf854", "value": "e62704c309c5ecc4c4174744eaeb78d7297af9f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860068", "to_ids": true, "type": "sha256", "uuid": "46c24ba2-4a3b-4a17-bc45-e967a20e4eae", "value": "31464fcc8b61fff45d8808c228bdf0f665aa55456ffdb235b15f8be906c9af26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810596", "to_ids": true, "type": "ssdeep", "uuid": "d43747cc-84be-4b76-86d1-6000046192b4", "value": "24576:ufqQ60IWxK/eRQZCn3vofX7a1NK+QCIsW:uf1607KH2CG1NK+QCk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810596", "to_ids": false, "type": "size-in-bytes", "uuid": "1f2d4252-4728-4d3c-87ca-11f0f321fb57", "value": "868678" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810596", "to_ids": true, "type": "vhash", "uuid": "b1ab6918-8631-4855-86ce-0509f2d396ab", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810596", "to_ids": true, "type": "filename", "uuid": "d62b75ff-b05a-418f-a152-aa5bf4c1b263", "value": "b5761ee3f43b12b6713f29b33d3b7adb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810596", "to_ids": false, "type": "text", "uuid": "8409c485-8699-4764-bf58-d4cda3ceb2cf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860069", "uuid": "a5809c56-d665-43fa-a6f5-6577441b8124", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860069", "to_ids": true, "type": "md5", "uuid": "6da303dc-d55e-40f7-869f-a062b392b860", "value": "6564f44d55bad75f94e0f8e28ffbf23c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860069", "to_ids": true, "type": "sha1", "uuid": "6cc09695-2294-48b5-82a8-68066d86446c", "value": "d7a7562902c1f933276197d8bfd0ef044cda8750", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860069", "to_ids": true, "type": "sha256", "uuid": "57aa3591-2e2d-46c0-a0af-9edab241bc23", "value": "113401f8abe6447faecdb28b139c39fffd78f57a2e71b54b3887953e1094dfbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810617", "to_ids": true, "type": "ssdeep", "uuid": "011ceedc-d036-4033-95b7-3b78b0679969", "value": "12288:mfBzlIEXAJe6ANXYC3HAA+9xCDlwKde6DbOL7saHZX7251UPXEYtZUawimjpwTTp:mfqQ60IWxK5Ob7a5X7a1NK+QCicE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810617", "to_ids": false, "type": "size-in-bytes", "uuid": "85d9fa0f-e0ad-4b82-b4c8-3af982f5ad7c", "value": "868677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810617", "to_ids": true, "type": "vhash", "uuid": "404174e4-f852-41b7-a8fc-c37fa7ba2edc", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810617", "to_ids": true, "type": "filename", "uuid": "d41b2c2f-5255-4127-a4d1-e1fd84c3ff19", "value": "6564f44d55bad75f94e0f8e28ffbf23c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810617", "to_ids": false, "type": "text", "uuid": "8ea41dbe-a259-451f-855e-30e0611ddfbf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860070", "uuid": "0356836c-5b99-49b9-9b18-3162bd9328f0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860070", "to_ids": true, "type": "md5", "uuid": "fceea5b4-1f04-475d-8244-c88d5079591d", "value": "f61e47bbf6857daddb88e6210466573b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860070", "to_ids": true, "type": "sha1", "uuid": "f9a6fed3-9232-49ac-8751-fd26b7efffa9", "value": "40a951c449db274a8dfd3e96d40723d0d4fbd464", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860070", "to_ids": true, "type": "sha256", "uuid": "4df04d98-1b42-42c9-b93d-dbe75005ee86", "value": "045c9f4b60cdec26056d89fd4322d5a1d08df1f4c59e0fd50d75fcecde8e1bcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810638", "to_ids": true, "type": "ssdeep", "uuid": "001963b8-3f66-447e-8ee7-37f57e63557a", "value": "12288:DfBzlIEXAJe6ANXYC3HAA+9xCDlwKduJrR837C1+hxBpY//ZOxG3q1qgoi9ky2PY:DfqQ60IWxK9DOCge//ZOxfJX2P2x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810638", "to_ids": false, "type": "size-in-bytes", "uuid": "f7228ffe-9ecf-4111-856e-e99159927b87", "value": "867270" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810638", "to_ids": true, "type": "vhash", "uuid": "a559d15f-db60-49b3-8c9f-964bfdd4ddec", "value": "b3e6692af0b20ffe75b307893648b19d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810638", "to_ids": true, "type": "filename", "uuid": "e2ccdf8a-d61a-43c8-9d54-44972f24d069", "value": "f61e47bbf6857daddb88e6210466573b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810638", "to_ids": false, "type": "text", "uuid": "3098603f-ceaa-4f97-8d69-2d1edd94156c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860071", "uuid": "351bea76-f7a6-404d-bd82-421a9bc200aa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860071", "to_ids": true, "type": "md5", "uuid": "3b2aa93b-d1c9-4e88-8833-804d85c7bd64", "value": "aeb37fb0afc6def8f8c55fa6e546c85a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860071", "to_ids": true, "type": "sha1", "uuid": "07bd3ce4-1082-4dcf-aee0-fb48915e8ba8", "value": "189f126e383cf99f9d33ae6ea26ff6bdfc34bba7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860071", "to_ids": true, "type": "sha256", "uuid": "4cde7045-c606-4940-a0fa-84a7377d0aef", "value": "2fbab03eb5fda327f9353eddbe0b12251a56e5562500707f0232280b6c57646a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810660", "to_ids": true, "type": "ssdeep", "uuid": "0064ad93-a94b-40d8-b658-97e1c4cad726", "value": "24576:UfqQ60IWxK99oVHLPV+75i/ZOxfJX2P2j:Uf1607KHo25i/Zyh3j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810660", "to_ids": false, "type": "size-in-bytes", "uuid": "f489ed57-f1e5-4d4e-9b15-fb9df89f443e", "value": "867271" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810660", "to_ids": true, "type": "vhash", "uuid": "09aa0d7f-d93b-4154-8045-4ddab05f46f0", "value": "b3e6692af0b20ffe75b307893648b19d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810660", "to_ids": true, "type": "filename", "uuid": "e69618ac-95d2-4bb6-bdc7-fabd46a3757a", "value": "aeb37fb0afc6def8f8c55fa6e546c85a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810660", "to_ids": false, "type": "text", "uuid": "74abd3a5-8db9-428c-a40c-75060bcf1f22", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860073", "uuid": "42d7c24e-b64b-4a25-a931-470a70ac9072", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860072", "to_ids": true, "type": "md5", "uuid": "6fdfb621-edf3-4bbc-8f05-3ff5f309bf7c", "value": "8679042ce9c2ded0cfae97ade6d8eeef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860072", "to_ids": true, "type": "sha1", "uuid": "bc9600f7-0de0-4afc-8323-cb9b8b61d2a0", "value": "5547489e1536a58aacd912401610f3cf0f73f057", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860073", "to_ids": true, "type": "sha256", "uuid": "b856afba-5b55-4e81-9290-ec9d0d5481c4", "value": "f420ad4e4f823303cf251fcc10703807c928539091059be1aec908008456d652", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810681", "to_ids": true, "type": "ssdeep", "uuid": "4116333c-a64b-4482-8d34-eabb561dfc1c", "value": "12288:FfBzlIEXAJe6ANXYC3HAA+9xCDlwKdZ6DbOL7saXZX7251UPXEYtZUawimjpwTTT:FfqQ60IWxKaOb7aJX7a1NK+QCqom" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810681", "to_ids": false, "type": "size-in-bytes", "uuid": "d4732c80-b061-44cb-a7b3-b27acdd65c2b", "value": "868677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810681", "to_ids": true, "type": "vhash", "uuid": "530af409-0f82-475e-baaf-e6910f1bb69e", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810681", "to_ids": true, "type": "filename", "uuid": "5d90a33c-e961-465f-960f-51fe05f1cfd0", "value": "8679042ce9c2ded0cfae97ade6d8eeef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810681", "to_ids": false, "type": "text", "uuid": "037dafd7-1b33-4f09-a3de-30517901a922", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860074", "uuid": "63f27304-f53f-4696-b092-ae5798826079", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860073", "to_ids": true, "type": "md5", "uuid": "05cf0670-f689-4a93-bff3-cc1b082fd0d5", "value": "a7e65206d48a08dcb805216e88e48617", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860074", "to_ids": true, "type": "sha1", "uuid": "2a406bf5-a94b-430d-aeb3-4d5e6bd2b7dd", "value": "7c65862ad51422305d64e5b70f95755e7b635159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860074", "to_ids": true, "type": "sha256", "uuid": "efe323b7-8bcf-438e-aad7-34caf8da4d3b", "value": "5f22c53e6ea7903f39b81afe7145ea9d822e07a44abdfaed9a40b42dec895f28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810702", "to_ids": true, "type": "ssdeep", "uuid": "ac553c37-c761-42fd-b5bf-a58fda012944", "value": "24576:K+fqQ60IWxKeZuc03jSEdN9pI6VeaEelKAOdhS5Tra/:K+f1607KD3NT9p79Eelv5TrS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810702", "to_ids": false, "type": "size-in-bytes", "uuid": "6a330d96-32e5-445a-b86f-0e53a061323c", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810702", "to_ids": true, "type": "vhash", "uuid": "b50bf196-5905-45dc-b367-24ff4f9a81c2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810702", "to_ids": true, "type": "filename", "uuid": "abbac4e7-0cb5-4530-983a-22ee4b6157cc", "value": "a7e65206d48a08dcb805216e88e48617.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810702", "to_ids": false, "type": "text", "uuid": "db2696b0-c874-438e-8ced-440cd5c2a7d0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860075", "uuid": "4d80339f-18b0-4973-bc3e-ef9057c1df49", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860075", "to_ids": true, "type": "md5", "uuid": "fcb16009-33b6-4fd1-bb00-e1c169c1f024", "value": "d3b0cd36830c15bdbe6d7db8424d79d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860075", "to_ids": true, "type": "sha1", "uuid": "471e6731-c736-4eea-8499-22fc499b7d55", "value": "fc342dff8e28081498b8c948d7821b7a2089e4df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860075", "to_ids": true, "type": "sha256", "uuid": "9bd1825f-fe6f-4b87-92aa-375c81e67bfe", "value": "3a2ea626ee828191640014f376b9acda2c082e4c636497b36809cf395bdce220", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810724", "to_ids": true, "type": "ssdeep", "uuid": "fb6d78fe-2cd5-4486-be21-bed0973eeefe", "value": "12288:rfBzlIEXAJe6ANXYC3HAA+9xCDlwKd8qVEJVmO+EAZX7251UPXEYtZUawimjpwTT:rfqQ60IWxKVqVs+PX7a1NK+QCKEq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810724", "to_ids": false, "type": "size-in-bytes", "uuid": "6076ecdd-2d37-4043-818a-b6d5b7f1b32e", "value": "868675" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810724", "to_ids": true, "type": "vhash", "uuid": "652d71b7-a035-4eb5-b703-38dac31efd59", "value": "4fdeddc2ffb324d0c94c573b2e071a02" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810724", "to_ids": true, "type": "filename", "uuid": "f7216fa3-4275-4aea-86ae-c5d6c24c831c", "value": "d3b0cd36830c15bdbe6d7db8424d79d6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810724", "to_ids": false, "type": "text", "uuid": "1fe5100c-0c60-43e4-bbc4-2b79901cac68", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860076", "uuid": "0db36239-a6c6-44a1-ab24-81f111e4ad4f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860076", "to_ids": true, "type": "md5", "uuid": "d22b8057-350b-47f1-942a-f5324f6435f9", "value": "f5a91f9a90af24d0911b35d71e0cd114", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860076", "to_ids": true, "type": "sha1", "uuid": "a216233f-5157-4134-8edb-b7eba96d3606", "value": "9bfc3356cc5bc6ae051fdc0e87ead53ce9c103ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860076", "to_ids": true, "type": "sha256", "uuid": "893ae99e-e125-44e7-b28d-266cc1a6a1ff", "value": "2932286c2e6be1057f9ad550d8a6c9f331d24fb8f7514dea094d59b4db7af15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810745", "to_ids": true, "type": "ssdeep", "uuid": "6fcb939f-2086-481c-bb46-ddd4889782c9", "value": "12288:tfBzlIEXAJe6ANXYC3HAA+9xCDlwKduJMdNH9nyZYY39E/ZOxG3q1qgoi9ky2P2x:tfqQ60IWxK9q9nyZ+/ZOxfJX2P2x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810745", "to_ids": false, "type": "size-in-bytes", "uuid": "3e66ced9-20b4-430a-b9b6-740d71eaeb28", "value": "867278" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810745", "to_ids": true, "type": "vhash", "uuid": "dbb7b032-a42c-4e66-adbe-402be181824f", "value": "8747e2cffd9ff515b8d62fcdf71dade9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810745", "to_ids": true, "type": "filename", "uuid": "3d7ca82e-c227-476c-997a-92db0202eb2b", "value": "f5a91f9a90af24d0911b35d71e0cd114.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810745", "to_ids": false, "type": "text", "uuid": "c265a882-fd63-4c4f-a2ba-ef8c2f858801", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860077", "uuid": "14161ac1-8558-4e38-92d1-0424f1724e18", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860077", "to_ids": true, "type": "md5", "uuid": "99e6d1cb-2aa1-496a-a571-1e7d9564dd1b", "value": "1ba8095f84e0ec85a64423e3af7c0ea8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860077", "to_ids": true, "type": "sha1", "uuid": "ae900851-c805-48f2-87d6-91dc8dfa398f", "value": "d02d102e2aca72a70144eee6eb36849a69a98d0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860077", "to_ids": true, "type": "sha256", "uuid": "71d34e27-5b99-4578-94f6-d1aa070d2d70", "value": "1c446e3c2feb59a5f193726ce510fed69c3ef99043e82bce5cad82d52d91c59d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810766", "to_ids": true, "type": "ssdeep", "uuid": "dfe0bb23-a655-4216-9034-7ef88456a7de", "value": "12288:ifBzlIEXAJe6ANXYC3HAA+9xCDlwKduJzdNH9nyZYY39d/ZOxG3q1qgoi9ky2P2o:ifqQ60IWxK9p9nyZP/ZOxfJX2P2o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810766", "to_ids": false, "type": "size-in-bytes", "uuid": "41528613-549e-4534-8034-ca1b09dbe153", "value": "867278" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810766", "to_ids": true, "type": "vhash", "uuid": "ed5b3849-4006-40d1-802e-34df572f7fe0", "value": "8747e2cffd9ff515b8d62fcdf71dade9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810766", "to_ids": true, "type": "filename", "uuid": "dee234e6-9111-4bce-9bdc-865e6c1ce61f", "value": "1ba8095f84e0ec85a64423e3af7c0ea8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810766", "to_ids": false, "type": "text", "uuid": "db4e6adf-cf6b-4beb-a679-4bb0abe01f22", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860079", "uuid": "3262423f-db2e-409f-b2c4-ca2879c712fb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860078", "to_ids": true, "type": "md5", "uuid": "090e63a0-fb51-4643-90e9-260db3c96811", "value": "c1cc642b002bc93e0f9a233460a6cadb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860078", "to_ids": true, "type": "sha1", "uuid": "b8846518-9f9f-4c3f-b593-9176dc8d9694", "value": "9cef689ca6a2614c13626e188bb574f8da432859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860079", "to_ids": true, "type": "sha256", "uuid": "75596ea5-7fe0-439d-b860-0dbd1ee9a253", "value": "56c8a68cb50d8363782b682b433a3f291978df90f161b0ca350a684ff272ad4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810788", "to_ids": true, "type": "ssdeep", "uuid": "3690f7cb-41c7-4610-accc-1764f3025928", "value": "24576:QjfqQ60IWxKBt0c03jSEdN9pI6VeaEelKAOdhS5TreD:Qjf1607Kc3NT9p79Eelv5Tr2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810788", "to_ids": false, "type": "size-in-bytes", "uuid": "47d27458-6e99-4bf6-94ee-202665bd8c2a", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810788", "to_ids": true, "type": "vhash", "uuid": "8abcea95-4c51-4a57-a522-741723324c86", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810788", "to_ids": true, "type": "filename", "uuid": "eec52ff9-c8ad-4ad9-b064-550c5124b054", "value": "c1cc642b002bc93e0f9a233460a6cadb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810788", "to_ids": false, "type": "text", "uuid": "24b3a4cf-bed8-47ec-9f12-3dd36fdf0f9b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860080", "uuid": "bcc582e6-62fe-4a66-985a-16ada663fd96", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860079", "to_ids": true, "type": "md5", "uuid": "0fe14880-caf3-4d3b-a701-9fd3265df4d3", "value": "0a415c08b2eea435ccc9827882a35ecd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860080", "to_ids": true, "type": "sha1", "uuid": "01df667b-90c4-460c-a55d-61e6fb0cb6da", "value": "16e4479fae035d679761efe8e8e6ea94e12184b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860080", "to_ids": true, "type": "sha256", "uuid": "8780924b-8cfb-48a9-b66a-f8fb9caa351d", "value": "36c4c1316bd3cfd59157474729bea49df8caf49cc189942876edd5cc4d209602", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810809", "to_ids": true, "type": "ssdeep", "uuid": "0b0021d8-9033-4338-940a-da9ee47714cb", "value": "49152:Ujf7jiWtq2E2xRwlvMKZmf1607Kb3NT9p79Eelv5Tr4:sf7/84IboI08Lp5Ekvx4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810809", "to_ids": false, "type": "size-in-bytes", "uuid": "f2514f44-10a6-471a-91d0-e1a315836bb9", "value": "1745895" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810809", "to_ids": true, "type": "vhash", "uuid": "78c862f7-c9ff-4cf1-a991-fabf9bc3d739", "value": "9c0ce85e324a169580f4a495a1d6aafe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810809", "to_ids": true, "type": "filename", "uuid": "10e69de7-3e18-4eaf-8025-fff3da19db48", "value": "0a415c08b2eea435ccc9827882a35ecd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810809", "to_ids": false, "type": "text", "uuid": "03e165ab-e450-4465-a197-9cd024b9a632", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860081", "uuid": "ed224a95-a2b0-4d87-81af-13a308b0ead3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860080", "to_ids": true, "type": "md5", "uuid": "28785c81-6c6f-4b8b-957a-b316e07af196", "value": "d003b8f2b9d9f7d301b3955dcfc394f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860081", "to_ids": true, "type": "sha1", "uuid": "9ebe352e-f7e0-4425-bd74-60e90a8f5166", "value": "9f2adc96a3c95d082af25b7b38fc2205c3048c81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860081", "to_ids": true, "type": "sha256", "uuid": "f5730131-0e8d-4244-9173-4f14fb4ee6da", "value": "ed7cc1620ad2e171e9b1346708f40f99c7b247ac4dc0d2e5c74eebc6f34f41e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810830", "to_ids": true, "type": "ssdeep", "uuid": "97619848-3a76-4d09-a3c9-e3fad206c556", "value": "98304:LUI0sHjsBUenO9B2QfdFLeLMoJobY8vMGB9B7t2V3q5vBFgrr3igOWiUss0:CjO/xdBSMoJRw/sV3IBFKWgO4ss0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810830", "to_ids": false, "type": "size-in-bytes", "uuid": "fda84f7a-8e07-451b-a128-9f5cca26a61d", "value": "6333116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810830", "to_ids": true, "type": "vhash", "uuid": "ed0bd082-58aa-4968-adb4-f058f1b68352", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810830", "to_ids": true, "type": "filename", "uuid": "eddd0553-61c4-4f5e-828f-72cda0416e65", "value": "d003b8f2b9d9f7d301b3955dcfc394f9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810830", "to_ids": false, "type": "text", "uuid": "e8836f7b-5ba6-49ef-8401-8ff6f016010a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860082", "uuid": "b25f6363-b90d-4c82-b931-7120609fa66a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860082", "to_ids": true, "type": "md5", "uuid": "ccbfee71-84d2-4065-ac7f-34aafde0de7f", "value": "ba8f7346f3165ebbf1c7c7ae048cdee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860082", "to_ids": true, "type": "sha1", "uuid": "29ac8e63-0732-4f61-a591-bd62d18a693e", "value": "3425ab4f83344ebea5e729ef4fdf85376af73fea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860082", "to_ids": true, "type": "sha256", "uuid": "46d1fb96-3e23-4e10-b486-4e936daa7133", "value": "97132959215902bf4821c8c3677d62d72fdc9da41f99e8062a2d121381b482c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810851", "to_ids": true, "type": "ssdeep", "uuid": "17fc7864-846c-4297-a966-b46bad3401bc", "value": "98304:vBI0OXRsBUe1P9BxQfdFScoMoJObYrvIrv9B7t3DT0yBHlgsLFTbY5Era00GT5wh:9ZP/CdojMoJiD/VDTbzhk00GTqqaKs1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810851", "to_ids": false, "type": "size-in-bytes", "uuid": "5807bd17-7cdc-4648-8ed0-5e034cf52320", "value": "6333121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810851", "to_ids": true, "type": "vhash", "uuid": "d121938c-221e-4f00-9505-939e20eb4b28", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810851", "to_ids": true, "type": "filename", "uuid": "fab81104-95c9-4df7-83c6-e136ff3b13cf", "value": "ba8f7346f3165ebbf1c7c7ae048cdee1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810851", "to_ids": false, "type": "text", "uuid": "840ee5d6-c131-4af6-b960-fa98be29c494", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860083", "uuid": "0edeab82-268b-4dcd-b45b-b6dae149d6cf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860083", "to_ids": true, "type": "md5", "uuid": "89bfe3bb-b131-4961-af2d-103c68a6391a", "value": "7fe08a3badec1498779f7f70afaa7395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860083", "to_ids": true, "type": "sha1", "uuid": "c213b7ba-597c-48e2-9bdb-f3a433e4f612", "value": "d9ad63102be4279b49987826730ac87190e184d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860083", "to_ids": true, "type": "sha256", "uuid": "7dbaabbe-f314-4fce-a57f-68a414df9408", "value": "66f44389eab4b54ca3b2c0694dd55d479d99be51570555c87bc95e10c2be846d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810873", "to_ids": true, "type": "ssdeep", "uuid": "69c43105-06bd-4f7a-b239-c50471151765", "value": "98304:v16mU8+N5CNTurg+NsIwXw4b7szIP1MKBMLI0MLp5Ekvxy:vf45CN6rgeiXw4HszKDeXKpzZy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810873", "to_ids": false, "type": "size-in-bytes", "uuid": "93edc97a-ce58-4d7c-98d5-172898ef9f30", "value": "4200850" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810873", "to_ids": true, "type": "vhash", "uuid": "dcd9061c-16aa-4ba1-a906-c63b2cf32b87", "value": "9c0ce85e324a169580f4a495a1d6aafe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810873", "to_ids": true, "type": "filename", "uuid": "e7574dcf-0724-4a06-8429-ee85b86443bd", "value": "7fe08a3badec1498779f7f70afaa7395.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810873", "to_ids": false, "type": "text", "uuid": "4419cb8e-1f27-42a8-9372-1d8af2b86ea9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860084", "uuid": "f2d8bf4c-580b-4a23-931e-4569af339672", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860084", "to_ids": true, "type": "md5", "uuid": "c59ed905-00f3-4e83-ba9a-71e0dd36c96e", "value": "e086a5e10ef3df53a8f295ec624585c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860084", "to_ids": true, "type": "sha1", "uuid": "f78a3974-3bff-469f-9d14-644b731bb8cb", "value": "3a6b00b5a6549cb5dcc4180162d07b242f0263f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860084", "to_ids": true, "type": "sha256", "uuid": "05dc5b1c-4c41-4c55-8620-3a60b5296910", "value": "4f768083f3e2be455a9a3bd7bb30e5429a9de7bfeb06a546289dce19f61646e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810894", "to_ids": true, "type": "ssdeep", "uuid": "749c0cbb-4474-4ef4-b9fd-980247431e1f", "value": "12288:ffBzlIEXAJe6ANXYC3HAA+9xCDlwKd4LRjsxSHpHhlJeBi36MQA6p+MSq6UaUe0z:ffqQ60IWxKXRuSJBDeBARQDAk6UaU7z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810894", "to_ids": false, "type": "size-in-bytes", "uuid": "e6c92aed-963a-459b-af41-04159c44a2d3", "value": "826821" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810894", "to_ids": true, "type": "vhash", "uuid": "d90c8b2a-799c-415d-bcab-758501f8c475", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810894", "to_ids": true, "type": "filename", "uuid": "55971fc2-bee7-4f03-aff0-133708c29131", "value": "e086a5e10ef3df53a8f295ec624585c1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810894", "to_ids": false, "type": "text", "uuid": "d9ad1a30-f410-4b42-8386-034aa3d66b40", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860085", "uuid": "ac4466c2-5624-4e6a-8dc9-a2a1baac5746", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860085", "to_ids": true, "type": "md5", "uuid": "b3c35317-a389-4c24-893b-c28a20a2fdde", "value": "8ae8eea3086c1ec26b10bab84838d382", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860085", "to_ids": true, "type": "sha1", "uuid": "b4b608d3-e97d-4914-9b3e-4c7a5f6a968d", "value": "0db79d01baaf504b7eb9cafead361a3dd268a55b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860085", "to_ids": true, "type": "sha256", "uuid": "77633828-e658-42f0-99c5-0a0654f0961d", "value": "f432d76b8deca4a5c041ab36aeaf00db050c576317e5c495e6c94ba90d7cd6c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810915", "to_ids": true, "type": "ssdeep", "uuid": "3dd6dc81-e025-4594-8dc7-91e1eb792286", "value": "24576:KdfqQ60IWxKPBqc03jSEdN9pI6VeaEelKAOdhS5Tr0d:Kdf1607KE3NT9p79Eelv5TrC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810915", "to_ids": false, "type": "size-in-bytes", "uuid": "46bd6af0-83e8-4fbf-a0e9-deeee4f1020d", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810915", "to_ids": true, "type": "vhash", "uuid": "06c701ed-82a0-4212-86ae-561347f133c9", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810915", "to_ids": true, "type": "filename", "uuid": "e55ef0b2-666f-47b6-8bf1-0ec0f363c0cf", "value": "8ae8eea3086c1ec26b10bab84838d382.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810915", "to_ids": false, "type": "text", "uuid": "c62065b7-3fe2-4064-8ce5-f98d7f96d227", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860087", "uuid": "2a23cd71-eff4-4d27-8e4a-b79f29a9d222", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860086", "to_ids": true, "type": "md5", "uuid": "ea441fca-83d8-4793-94dd-5ac951d0defe", "value": "7ee10a6fc5bc804ede476df25328a277", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860086", "to_ids": true, "type": "sha1", "uuid": "6895a4b9-c5c3-4473-bcf0-f11aacc9c241", "value": "bae16b682774aad941572ff0e1c55100b4a8b6bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860087", "to_ids": true, "type": "sha256", "uuid": "df60d1b2-29a8-40c2-9369-937eec5b7825", "value": "7d554866491b3f997814bd5032cc0e2c18a4a5464b75758231da2ee4596b8781", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810937", "to_ids": true, "type": "ssdeep", "uuid": "96e135d5-d09f-40b5-9a1c-12203ee9c52e", "value": "49152:Ijf7jiWtq2E2xRwlvMKZff1607Ko3NT9p79Eelv5Try:gf7/84IbhI0fLp5Ekvxy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810937", "to_ids": false, "type": "size-in-bytes", "uuid": "71ad508e-0a9d-4331-a8fa-ab4d922a097e", "value": "1745895" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810937", "to_ids": true, "type": "vhash", "uuid": "7a4e517e-c8fa-4c7b-bbf8-eabf71c586cc", "value": "9c0ce85e324a169580f4a495a1d6aafe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810937", "to_ids": true, "type": "filename", "uuid": "0f08dc79-68e9-47a7-8f71-669292e3d554", "value": "7ee10a6fc5bc804ede476df25328a277.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810937", "to_ids": false, "type": "text", "uuid": "6d6436a1-af37-4a0d-948e-3fd8f3916f73", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860088", "uuid": "16b75142-c0d6-4078-9a72-67bf9c84ea89", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860087", "to_ids": true, "type": "md5", "uuid": "ef5f2f2f-3d24-460b-9020-c3a966a26e5c", "value": "7421a8193772d3de54bada25b8c53531", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860088", "to_ids": true, "type": "sha1", "uuid": "69e56a3b-0e83-4eaa-aa8a-d8e8d0ea30f1", "value": "5a0f27c9e0344a256c4eb40d89cd59da913d4b96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860088", "to_ids": true, "type": "sha256", "uuid": "1f7481ea-1837-44e4-9d16-4413006d5458", "value": "1057f7fa9712577df53c03ab973090c446182bd4d208032888395a0f24c68aac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810958", "to_ids": true, "type": "ssdeep", "uuid": "b0964acd-862f-4428-a196-d4d8db22c1e1", "value": "6144:ZLshv/XDXSw4fkJDahYF/STtZuElEasK5b81q:ZLsNXhEk8LTVyas3o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810958", "to_ids": false, "type": "size-in-bytes", "uuid": "022b6f8e-1010-4b5a-a770-b7b4addfb23a", "value": "242577" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810958", "to_ids": true, "type": "vhash", "uuid": "0369e66c-a0f2-4de5-8763-a59cd411ab0f", "value": "2e2222cff9e5ce3467f040d4d1c229fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810958", "to_ids": true, "type": "filename", "uuid": "94ed4c79-8c8c-43a8-84f4-c4fa02c4bba3", "value": "7421a8193772d3de54bada25b8c53531.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810958", "to_ids": false, "type": "text", "uuid": "26af96c1-1f2d-4884-a51f-80ca33e20458", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860089", "uuid": "fc42c80b-5828-47c8-a4c2-516be355e732", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860089", "to_ids": true, "type": "md5", "uuid": "ef9501c5-d805-4a9e-b258-d90df212e12d", "value": "e426ab678649344ca3337d01c92b51a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860089", "to_ids": true, "type": "sha1", "uuid": "ab79d87b-69c0-486e-a907-af6839ebb02e", "value": "8ed133700cffe3c88e2f512f73a0ea7e17dd250f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860089", "to_ids": true, "type": "sha256", "uuid": "fb75e9a8-ef34-444d-bb0b-6605297daef8", "value": "b9f7ef694cfa25e7030b620429fc64f7fe593057ec22576007d5a23f806f5e88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740810979", "to_ids": true, "type": "ssdeep", "uuid": "e1cdccbc-32de-44ff-bbff-9cc4f9f856fa", "value": "6144:4gDen0CbR3JslOkcoiekN7UeCKcYnkhE4dit+WBJe0gJ67F:m0C5BkTC4e2i4di89M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740810979", "to_ids": false, "type": "size-in-bytes", "uuid": "43d37b76-6daf-4fd7-a2ba-d775501acd0c", "value": "331168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740810979", "to_ids": true, "type": "vhash", "uuid": "96088020-4f32-4853-81f7-bd6649f6b2d9", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740810979", "to_ids": true, "type": "filename", "uuid": "43f4d053-5bbd-4307-ae5f-db9e742b7521", "value": "e426ab678649344ca3337d01c92b51a4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740810979", "to_ids": false, "type": "text", "uuid": "86096fcb-3a77-4248-a004-b6862866ac9f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860090", "uuid": "a1c0154a-b67a-4af3-b4b6-d62a9b119e92", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860090", "to_ids": true, "type": "md5", "uuid": "8e9d57e2-fd3a-4f97-84bd-5eb35e24c458", "value": "2717802f2f98344760c0b4ccb63b39e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860090", "to_ids": true, "type": "sha1", "uuid": "1f348d59-078d-4d84-b2ea-f367d0a89310", "value": "a25737c1cfd7cf73aa2d2e04689b90dfdc78383e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860090", "to_ids": true, "type": "sha256", "uuid": "53ca32f6-d619-4bb0-a5e2-7fcf193ffa52", "value": "01cdcc3ab78da953dc42dfe21cca36a6e3e4a3aba5c2778c63e9ed660a353f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811001", "to_ids": true, "type": "ssdeep", "uuid": "44b4f334-dfa8-496d-a908-5c37b35b3691", "value": "98304:KhI0UMtsBUtSf9BiQfdFaHJMcJbbYCv4YZ9BfteMTa2UF5WG/BzrNT4cA/fCSa/C:awf/VdcpMcJsy/sMT1U5t3sF/fCSlZsA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811001", "to_ids": false, "type": "size-in-bytes", "uuid": "abf5ba0c-5b55-416f-987c-55d9806d8bad", "value": "6332638" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811001", "to_ids": true, "type": "vhash", "uuid": "4ca0cc4c-7fc9-4ff4-b61e-e6fc0398d0c8", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811001", "to_ids": true, "type": "filename", "uuid": "5f7ab26b-4813-4068-9c13-2ccad81c9242", "value": "2717802f2f98344760c0b4ccb63b39e3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811001", "to_ids": false, "type": "text", "uuid": "f49a9189-8b06-4662-a66a-c119a1360384", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860091", "uuid": "237b4ce3-9dc8-4266-b980-1b766b9e7dff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860091", "to_ids": true, "type": "md5", "uuid": "251d5874-8076-4ec9-ab47-fbfca4cd0c66", "value": "746d5a3396dc2b8d548d6f9fa69aa712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860091", "to_ids": true, "type": "sha1", "uuid": "51f77cdc-817f-4107-bf31-37a8cfe4a35c", "value": "93f89717f875cf43388e3dc822bac62c7952671e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860091", "to_ids": true, "type": "sha256", "uuid": "87aa8a2f-f458-46de-b2ae-bafe6b6f9495", "value": "7255aa0ebc23f503fcbe9e8def93cadd58917bfbb9e042378e3b0ef2343d22bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811022", "to_ids": true, "type": "ssdeep", "uuid": "0b6b1ab6-689f-4dc4-a70f-b377b092781a", "value": "98304:6rI0hqEsBUTWT9BlQfdFaVbMCJxbY2vwRE9BvtqRXAAS8xFwszp5GfRcFUnsz:IQT/ed09MCJi+/ARXDwYGfRRnsz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811022", "to_ids": false, "type": "size-in-bytes", "uuid": "7a9eb65b-967c-4d75-ad72-46522d38680e", "value": "6333138" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811022", "to_ids": true, "type": "vhash", "uuid": "8f8055fc-031f-4a86-b4fa-01f7e851cef2", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811022", "to_ids": true, "type": "filename", "uuid": "e3ad3a3f-bd00-4d61-a973-c699ff206326", "value": "746d5a3396dc2b8d548d6f9fa69aa712.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811022", "to_ids": false, "type": "text", "uuid": "aa3c7ce3-2293-4743-afec-31b562d44eda", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860092", "uuid": "56b7c516-dc54-45fa-be68-a2606c64a837", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860092", "to_ids": true, "type": "md5", "uuid": "b730c284-a85f-42f3-b9df-9ca4ecf0465d", "value": "74d375d89e2a60f4836abab8ea86dc6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860092", "to_ids": true, "type": "sha1", "uuid": "0e651f4b-339f-44d2-9da8-9f93588ac589", "value": "6bf3e5a05481770bf91785d93d682f93caafd0c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860092", "to_ids": true, "type": "sha256", "uuid": "e456faef-4e5f-4db0-aa71-7eef04c59bfc", "value": "1f337891d273fc1ad511ca8645f9041cf2bce7747d09a15d267730e94f85eb1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811043", "to_ids": true, "type": "ssdeep", "uuid": "fb0e0dde-f8db-4e89-8e6a-f62aeca49f81", "value": "98304:ahI0sU1sBUtSf9BOQfdFavJMcJbbYCv4YZ9BftegPzR5za+C/UZs0:Kof/pdcBMcJsy/sgPK0Zs0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811043", "to_ids": false, "type": "size-in-bytes", "uuid": "9fc4a2ad-e6c2-4a18-a48b-8780356a7b18", "value": "6332597" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811043", "to_ids": true, "type": "vhash", "uuid": "bc926c08-1745-4582-8ba9-cf95b08e90af", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811043", "to_ids": true, "type": "filename", "uuid": "285cdb5b-e4b6-4afc-a11b-9fabd112fae9", "value": "74d375d89e2a60f4836abab8ea86dc6d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811043", "to_ids": false, "type": "text", "uuid": "388a5a2b-676a-4482-a2dd-359890ae1a0b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860093", "uuid": "6520af6a-ca48-490a-878b-71413e0e10ae", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860093", "to_ids": true, "type": "md5", "uuid": "e040a027-f2b4-4f8c-927d-03ad2e7dc07a", "value": "2a3f2e2179f149bc8f8f3aed56d16dce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860093", "to_ids": true, "type": "sha1", "uuid": "e52140ab-863c-428c-80c3-d1d349335baa", "value": "9f387b3ff244bee89737c87937aca10306bebb47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860093", "to_ids": true, "type": "sha256", "uuid": "251029c2-dc98-4bce-b84a-c46ae80f278c", "value": "8d2aeb03e73a0efc98308ed8be45c93b00613db2944ca6992618f65ca5fca3cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811065", "to_ids": true, "type": "ssdeep", "uuid": "67df4e63-3927-4aa9-b69c-44da6f5b5fe6", "value": "98304:K3I0VfpsBUDex9BDQfdFlTnMgJ7bYov8+N9BbtbhHpOVZ5Q+8RUbsr:Q8x/8dD7MgJGk/RhHmzZbsr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811065", "to_ids": false, "type": "size-in-bytes", "uuid": "1a595f5f-325d-4333-a1f6-847b646cf321", "value": "6332697" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811065", "to_ids": true, "type": "vhash", "uuid": "a80e5e21-7b9b-4e93-9466-b5a8a9713f79", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811065", "to_ids": true, "type": "filename", "uuid": "6d2268fd-8454-4c0f-a6c3-eea91ec8f653", "value": "2a3f2e2179f149bc8f8f3aed56d16dce.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811065", "to_ids": false, "type": "text", "uuid": "22896265-4c3d-4f22-aa43-f685fc606bf6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860094", "uuid": "471cb77e-66ec-45bc-aab7-2856ca1797dc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860094", "to_ids": true, "type": "md5", "uuid": "25055ebb-454a-4df2-8cbc-849261ec4ba3", "value": "16a9ac1bb97f5a24b83d8e828573503f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860094", "to_ids": true, "type": "sha1", "uuid": "90cc6f3f-13ac-41fa-b4d1-4e06f10f17ae", "value": "5c623198c87644409739b8c23901212f4a2dba99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860094", "to_ids": true, "type": "sha256", "uuid": "786d4f82-73d4-40ce-9227-904b01d90cc0", "value": "505143772bf0ebd0a23cf8d559828927b1105cacc2893fc3dcc5753b7872c33f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811086", "to_ids": true, "type": "ssdeep", "uuid": "65dfee71-d85e-4b09-8bcc-07e699a9b96b", "value": "12288:vfBzlIEXAJe6ANXYC3HAA+9xCDlwKdPLp24zR9l25gZSXYYFO09tUG7f1HJjG1Kr:vfqQ60IWxKopXd9lKKSXYYI0EM9BXQJg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811086", "to_ids": false, "type": "size-in-bytes", "uuid": "5d34cd3e-213c-4aae-9122-409c8c94bb51", "value": "826179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811086", "to_ids": true, "type": "vhash", "uuid": "bd9cbad2-108a-4611-869c-32b0a123860e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811086", "to_ids": true, "type": "filename", "uuid": "73f0c909-5e01-48ed-8f9a-6c482b5267cc", "value": "16a9ac1bb97f5a24b83d8e828573503f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811086", "to_ids": false, "type": "text", "uuid": "7ee03229-d377-4cdd-86b1-e8f1cdaf476d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860095", "uuid": "0e0e6cbd-9ba6-4285-abf2-4e2e5a62d653", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860095", "to_ids": true, "type": "md5", "uuid": "e44ee99b-71a3-4e19-b78d-eeaf9dc1ec26", "value": "7b1e4b224973a283428055847590e410", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860095", "to_ids": true, "type": "sha1", "uuid": "8d4cfbb2-6347-4cc7-ac0f-06e0c55213e9", "value": "6d755a23e6c32111e57b9a6d8bd256115165c7af", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860095", "to_ids": true, "type": "sha256", "uuid": "1c06a856-4f58-40c1-9a22-6fa495b0215a", "value": "b0f858b8aa9d5ba29d797edcfaad4b97540750173816e062b67bd6e57633eaaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811107", "to_ids": true, "type": "ssdeep", "uuid": "86af3103-a03c-420e-afa2-49aebf9f0985", "value": "12288:jwU+Pl8NwseS8YtAj1ttJ/5uqofFYwcft8d0+H3l1nIhxtWi3ZpyoQB:j08qagrIqMYwcl8dv11kxQN7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811107", "to_ids": false, "type": "size-in-bytes", "uuid": "f2191995-0099-4cc5-afdd-62b01990de5b", "value": "604839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811107", "to_ids": true, "type": "vhash", "uuid": "6f42dea5-7d13-4950-82bb-6794a653ae34", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811107", "to_ids": true, "type": "filename", "uuid": "0d291305-944c-47ab-b3c6-748208ce7edc", "value": "7b1e4b224973a283428055847590e410.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811107", "to_ids": false, "type": "text", "uuid": "99ee0af7-eb48-41a4-ae5e-4c4d319521fc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860097", "uuid": "aa749acd-2757-4478-8cba-9e2e43109172", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860097", "to_ids": true, "type": "md5", "uuid": "7eedd422-ac72-4521-b0df-eddec7b22c9f", "value": "5834665ed7d3c90c4bc89fb33eb121d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860097", "to_ids": true, "type": "sha1", "uuid": "8f1346f8-80de-497d-818d-fb03df0a7e7f", "value": "f00dd167f2806bfcf72173d35626f43ff48729b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860097", "to_ids": true, "type": "sha256", "uuid": "6bb6f00e-1ba4-4210-9002-e2d01d5a08c0", "value": "3c25e4fe1b57bc2804e76e3ab6f168119610d22bb2a5cd2b21ba1bd7dbf7f280", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811128", "to_ids": true, "type": "ssdeep", "uuid": "d42eb016-51d2-4e28-b03f-396d8760c3fc", "value": "12288:bfBzlIEXAJe6ANXYC3HAA+9xCDlwKdCLV5n3mlP7aSfrc3w9+W944YtDrC8pRgMz:bfqQ60IWxKFVQlP/rgwv+F/gMz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811128", "to_ids": false, "type": "size-in-bytes", "uuid": "ff3d657f-c763-474b-b39b-780d398d233c", "value": "826215" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811128", "to_ids": true, "type": "vhash", "uuid": "6398cbd9-5bc5-4e31-a232-f3bdf96358d2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811128", "to_ids": true, "type": "filename", "uuid": "b379580e-eb43-4b8c-aa58-18be3cfc04a8", "value": "5834665ed7d3c90c4bc89fb33eb121d2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811128", "to_ids": false, "type": "text", "uuid": "3693c84f-72a7-418c-9446-0b1c00d50c13", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860098", "uuid": "e876c7f1-3e47-4dd5-b616-0ddb386c4bac", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860098", "to_ids": true, "type": "md5", "uuid": "0d8bee18-2b90-4e19-bf1a-9132f8268a15", "value": "d85f113d1aea870bcaa418c7b051c52f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860098", "to_ids": true, "type": "sha1", "uuid": "a71561b6-4923-44fb-a3f9-35159ffbc9d5", "value": "4b65241851ae09d427d693d0167db55576a9cfa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860098", "to_ids": true, "type": "sha256", "uuid": "4a4f739b-21ee-49f8-8437-f9848326e957", "value": "00013e39079f820cc8010fa9b6deb57290b6bee75365dfbe36b9348052760d08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811150", "to_ids": true, "type": "ssdeep", "uuid": "2d7202c6-24f6-463d-b48a-4f11f360bc61", "value": "12288:WfBzlIEXAJe6ANXYC3HAA+9xCDlwKdPLdKlINJ5YnyyzN2oeMIA1YyP7UaUe0N:WfqQ60IWxKQdZNJ6nD2oEAPP7UaU7N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811150", "to_ids": false, "type": "size-in-bytes", "uuid": "e1068705-c03e-4996-bee4-85acddbd9d4d", "value": "826822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811150", "to_ids": true, "type": "vhash", "uuid": "5a79ac40-e848-461f-b326-cc4f4bdf6cf6", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811150", "to_ids": true, "type": "filename", "uuid": "5c279037-e663-4c4b-b061-1b6075f09723", "value": "00013E39079F820CC8010FA9B6DEB57290B6BEE75365DFBE36B9348052760D08.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811150", "to_ids": false, "type": "text", "uuid": "70392fbf-1f46-46aa-b9d8-ff973722d236", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860099", "uuid": "1e2b9e09-56e2-47d8-a746-19ced232b73d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860099", "to_ids": true, "type": "md5", "uuid": "be2e7353-c15c-476f-bfcf-991330859170", "value": "3c67b21708ed16d6d352f41c6ddf81b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860099", "to_ids": true, "type": "sha1", "uuid": "d3955011-4d1e-46b2-a7b1-755126a49196", "value": "779fe3b66faa4d570bfed61d6117ef0b8fb1d388", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860099", "to_ids": true, "type": "sha256", "uuid": "2bfcf7e0-e393-4bcf-a537-f5cee33129b0", "value": "e24a47fb1be061fc5c864069ab1ed9d091e5b0e7a03d6e56eb6ab624fd779de5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811171", "to_ids": true, "type": "ssdeep", "uuid": "2cb2f34c-48ca-4a8b-a525-912224554bf9", "value": "12288:VfBzlIEXAJe6ANXYC3HAA+9xCDlwKdDLhKqzR9l25gZSXYYFO09tUG7f1HJjG1Kf:VfqQ60IWxKohxd9lKKSXYYI0EM9BXQ3+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811171", "to_ids": false, "type": "size-in-bytes", "uuid": "dce2699d-51a5-4340-85ea-f502bbe12951", "value": "826179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811171", "to_ids": true, "type": "vhash", "uuid": "401a162f-4d86-4a52-b41e-71dedef0d19d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811171", "to_ids": true, "type": "filename", "uuid": "fd159761-5aa4-4b14-9649-a3fa8a3969ed", "value": "3c67b21708ed16d6d352f41c6ddf81b1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811171", "to_ids": false, "type": "text", "uuid": "41612957-cfca-47df-ba1c-c1ec22156f86", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860100", "uuid": "44409730-3303-4d1f-809a-76b31948114d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860100", "to_ids": true, "type": "md5", "uuid": "9c014779-6a4e-451c-a013-f96ef76d3ce1", "value": "10cf9a35a8cb5aeaf4765a3f31ea6ec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860100", "to_ids": true, "type": "sha1", "uuid": "57f55896-b254-48e2-904c-f40106a8f76e", "value": "2f520d5cb1ed3320daaab549710cfe330e4b7ebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860100", "to_ids": true, "type": "sha256", "uuid": "c7e1d5fb-3b16-4376-89da-456adbf877c0", "value": "f683135acc3c72ec6a40f19a8f996754a57abf0c763c5b0d74e988ac59f137ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811193", "to_ids": true, "type": "ssdeep", "uuid": "1f8aada4-6525-4e0a-ba24-2d2640ab28e4", "value": "12288:lfBzlIEXAJe6ANXYC3HAA+9xCDlwKd1LVUHzR9l25gZSXYYFO09tUG7f1HJjG1K+:lfqQ60IWxKCV2d9lKKSXYYI0EM9BXQNh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811193", "to_ids": false, "type": "size-in-bytes", "uuid": "5637874c-8f84-4eb3-b552-e1ad99d04cb9", "value": "826179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811193", "to_ids": true, "type": "vhash", "uuid": "57b203aa-ea38-4958-b754-314f25558087", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811193", "to_ids": true, "type": "filename", "uuid": "41b5b5a1-0330-4be2-bbad-c1d616c691e8", "value": "10cf9a35a8cb5aeaf4765a3f31ea6ec2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811193", "to_ids": false, "type": "text", "uuid": "f2962f8f-e72b-4d1e-9aa3-e2297a8ad9fe", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860101", "uuid": "fdcd1da2-9965-44d9-91b8-4783183f864e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860101", "to_ids": true, "type": "md5", "uuid": "58a58ccf-37fd-4a85-9bbd-587adb128b7a", "value": "162e56c4f71287f25211322b0714de91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860101", "to_ids": true, "type": "sha1", "uuid": "eba8791c-6a1f-45b7-91cd-1572738cb63f", "value": "94399830d7b05ab0274c0807425b868c73b85875", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860101", "to_ids": true, "type": "sha256", "uuid": "8a111782-8f92-46c1-b0af-b41b54fb40cd", "value": "410a86557f8c9ac35129469df368d1c20191c16f1f4ba2a739432a7f4a84cc5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811214", "to_ids": true, "type": "ssdeep", "uuid": "1de33047-6540-4dc4-9401-d28cdcd7442e", "value": "98304:+iI054LsBUsUW9BzQfdFrITMQJLbYovoqt9BHtzm+wYxihW6dn4KcDXc1LbBU7sb:TMW/sdJwMQJmM/Vm+wYw23zt7sb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811214", "to_ids": false, "type": "size-in-bytes", "uuid": "b5fd9298-9ac0-4562-a3c8-04da60937053", "value": "6332774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811214", "to_ids": true, "type": "vhash", "uuid": "aa2c2d06-a292-4312-b739-ea4022b4e761", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811214", "to_ids": true, "type": "filename", "uuid": "68442d0a-5aca-468b-a09b-2e7fd26c594b", "value": "162e56c4f71287f25211322b0714de91.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811214", "to_ids": false, "type": "text", "uuid": "19280db7-c57d-4e95-a15b-1d20b2c2c9a7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860103", "uuid": "fcd850f6-f983-46c4-9fbc-14f9c6db344f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860102", "to_ids": true, "type": "md5", "uuid": "be3f611a-0378-4fa0-a819-d7753e352dd1", "value": "dd0b5fe2eb02825ade54d97bf1671560", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860103", "to_ids": true, "type": "sha1", "uuid": "7058e9c9-7bb2-4e98-8285-fb2829c8a822", "value": "604032ed7cf8d3e53eb089001c80943d1c52e4a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860103", "to_ids": true, "type": "sha256", "uuid": "0c04bc16-b2d4-4f8c-a8c1-fd5c3a90285b", "value": "5956a2cb7cce052f39ba982b253eb67f6a13721bceba554ac7bfbdf3dbe71d0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811236", "to_ids": true, "type": "ssdeep", "uuid": "183c8918-a23c-4a91-a1f5-eea137d75ad5", "value": "12288:vfBzlIEXAJe6ANXYC3HAA+9xCDlwKdMLtjsEv2Jj7odQWOXcAEP+qFA1c/Qn0zU:vfqQ60IWxKjtAEuR7oSWOpo+qe1xnyU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811236", "to_ids": false, "type": "size-in-bytes", "uuid": "f5b190e4-8da1-40c7-a1d0-4952ee6e4049", "value": "826193" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811236", "to_ids": true, "type": "vhash", "uuid": "539a6159-6b81-48e5-9305-e7942dcfaba0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811236", "to_ids": true, "type": "filename", "uuid": "84640d5a-3700-44fb-a7f1-9638d000dd1f", "value": "dd0b5fe2eb02825ade54d97bf1671560.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811236", "to_ids": false, "type": "text", "uuid": "9106bc60-87a8-457f-bc57-bf1f3274fb02", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860104", "uuid": "e94ea566-6568-4502-9ef2-bd3d32d1b114", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860103", "to_ids": true, "type": "md5", "uuid": "56fcf416-ea04-4dc3-90d3-ece5fcb7aba4", "value": "b4e12d9d0a4976fe8d41d267b6bb1745", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860104", "to_ids": true, "type": "sha1", "uuid": "ceed2d16-d8ab-4427-839f-d869056b0e51", "value": "269c0b920a69218a5eb8af7544bc93c2d9e3f3bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860104", "to_ids": true, "type": "sha256", "uuid": "9ff6fcce-fd98-488a-9ca0-e086539de2d5", "value": "40cbddd1e981c978b731d3374068a581badc4bc291325731dffeeec780a72d96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811257", "to_ids": true, "type": "ssdeep", "uuid": "a0f7c1ae-0adc-4a24-8d59-c4551c2b2e93", "value": "12288:FfBzlIEXAJe6ANXYC3HAA+9xCDlwKd0L1ff+gdUKaPRB1l7ROotbxIFURe/WL5ax:FfqQ60IWxKP1H/5aPRBAg1IFAYWLNQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811257", "to_ids": false, "type": "size-in-bytes", "uuid": "49e23eb9-aec6-48b3-92a7-b461a3cc16cc", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811257", "to_ids": true, "type": "vhash", "uuid": "5c67eecc-3a7d-4a3b-9179-bc9ad4a241cd", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811257", "to_ids": true, "type": "filename", "uuid": "bf5d8a02-9a77-4ffe-99c0-baa4c406da42", "value": "b4e12d9d0a4976fe8d41d267b6bb1745.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811257", "to_ids": false, "type": "text", "uuid": "b898a684-885c-4460-a495-cfd6b63b7558", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860105", "uuid": "a284d9b7-cea7-4cd3-a058-383a114b66b7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860105", "to_ids": true, "type": "md5", "uuid": "b5f754ac-8e0e-4d02-8535-6a4bbf9f92bf", "value": "88fbb346f3bc1d576d25fa6fcaeb2966", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860105", "to_ids": true, "type": "sha1", "uuid": "1b61ddfe-b2a6-49ee-8fc4-6a7dbe68acbb", "value": "0af7b23f0071ad12b3f0d0e66d7a616fb1a8c1b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860105", "to_ids": true, "type": "sha256", "uuid": "e3187b9f-50d2-4392-ab3f-6b69a0979914", "value": "4b7bdb8d01dd300813981bdd72af7e0dafb21b8e0dae07646b247f39b56a83a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811278", "to_ids": true, "type": "ssdeep", "uuid": "8827ff8a-d632-4468-9cbf-3cf1bb82bb74", "value": "12288:kfBzlIEXAJe6ANXYC3HAA+9xCDlwKdbLBKuM21/gc1FDANqNp5qdy5Y99:kfqQ60IWxKkB1MmXEep5qdMa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811278", "to_ids": false, "type": "size-in-bytes", "uuid": "93674662-9add-44d6-8bba-4ecea24056dd", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811278", "to_ids": true, "type": "vhash", "uuid": "92397468-6146-41fc-bf0f-3c524006895f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811278", "to_ids": true, "type": "filename", "uuid": "29aadce8-653b-42a2-9f7f-5c18150489dd", "value": "88fbb346f3bc1d576d25fa6fcaeb2966.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811278", "to_ids": false, "type": "text", "uuid": "c8ce8a10-ccf0-4c20-9832-281d597dc300", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860106", "uuid": "14fadf20-339c-46de-ba70-1c40fcd75146", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860106", "to_ids": true, "type": "md5", "uuid": "880c3aa5-d661-40ed-81aa-3ff263db13e3", "value": "3f947429c418ff6fc23c2340e3f4657f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860106", "to_ids": true, "type": "sha1", "uuid": "6d4a12e8-8999-45c1-8e49-a254e4926979", "value": "b395d3d3ba15f786b65ba795576b38948a9bc1f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860106", "to_ids": true, "type": "sha256", "uuid": "629f2e31-05d2-40c0-b0de-a02968c01e10", "value": "535e9055f250c79ab31745a49b47cd7ea8ea9ab6f781f1678843944f677d12bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811300", "to_ids": true, "type": "ssdeep", "uuid": "d62a74bd-b947-4881-a245-91bac7b76d1a", "value": "12288:VfBzlIEXAJe6ANXYC3HAA+9xCDlwKdKLFhiAQ3+ukRZ4ybOAsRoSECh1i6whQtPE:VfqQ60IWxK5FcAQ3PiLsRNEi/whQtPV6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811300", "to_ids": false, "type": "size-in-bytes", "uuid": "527717d2-74d1-498b-bc87-ff7535d20e91", "value": "826139" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811300", "to_ids": true, "type": "vhash", "uuid": "20be2b36-c671-4d22-8b95-0373b2fe141b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811300", "to_ids": true, "type": "filename", "uuid": "2aca9202-d380-4141-a591-92baca132ff4", "value": "3f947429c418ff6fc23c2340e3f4657f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811300", "to_ids": false, "type": "text", "uuid": "90693c56-1def-477d-910f-4e959e814abc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860107", "uuid": "cb180d78-7a2d-488a-9560-705e7894ac6b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860107", "to_ids": true, "type": "md5", "uuid": "3dc000a3-2c64-4eac-bdee-7a2bd5906e3f", "value": "69a3ace356a8ce28fae04cb7da7baa2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860107", "to_ids": true, "type": "sha1", "uuid": "691ebaf2-4485-4c3a-a25b-3798fdd9127c", "value": "6da16b8b62f541ba8102e9496cfa4c86483eab29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860107", "to_ids": true, "type": "sha256", "uuid": "b0b80088-15c3-4f12-a964-679aee10a523", "value": "35b6179015fc1a41866de3f223160a22f5598723fa08ce94c2383313a4c4c910", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811321", "to_ids": true, "type": "ssdeep", "uuid": "0046f48d-458a-46bc-bdb8-c4b6a9169e8e", "value": "12288:9fBzlIEXAJe6ANXYC3HAA+9xCDlwKd9LVMJ+gdUKaPRB1l7ROotbxIFURe/WL5al:9fqQ60IWxKqVS/5aPRBAg1IFAYWLN0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811321", "to_ids": false, "type": "size-in-bytes", "uuid": "c3d19eca-3423-45bc-9517-ddac81013f40", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811321", "to_ids": true, "type": "vhash", "uuid": "3d2439b2-db71-4bf6-8270-6fb09d68400d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811321", "to_ids": true, "type": "filename", "uuid": "165335f5-ef59-4e0d-95e5-6bb6eb1d238a", "value": "69a3ace356a8ce28fae04cb7da7baa2e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811321", "to_ids": false, "type": "text", "uuid": "f6c1a600-34df-4765-b517-e9bfe43444b3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860108", "uuid": "c8bc8ad7-2190-4f45-a0b1-89bacb97696a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860108", "to_ids": true, "type": "md5", "uuid": "d7ab7969-9dff-4033-bca2-08aaa2ff6e09", "value": "0e860e7ceabd0ffefd11d76343d5432d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860108", "to_ids": true, "type": "sha1", "uuid": "079949d7-6cb4-4663-b009-c0313f9a006f", "value": "8244d18a3acf26253ba3863f2943e6058dad24c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860108", "to_ids": true, "type": "sha256", "uuid": "5edeb47c-3edc-4976-ab3a-6c3b169def2b", "value": "c1279e4b6aa429c14c7f4ce4346dfd6167357d783f64f5c75f4c56190ca9eb1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811342", "to_ids": true, "type": "ssdeep", "uuid": "6b74ea00-13b0-4549-87de-a779072f7e33", "value": "24576:zfqQ60IWxKj12YVz7JCqs9xsoHgGkWTJK:zf1607Kr7JC9xsoH9TJK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811342", "to_ids": false, "type": "size-in-bytes", "uuid": "9c1a63cc-c7ab-4a17-96b6-520939f09fff", "value": "826174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811342", "to_ids": true, "type": "vhash", "uuid": "db325264-7668-44d5-bdf2-1078e9465124", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811342", "to_ids": true, "type": "filename", "uuid": "3d3b4e51-2fc1-446a-99bc-b72afccf98d0", "value": "0e860e7ceabd0ffefd11d76343d5432d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811342", "to_ids": false, "type": "text", "uuid": "d80aa4e5-1f13-481d-b6d4-ab6eca6be53f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860110", "uuid": "25b938e0-e952-4b69-bc25-a38d74543ff2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860109", "to_ids": true, "type": "md5", "uuid": "d623d236-a5e8-404e-83f9-27ef1a1cfa79", "value": "949da6727d9411587e43818a3f3f6390", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860109", "to_ids": true, "type": "sha1", "uuid": "1dcb7abd-430b-4644-b52d-88c3898fadd9", "value": "8bc913173bf2b81c88556fe2cc7672835e4dccea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860110", "to_ids": true, "type": "sha256", "uuid": "a43880ec-e7ad-41ee-9b1b-5c2deee37fa8", "value": "f7c66f1dfb487bb296e83b2c96efb8d747aa02a53a32b7c8226eb25c2303c08b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811364", "to_ids": true, "type": "ssdeep", "uuid": "4db22af7-235d-42fa-bb67-08987946e5a6", "value": "98304:xTI0WV2sBUtoa9B5QfdF+v5MuJZbY4vEPo9B/tyFvUnlPZEMv/CRaOEVxFn2a0Az:FKa/qdohMuJsg/IFvyQe/gad3V2xJes0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811364", "to_ids": false, "type": "size-in-bytes", "uuid": "bd5f6280-32f1-4ca6-90d6-f110b0f85a0d", "value": "6197848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811364", "to_ids": true, "type": "vhash", "uuid": "5e1adf58-affc-4639-8bbf-0f8b91b20369", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811364", "to_ids": true, "type": "filename", "uuid": "6562e069-a573-48e8-b31e-e123b3c4f302", "value": "949da6727d9411587e43818a3f3f6390.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811364", "to_ids": false, "type": "text", "uuid": "11d1f96d-f2c8-445d-bc34-27530997ec2e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860111", "uuid": "b221cbea-c522-4226-9030-09f0413cff27", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860110", "to_ids": true, "type": "md5", "uuid": "c83a9750-b238-4234-b569-4d389f332a72", "value": "ecb2c0324985429071e601d71bef53a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860111", "to_ids": true, "type": "sha1", "uuid": "fe8cb04c-cbc7-44d8-84d0-8e4e3cd0a36e", "value": "a37797c09acc7898a31845e2d689fcd824feead3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860111", "to_ids": true, "type": "sha256", "uuid": "88e12d22-abd9-4fef-8355-748a6c3ab22b", "value": "65b30ed81dca123f5d0d4d5db2154f6621bf861d8815b9bcfccef51659446ffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811385", "to_ids": true, "type": "ssdeep", "uuid": "8f278379-db8b-4438-b0b8-8974404bfb57", "value": "98304:Na/gsBUlmA9B3QfdFLqbMAJbbYAvMfu9BntZevxyh8Aolsymjr/8PCvFUPsB:SA/odpeMAJqW/TevcolsymjTfSPsB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811385", "to_ids": false, "type": "size-in-bytes", "uuid": "92db30c4-7211-4a60-8ad5-6482c96d84f6", "value": "5828074" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811386", "to_ids": true, "type": "vhash", "uuid": "a2e0c238-8681-4e0d-a235-8f9f869888ac", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811386", "to_ids": true, "type": "filename", "uuid": "f6110f51-e9b2-4e21-8a04-bf8b88b22bf7", "value": "ecb2c0324985429071e601d71bef53a8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811386", "to_ids": false, "type": "text", "uuid": "a7ee3e96-46fa-4335-927b-f3c79f959dfb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860112", "uuid": "018dccc7-abdc-43aa-b99e-31eb2cba32dc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860112", "to_ids": true, "type": "md5", "uuid": "b54b87bb-fcbf-4767-b252-dd21f731b26e", "value": "92e47358a708304750df769d987210d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860112", "to_ids": true, "type": "sha1", "uuid": "d0b759a9-6a9b-4d8b-88a5-92f90be1b30f", "value": "a0eb732552ac2bca7885dccff30ab36cf8c97757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860112", "to_ids": true, "type": "sha256", "uuid": "3caff1f7-df13-4640-b4b0-0ceafedfceed", "value": "146453a4c940217187d2832c9e9bb03144877835a06605f72553de59922a2c3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811407", "to_ids": true, "type": "ssdeep", "uuid": "1fff791f-8b90-453d-9a66-c3bf5858f165", "value": "98304:pHI0oH/sBU1E49BzQfdFkALMYJjbYsvsal9BLtxvDkbViT+Vr5Yu7tdzsuEN/uU/:1L4/sdyoMYJyY/PvDk8Kh5YAquEN5Ms9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811407", "to_ids": false, "type": "size-in-bytes", "uuid": "5fbf0a32-f01c-4b49-91ad-21a1160c1eaf", "value": "6197853" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811407", "to_ids": true, "type": "vhash", "uuid": "028eef17-da5b-433f-91b4-52ef6c24046f", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811407", "to_ids": true, "type": "filename", "uuid": "f7a33d21-b68a-48ea-92d9-96c5ce1ff8d9", "value": "92e47358a708304750df769d987210d0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811407", "to_ids": false, "type": "text", "uuid": "88bf5c79-0b70-4f14-bb0c-29f703fa5338", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860113", "uuid": "e30f4891-c15d-46ae-bcf8-58f3e31a29a7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860113", "to_ids": true, "type": "md5", "uuid": "f8d7da52-e908-4b0a-98cd-a093524923fc", "value": "d20eb694c8a6a48b2bda438da5c9d75c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860113", "to_ids": true, "type": "sha1", "uuid": "998654ec-d526-49a2-96e8-f2e19f563eb2", "value": "e1a654ae91ad8c315b79acd630a58827f45863eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860113", "to_ids": true, "type": "sha256", "uuid": "d8af93a0-aeca-45bf-aef6-175f6d6bd73a", "value": "a1f5e7d93e439f510032fc7fc7dc27fc4adb6b4b00ff666f66b362693fb1673e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811429", "to_ids": true, "type": "ssdeep", "uuid": "a6a2b2f7-b263-42fb-a7f5-03e7116a93a0", "value": "98304:V7I0Xx2sBUlwG9BhQfdFpGWMaJBbYRv4lf9BXt1r/xyh8Aolsymjr/8PCpnURs+:Z3G/ydHbMaJ7J/fr/colsymjTfGRs+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811429", "to_ids": false, "type": "size-in-bytes", "uuid": "6b56ec9e-6f4a-43b7-8501-3ad4a7578935", "value": "6197856" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811429", "to_ids": true, "type": "vhash", "uuid": "78a1dd22-5610-43a5-a7d6-131f974c7127", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811429", "to_ids": true, "type": "filename", "uuid": "3518076a-02b4-4898-add0-7bdfd52c5881", "value": "d20eb694c8a6a48b2bda438da5c9d75c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811429", "to_ids": false, "type": "text", "uuid": "676414fc-094f-412f-9430-71e2d0ab805d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860114", "uuid": "b6c9b71b-d560-44a0-bfcc-c74eabdc8bcb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860114", "to_ids": true, "type": "md5", "uuid": "f3decbcb-fbfe-4432-9b1c-d36f95d3d25b", "value": "333cbfe32e6c42293209fc388ada29b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860114", "to_ids": true, "type": "sha1", "uuid": "a6cd2b2b-fbec-4111-a66e-476615d120df", "value": "47f091a76c5e336062d414fe781d583ad63978d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860114", "to_ids": true, "type": "sha256", "uuid": "ace3609d-91ca-42ca-827c-a0dfa14dcf2d", "value": "69224f30e8dd07798b7a0aee07539c46bc0ff9403f052bd26437f1ac9c9ed239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811450", "to_ids": true, "type": "ssdeep", "uuid": "9d60f6cf-8886-46fd-afd2-499da135a584", "value": "12288:IafBzlIEXAJe6ANXYC3HAA+9xCDlwKdkLdHaIfh2JjE/NQL44QlxnhAC8Kp91:IafqQ60IWxKHd6IfEREVQ/Qlr8q1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811450", "to_ids": false, "type": "size-in-bytes", "uuid": "52af9668-0ed1-47ad-a074-30fa4e8f6a41", "value": "826179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811450", "to_ids": true, "type": "vhash", "uuid": "5d7b697b-cb7c-4cf6-b4b1-117f8b24e569", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811450", "to_ids": true, "type": "filename", "uuid": "a76e7ba8-c52d-46c3-9ab5-02ee69ecba3f", "value": "333cbfe32e6c42293209fc388ada29b9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811450", "to_ids": false, "type": "text", "uuid": "fc1c762c-f316-4542-b9a7-c967fc7d25a8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860116", "uuid": "44407f70-9841-4b8a-82f6-12219b78cd19", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860115", "to_ids": true, "type": "md5", "uuid": "32d8c867-961b-4b3e-bb8d-d087145a5d6d", "value": "08b5acd3d0e6eadf81632445f986b094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860115", "to_ids": true, "type": "sha1", "uuid": "c088bf93-7e28-43ac-b44c-8f3db943deae", "value": "12575c05d83b72f6d2088c0c1cf31f5348d9ac6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860116", "to_ids": true, "type": "sha256", "uuid": "4101e74e-359e-4b91-8a70-bf5caaf8b446", "value": "ed72ac3cffff198f8e5199d8cb672a51a5eaaba60af12e005c3561aab772e7e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811471", "to_ids": true, "type": "ssdeep", "uuid": "e68661ee-8692-4490-a8d1-40fe2a1b9394", "value": "12288:XfBzlIEXAJe6ANXYC3HAA+9xCDlwKdbLFuVIfh2JjE/NQL44QlxnhAC8Kp9t:XfqQ60IWxKIFOIfEREVQ/Qlr8qt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811471", "to_ids": false, "type": "size-in-bytes", "uuid": "0d4799f0-f218-4a5a-a804-520aaf95b2f6", "value": "826184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811471", "to_ids": true, "type": "vhash", "uuid": "87d24d89-0392-4cd5-91ee-e961d54ddcf2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811471", "to_ids": true, "type": "filename", "uuid": "05eccbb9-f990-450c-8f77-69f3b8530bb6", "value": "08b5acd3d0e6eadf81632445f986b094.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811471", "to_ids": false, "type": "text", "uuid": "7e7dc912-9f63-41d8-a855-574bd8ea7450", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860117", "uuid": "c26c710f-d6b2-437b-adfe-82dc084e1d25", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860116", "to_ids": true, "type": "md5", "uuid": "4392f968-ccfa-47d1-89a8-fced83c339b9", "value": "74ea6a5132b26371f55b1a32a5ff1ded", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860117", "to_ids": true, "type": "sha1", "uuid": "38bff977-3736-4051-8e30-e88655069ab7", "value": "b546b43909610c811585e5b9452dcd06e923dca0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860117", "to_ids": true, "type": "sha256", "uuid": "e9ab9208-284e-4378-b9df-c5ac409ceb0a", "value": "807971baf9c22d903424c0772dcbdccd9d79ff4a2add7da9fe0a07264e34ca51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811493", "to_ids": true, "type": "ssdeep", "uuid": "16ee3f39-6f9c-471c-8232-f9d377753bab", "value": "12288:OfBzlIEXAJe6ANXYC3HAA+9xCDlwKdqLV5a2myDewKRp3klSC+U0aEIjkQZLpR:OfqQ60IWxKNVg2mPNR5tCtVjkQZ/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811493", "to_ids": false, "type": "size-in-bytes", "uuid": "836a284c-b207-4a80-b3c5-bdc515af1bc4", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811493", "to_ids": true, "type": "vhash", "uuid": "938f2f07-7648-4cd8-8f0a-ce695be252ce", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811493", "to_ids": true, "type": "filename", "uuid": "b8aa9e53-e33c-4e88-b702-f01ebad709a8", "value": "74ea6a5132b26371f55b1a32a5ff1ded.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811493", "to_ids": false, "type": "text", "uuid": "d84b88e6-1982-455b-a8dc-dd105c05a4c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860118", "uuid": "c3e5d6a8-49f3-442f-8d4a-10effcbc5001", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860118", "to_ids": true, "type": "md5", "uuid": "744a3b05-f82d-4231-92dd-75037b9212ed", "value": "fb63dd2d3eb3bc9328c9a8534e36d3ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860118", "to_ids": true, "type": "sha1", "uuid": "26493073-ead0-449c-8546-e75c928c4d69", "value": "d07cfad4000037c75a61572e22f1dfd6a233b407", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860118", "to_ids": true, "type": "sha256", "uuid": "9a85b805-0e9f-4ded-9c74-246172086236", "value": "736f3eee0489b93c6fd615e5ef29078da952e496ea5009655bc68b834bcc0640", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811514", "to_ids": true, "type": "ssdeep", "uuid": "c00cdbeb-9a07-479f-aaa5-a45311ec0e4d", "value": "12288:gIlEfBzlIEXAJe6ANXYC3HAA+9xCDlwKdYLhDO2myDewKRp3klSC+U0aEIjkQZLV:ofqQ60IWxKHha2mPNR5tCtVjkQZV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811514", "to_ids": false, "type": "size-in-bytes", "uuid": "23b87bce-3d64-4015-9a75-de782bcf4ff8", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811514", "to_ids": true, "type": "vhash", "uuid": "7569339f-eebd-44ae-88d8-454389f50c32", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811514", "to_ids": true, "type": "filename", "uuid": "1c8e7ea3-81ed-4da0-b268-cf483ef0ca95", "value": "fb63dd2d3eb3bc9328c9a8534e36d3ed.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811514", "to_ids": false, "type": "text", "uuid": "883ba350-8afe-4cb8-a0dd-1befae6e6f26", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860119", "uuid": "7ca76dcd-899d-488e-b9e0-196f75cd49f0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860119", "to_ids": true, "type": "md5", "uuid": "694db72f-ab8c-4710-bcb6-45bd72002daa", "value": "44c9e0c4c0ee00d9daf5896f085ab477", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860119", "to_ids": true, "type": "sha1", "uuid": "67c90f92-e03f-4deb-975b-96c92322baf3", "value": "6d0b46b05a6b224b5341604457cf7c67ed893d1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860119", "to_ids": true, "type": "sha256", "uuid": "ed002b9d-fcd9-4446-a688-15bed1e9bd0b", "value": "e0954ea9b68b8b9f1512c6a530f2eada4c8a5b163253b2a025568970b9c3a6e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811535", "to_ids": true, "type": "ssdeep", "uuid": "dd5158b3-dc7c-4395-bbbc-183dc3bf3d09", "value": "12288:hfBzlIEXAJe6ANXYC3HAA+9xCDlwKdNL1YlIfh2JjE/NQL44QlxnhAC8Kp9H:hfqQ60IWxKi1YIfEREVQ/Qlr8qH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811535", "to_ids": false, "type": "size-in-bytes", "uuid": "055b9538-2147-4a3b-8f35-9b9c5931dc2c", "value": "826184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811535", "to_ids": true, "type": "vhash", "uuid": "7abf36b3-bf03-485f-a454-7fc43b85caf8", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811535", "to_ids": true, "type": "filename", "uuid": "4c28608d-fa59-49ed-93f7-a0ca1d1b5459", "value": "44c9e0c4c0ee00d9daf5896f085ab477.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811535", "to_ids": false, "type": "text", "uuid": "9f171a1b-998c-45a8-b554-5b342c459c63", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860120", "uuid": "8f50f796-621e-41a8-8193-40cd600d5a4f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860120", "to_ids": true, "type": "md5", "uuid": "dc5dfe8b-6e4b-4858-8e7d-4ee23d986b7f", "value": "8c5c7fbbdaf44857c1df2f53ea387c06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860120", "to_ids": true, "type": "sha1", "uuid": "1dd14ff1-7369-4a37-93ab-f560a171b203", "value": "36cbf1680cdf84fec700ea3d76b9396022ec2281", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860120", "to_ids": true, "type": "sha256", "uuid": "e8926a29-a7bb-49d0-bc09-d4fe8fb2dbfd", "value": "4c283d4ea39ccfa7c02b9fc44d439dcca9664e444dacb4ae3ac0faee62d5c4ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811557", "to_ids": true, "type": "ssdeep", "uuid": "298f3ac2-07fd-4e96-99cd-3e7fcaa6c2c1", "value": "12288:+fBzlIEXAJe6ANXYC3HAA+9xCDlwKdNLlg+2myDewKRp3klSC+U0aEIjkQZLpl:+fqQ60IWxK6lN2mPNR5tCtVjkQZf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811557", "to_ids": false, "type": "size-in-bytes", "uuid": "0437fffd-ed94-46fa-afd1-35dabfda1c8c", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811557", "to_ids": true, "type": "vhash", "uuid": "230d4ea3-0fe9-4b77-a519-208cf5204877", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811557", "to_ids": true, "type": "filename", "uuid": "ea660b21-afe8-43ae-9f93-2e92d69bee70", "value": "8c5c7fbbdaf44857c1df2f53ea387c06.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811557", "to_ids": false, "type": "text", "uuid": "78794ce2-932b-4235-b16c-4877379a3b42", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860121", "uuid": "61b0aa83-f491-4b97-8755-1437f8f08c85", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860121", "to_ids": true, "type": "md5", "uuid": "85126181-daa1-4579-9fec-67991b9cda27", "value": "3510255fc62e90d46b5b131b465952b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860121", "to_ids": true, "type": "sha1", "uuid": "f2e6fdb9-bbf3-4617-bcd4-64a8a02d6290", "value": "a5859483bef1cb1c1c3a3b35d8fffcbd9520b3c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860121", "to_ids": true, "type": "sha256", "uuid": "91f8c8dd-3299-4add-9758-7984119babc8", "value": "5f6c951459da23c59beaa8354365a16751df5a872dc12fa4d049f49c1ab10b8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811578", "to_ids": true, "type": "ssdeep", "uuid": "a926edba-bca3-4983-817a-ecc8ba796a33", "value": "12288:tfBzlIEXAJe6ANXYC3HAA+9xCDlwKd/LZGi+gdUKaPRB1l7ROotbxIFURe/WL5a2:tfqQ60IWxKwZT/5aPRBAg1IFAYWLNf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811578", "to_ids": false, "type": "size-in-bytes", "uuid": "e70db617-1969-47c8-adf6-a33d34c65742", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811578", "to_ids": true, "type": "vhash", "uuid": "058159be-9082-4a52-96b8-56561c8fd309", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811578", "to_ids": true, "type": "filename", "uuid": "1c6e8fa6-3dcd-478e-b8fa-1071317d8cf9", "value": "3510255fc62e90d46b5b131b465952b8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811578", "to_ids": false, "type": "text", "uuid": "25ae057b-c535-4a01-b5c1-d8f31974a24d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860122", "uuid": "3739f73b-a1bb-4493-ae08-0a6dd0f3aed2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860122", "to_ids": true, "type": "md5", "uuid": "bbe9e125-a761-4f3a-982d-f21b6fa6d8f7", "value": "3bba40b35cfef45f32575863b2eb82c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860122", "to_ids": true, "type": "sha1", "uuid": "997f5a3f-0067-4d35-b6ff-1a7cfb31ec12", "value": "fc6e453dbc95c347585fbebeb30117bbc215dadf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860122", "to_ids": true, "type": "sha256", "uuid": "a412b5f4-1a04-4007-8566-861b37dc565f", "value": "2715bff23c4da36ba809f0404f7a025658f92f75591d4343add5ded337a9021c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811599", "to_ids": true, "type": "ssdeep", "uuid": "c7f3a5dc-4726-43dc-bbf4-31fe194c6111", "value": "12288:ufBzlIEXAJe6ANXYC3HAA+9xCDlwKdKLNhS+gdUKaPRB1l7ROotbxIFURe/WL5av:ufqQ60IWxK9N0/5aPRBAg1IFAYWLNm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811599", "to_ids": false, "type": "size-in-bytes", "uuid": "56e3ec97-4330-45e5-87ab-6694f0cd378e", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811599", "to_ids": true, "type": "vhash", "uuid": "58bd5dd3-f1d1-40b6-99f0-47b76ff57e4a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811599", "to_ids": true, "type": "filename", "uuid": "7eb3ab53-8955-4a67-ac2d-acd0c62b7ff1", "value": "3bba40b35cfef45f32575863b2eb82c7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811599", "to_ids": false, "type": "text", "uuid": "574fd805-b1d8-408e-ab7b-008e411fab18", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860124", "uuid": "4e2bba37-4365-4bc7-9c8c-96518b9e7c10", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860123", "to_ids": true, "type": "md5", "uuid": "23467cc0-d36e-410f-840c-dba35dbf591a", "value": "0eb97065362191ea415ca12e9d0825e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860123", "to_ids": true, "type": "sha1", "uuid": "5f294473-45f5-4d17-8ec2-429f42c00722", "value": "9e770308dfb3f0f71b5a84a04c6ad0f746672c5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860124", "to_ids": true, "type": "sha256", "uuid": "0d779b3e-09bf-42a8-8c17-72e34acc48e9", "value": "d1a515b6a1ae80caab582fcf069625d8c363e3cf1c9eeb8f2858d715bbb91731", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811621", "to_ids": true, "type": "ssdeep", "uuid": "e93199ef-ecac-451b-8c64-798553a3847e", "value": "24576:KfqQ60IWxKQNoYVz7JCqs9xsoHgGkWTJo:Kf1607KO7JC9xsoH9TJo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811621", "to_ids": false, "type": "size-in-bytes", "uuid": "c567352b-2b7e-489d-b793-0c2f9508b026", "value": "826174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811621", "to_ids": true, "type": "vhash", "uuid": "a343e31f-fc00-4211-96be-4b08c70a3986", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811621", "to_ids": true, "type": "filename", "uuid": "5b75a85d-84bf-46b9-aeca-121084bb91b2", "value": "0eb97065362191ea415ca12e9d0825e8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811621", "to_ids": false, "type": "text", "uuid": "2f10610a-96cd-43c3-8f7b-e06660e8fd50", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860125", "uuid": "ebad62e3-7276-4723-b3d8-e83cf226f35b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860124", "to_ids": true, "type": "md5", "uuid": "2de5e13a-f566-4821-9342-74bf08a7104b", "value": "e6e67079cbf82a03536a2a1a8b208131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860125", "to_ids": true, "type": "sha1", "uuid": "885dddfa-a978-4d14-a5f3-52818804834d", "value": "a1a52b19b7d978c18f0f8ba242076d17ef78c876", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860125", "to_ids": true, "type": "sha256", "uuid": "e2457d31-2a93-4657-8078-262c2b7714cf", "value": "6df9bc0e89f665be0b9e3cb8681a8fd5429af9ffe413f2a08232cb699fb114c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811642", "to_ids": true, "type": "ssdeep", "uuid": "5c371aea-38a4-43ff-8663-503ea3992fef", "value": "12288:2fBzlIEXAJe6ANXYC3HAA+9xCDlwKdNL1MBIfh2JjE/NQL44QlxnhAC8Kp9g:2fqQ60IWxK614IfEREVQ/Qlr8qg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811642", "to_ids": false, "type": "size-in-bytes", "uuid": "0cd1455d-0a70-4b04-a32a-c24bfe6d7b38", "value": "826184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811642", "to_ids": true, "type": "vhash", "uuid": "3abc74d3-2d50-4208-b7a0-e0ee196ad50d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811642", "to_ids": true, "type": "filename", "uuid": "0fd59d13-32da-41ca-937a-a0726ab06118", "value": "e6e67079cbf82a03536a2a1a8b208131.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811642", "to_ids": false, "type": "text", "uuid": "18b95a7a-c04d-485d-85bf-b7e3e7b409f8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860126", "uuid": "3e1db4cd-1b58-4b49-85bc-ef57de691cb9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860126", "to_ids": true, "type": "md5", "uuid": "d25359bd-cd56-4b90-8a0e-9f801b2b919b", "value": "3396e10dbf152bd7c3a08479013dc827", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860126", "to_ids": true, "type": "sha1", "uuid": "6b5608e2-2cd4-45f0-88e1-a63fe7a75549", "value": "725d20c7902c340d453278b3b7400a9128fea373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860126", "to_ids": true, "type": "sha256", "uuid": "33bc008b-5a69-44a3-a5a7-cbc0806199b7", "value": "8d5a9c54628480015f908b94961066dcb4142a6ae5900c60d3a5d247494e85cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811663", "to_ids": true, "type": "ssdeep", "uuid": "2ed1af70-afca-4112-a12c-24a27d076a15", "value": "12288:KfBzlIEXAJe6ANXYC3HAA+9xCDlwKdqLFda2myDewKRp3klSC+U0aEIjkQZLpN:KfqQ60IWxK5FE2mPNR5tCtVjkQZ3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811663", "to_ids": false, "type": "size-in-bytes", "uuid": "d35bdcb3-0eea-4840-a51b-ae4571725b04", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811663", "to_ids": true, "type": "vhash", "uuid": "efcade49-6ce6-45c1-ab4f-ec4626f2fb96", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811663", "to_ids": true, "type": "filename", "uuid": "e71e7530-34f7-4773-941a-eb8a60cd7570", "value": "725d20c7902c340d453278b3b7400a9128fea373.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811663", "to_ids": false, "type": "text", "uuid": "301e6920-7775-48bb-9c2d-cb603cd2ebd3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860127", "uuid": "7e2f003b-0be3-4359-86d3-85a4999cef90", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860127", "to_ids": true, "type": "md5", "uuid": "1e9c5118-5545-4911-806b-6187de296f00", "value": "7008dd2fd07f6b3dc8e9bf0a9f3390ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860127", "to_ids": true, "type": "sha1", "uuid": "d2747b6d-d666-4022-a4d2-d7e775557250", "value": "ffb8f0faa2679732d91534a54410da835023caba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860127", "to_ids": true, "type": "sha256", "uuid": "8d7d801e-73b5-4dd3-a8e7-73d0d25e9d34", "value": "6ca5b40e5a223ebd3ff74e81c8ee271f01054c5c89ac26e6d3026605c212b2c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811685", "to_ids": true, "type": "ssdeep", "uuid": "03a37135-c33f-42cd-858a-0bd626f49146", "value": "12288:TfBzlIEXAJe6ANXYC3HAA+9xCDlwKddL58m2myDewKRp3klSC+U0aEIjkQZLpU:TfqQ60IWxKu5B2mPNR5tCtVjkQZO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811685", "to_ids": false, "type": "size-in-bytes", "uuid": "9098338f-54d1-4ce1-ad88-ab42a7a7a1e9", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811685", "to_ids": true, "type": "vhash", "uuid": "83dd6f49-ef7d-4352-b7a1-b2b3974d04bb", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811685", "to_ids": true, "type": "filename", "uuid": "55a1f796-0ae8-4684-856d-c5256157eddb", "value": "7008dd2fd07f6b3dc8e9bf0a9f3390ea.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811685", "to_ids": false, "type": "text", "uuid": "8a57206b-feac-429b-a03c-19211952d13d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860128", "uuid": "fb21fb4a-1571-44cd-a0ce-08b9e0ad11a1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860128", "to_ids": true, "type": "md5", "uuid": "3e8ed661-80d9-4f90-bfc4-22f8199565b3", "value": "ca93b7eb4845e0e9f5d9bcac7d217710", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860128", "to_ids": true, "type": "sha1", "uuid": "5fae1fa3-3db7-46c9-9126-5c3f04126b9f", "value": "639a20ad4035d1ff02d150a9046e8995c447c6f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860128", "to_ids": true, "type": "sha256", "uuid": "f9435611-50f5-4c2e-8b96-7f586459d589", "value": "0653709aaa8fcd7c38970f23e31ced0c14537f8f58d0bf21e8ed780af8e4aabb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811706", "to_ids": true, "type": "ssdeep", "uuid": "6a3251da-c860-43d6-a8f4-8e519e35e937", "value": "12288:/fBzlIEXAJe6ANXYC3HAA+9xCDlwKdpLFURIfh2JjE/NQL44QlxnhAC8Kp9A:/fqQ60IWxKeFYIfEREVQ/Qlr8qA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811706", "to_ids": false, "type": "size-in-bytes", "uuid": "47201882-a570-4d64-9dfb-8b0ecd855834", "value": "826098" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811706", "to_ids": true, "type": "vhash", "uuid": "4c5d15ce-80ce-4e10-88ea-11c0edb52b1a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811706", "to_ids": true, "type": "filename", "uuid": "8162a3b5-8981-4703-8ac1-fbe251ce854c", "value": "ca93b7eb4845e0e9f5d9bcac7d217710.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811706", "to_ids": false, "type": "text", "uuid": "05df8b76-7afb-4bfe-a9ea-9a5c888fa10b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860129", "uuid": "68a58bb3-ba66-4b36-a532-9eb635a3d5d0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860129", "to_ids": true, "type": "md5", "uuid": "4ae15685-7de8-4cdd-a735-4138215580e3", "value": "cfb04ada51f98dc14857bb3c3e272e3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860129", "to_ids": true, "type": "sha1", "uuid": "2b3dc636-6c28-4b53-9693-b956208c3b71", "value": "7eb0991b0a7956c672f708312098161af7eccb36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860129", "to_ids": true, "type": "sha256", "uuid": "54781a3c-785e-4ea1-bdc3-cbd49b3e495e", "value": "50bef0aee4ccd18e756d9064df6c6b8e2fb582ee82c2544bfe85d38503f19524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811727", "to_ids": true, "type": "ssdeep", "uuid": "fcbc5bfc-a159-4d99-8569-d29db9fe3e5e", "value": "12288:RArfKuxTfSs3Ii+KbV67Z81LDF/S0PRxXcCHGyzdR:R14J37gZ8JJ/S0PPXc+GyhR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811727", "to_ids": false, "type": "size-in-bytes", "uuid": "4e504814-2de2-4149-bb98-8dbd9ee77e5c", "value": "605324" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811727", "to_ids": true, "type": "vhash", "uuid": "1055cd83-6ef6-4ff6-b2b2-d5d3f28d2c85", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811727", "to_ids": true, "type": "filename", "uuid": "7fa808c6-84fe-4133-967c-8d2b0d9a9292", "value": "cfb04ada51f98dc14857bb3c3e272e3c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811727", "to_ids": false, "type": "text", "uuid": "db4fced4-aaf4-4097-a2ad-f34fc08ca0eb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860131", "uuid": "10ef9933-8da1-4772-b2b1-0cd314ee50cb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860130", "to_ids": true, "type": "md5", "uuid": "90d11559-31fb-4e23-a0b8-6094438ce407", "value": "5d387cee67cbd260f60b5b5c306958d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860130", "to_ids": true, "type": "sha1", "uuid": "31cbc1c4-f62d-428f-aa1a-d736bcb32d74", "value": "c8a938c4166b95f45702b1aa4046e5088c720edd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860131", "to_ids": true, "type": "sha256", "uuid": "ea2f3739-5c72-4453-bebf-669cf029b797", "value": "673ba73c9d028ab60ffbf179c85b5742744bbfcad4a313887c8851a0440d10bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811749", "to_ids": true, "type": "ssdeep", "uuid": "b9c4ffb3-7c1a-4910-888e-701dd88e2416", "value": "12288:lkibnOKysYqU2lu8wGXxVxiAzSgsajvr4yiIVcjdAIeKXeAE3bCqweEslV3:lOKyn0lu8wGIAzS0vI2c7bnuZRV3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811749", "to_ids": false, "type": "size-in-bytes", "uuid": "e3cc93b1-a66d-44c4-823f-c6da7d1cb043", "value": "605314" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811749", "to_ids": true, "type": "vhash", "uuid": "48a5976f-b0cc-474b-9f31-ba2ab4f3c270", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811749", "to_ids": true, "type": "filename", "uuid": "a00fb5be-9edc-460d-8630-e94fbf283858", "value": "5d387cee67cbd260f60b5b5c306958d3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811749", "to_ids": false, "type": "text", "uuid": "9baab520-91ed-49a4-9c22-51db9de07583", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860132", "uuid": "0316d2e1-8142-4c97-9039-62d3ebb8bfad", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860131", "to_ids": true, "type": "md5", "uuid": "ee4e83d9-7d33-4eaa-a839-cf845f4da897", "value": "9e060f24c35dc0e2e8df6a9289c5a052", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860132", "to_ids": true, "type": "sha1", "uuid": "74ad9692-c3e9-482c-a513-7a94660f0163", "value": "f25cfa3f98b9c140fc474e98d6eea11b992c680a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860132", "to_ids": true, "type": "sha256", "uuid": "08908df1-72c2-4103-a96e-a205cd714842", "value": "e1c600b5162c3cc2ee93ef63aa4b178f46eeaedcd8e7c2bde4fce92c2c9c2a1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811770", "to_ids": true, "type": "ssdeep", "uuid": "bd6bb83b-f6ba-4df8-986a-b6b16ebf7e70", "value": "12288:gfBzlIEXAJe6ANXYC3HAA+9xCDlwKddL18FL23xV/8hTbYjBouOuWf1EDZ51RTcg:gfqQ60IWxKq13L0TCahTfMXbfsj2XQo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811770", "to_ids": false, "type": "size-in-bytes", "uuid": "359154fa-f31e-4331-ae4d-a273b7ee1770", "value": "826178" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811770", "to_ids": true, "type": "vhash", "uuid": "c32607e5-5ad3-45aa-a7b2-17cca911d60d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811770", "to_ids": true, "type": "filename", "uuid": "db70cd28-d06f-4432-b42c-8353fa5b2478", "value": "9e060f24c35dc0e2e8df6a9289c5a052.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811770", "to_ids": false, "type": "text", "uuid": "46d184c2-e5df-4cef-8ad6-4c8f2f5acb0f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860133", "uuid": "36f1d228-ddc9-4f82-8483-dbe583950f25", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860133", "to_ids": true, "type": "md5", "uuid": "18471ccc-352a-4b14-9758-deacf0f1f50f", "value": "cbb0519836ea6ab8416a9c0692d77b43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860133", "to_ids": true, "type": "sha1", "uuid": "0d69205e-c254-4e06-9bf9-d11d6304a3b3", "value": "4b39142f9500149644f0bdbb99f58a86eccf6950", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860133", "to_ids": true, "type": "sha256", "uuid": "3a6d87ee-e5ed-4569-97bd-2905044ae409", "value": "bc8b9c11769864805e706714884f3e91e0128d22396d5246130cd0c3bd4ebd1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811791", "to_ids": true, "type": "ssdeep", "uuid": "08c7580d-0cda-4f8f-914d-795592e0cb47", "value": "12288:BfBzlIEXAJe6ANXYC3HAA+9xCDlwKdTLpqGfUe/Ndz4F2v7wZmtaAsu2smcxvc0Z:BfqQ60IWxKMpRfUeVdzMmiurVcfI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811791", "to_ids": false, "type": "size-in-bytes", "uuid": "6c46d76d-83f5-44f0-9bcd-4056394e7c3d", "value": "826176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811791", "to_ids": true, "type": "vhash", "uuid": "86265a04-3ca1-4e81-93ec-dcd9f0555c17", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811791", "to_ids": true, "type": "filename", "uuid": "bbbf44a2-2d68-431a-ad16-74239efe251f", "value": "cbb0519836ea6ab8416a9c0692d77b43.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811791", "to_ids": false, "type": "text", "uuid": "68e42539-1122-48f8-baa0-6d30a37f8b9e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:31/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860134", "uuid": "cc72a975-2a07-4285-82c4-146e082428f4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860134", "to_ids": true, "type": "md5", "uuid": "07d36189-5cd2-4543-b9fa-5b78d2db375a", "value": "309fbe0c64ebf9c158afd1032f35b12f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860134", "to_ids": true, "type": "sha1", "uuid": "7e22ae11-1671-4f3a-af09-4ba7bffdf8ff", "value": "6ead39a1fa6978ca1f9e385fe749654c2f781509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860134", "to_ids": true, "type": "sha256", "uuid": "5cd5c6df-b1b3-4d4d-935e-c894d5996673", "value": "b78a087f1ab7181cfde24b76eda0efec0861a4cb3c1d8a19f93581b9110401ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811813", "to_ids": true, "type": "ssdeep", "uuid": "645fde29-c9cd-483a-8057-9b07d8cb7e42", "value": "12288:PfBzlIEXAJe6ANXYC3HAA+9xCDlwKdjLdWKs2JjREaIIVXrjZpet6GtqKr6:PfqQ60IWxKEd3R5II1r9Y8GtqKW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811813", "to_ids": false, "type": "size-in-bytes", "uuid": "a757065b-8d11-4efc-9ed1-c988bd83ab84", "value": "826170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811813", "to_ids": true, "type": "vhash", "uuid": "c4d545dc-9902-4e3d-9635-5f6bf23d1411", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811813", "to_ids": true, "type": "filename", "uuid": "7afab07d-c0e0-49c9-b169-1cccf9957006", "value": "309fbe0c64ebf9c158afd1032f35b12f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811813", "to_ids": false, "type": "text", "uuid": "f7c015bb-647b-4359-9001-4f7ce1eb57ad", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860135", "uuid": "bb0fd760-7f2e-431b-9c18-56ed576009b7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860135", "to_ids": true, "type": "md5", "uuid": "0e94ef26-4465-46fe-9e13-c3f0bb39205c", "value": "43237985b438935de50d9892182130b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860135", "to_ids": true, "type": "sha1", "uuid": "a3b0701c-1397-4161-9976-648e7dd0dfa0", "value": "e86dd54edf248819b5d45745336ad780208858bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860135", "to_ids": true, "type": "sha256", "uuid": "f821e7a0-546c-4c9f-bb37-8186fe0098b9", "value": "4625fd36f3c9f66964ae4be096aebb84519fa67f6b6fd4d51e95c0dd8f2ef567", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811834", "to_ids": true, "type": "ssdeep", "uuid": "fc2f9cea-302c-4d72-8b83-794ca6f4b863", "value": "12288:IfBzlIEXAJe6ANXYC3HAA+9xCDlwKdkKl2duGLcEzilKTX4LrakJdDxVMyQ9:IfqQ60IWxKNWscEuKTXirakJhwV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811834", "to_ids": false, "type": "size-in-bytes", "uuid": "f8c709e0-4210-46de-bd37-292bf03bc232", "value": "815771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811834", "to_ids": true, "type": "vhash", "uuid": "017f2452-fe1b-418c-92dc-7ae42ea361b7", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811834", "to_ids": true, "type": "filename", "uuid": "7aab3fcc-6f90-48d5-a8b6-071980d31381", "value": "43237985b438935de50d9892182130b8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811834", "to_ids": false, "type": "text", "uuid": "2b07b938-f991-4fa3-a01d-7d1672bfa1c0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860136", "uuid": "cd1452d0-9903-49a8-86f3-d91fa12233d2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860136", "to_ids": true, "type": "md5", "uuid": "eba49d68-d1a1-484f-8328-7ca2b5dbf477", "value": "af9f0ab92ef5c2cd4ec6da1246a8438e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860136", "to_ids": true, "type": "sha1", "uuid": "bfddb72a-4ed9-402a-b65d-3ee69ccfbe39", "value": "58511ed3844b8bffd6b573166081d94f1e80f6e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860136", "to_ids": true, "type": "sha256", "uuid": "6671e1b6-39a3-4a38-9552-ce5b9b6e183e", "value": "d43809c0b990986a395fd5ea5e78357c5c148280456e058d61d58a54e9512c7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811855", "to_ids": true, "type": "ssdeep", "uuid": "afd94269-d2be-4785-98e7-9b77b18f3992", "value": "24576:lfqQ60IWxK4lG9YVz7JCqjos2Hgut8l1F:lf1607KPa7J5os2HDKln" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811855", "to_ids": false, "type": "size-in-bytes", "uuid": "1cad453d-3ba1-4a72-90fe-265b0081c778", "value": "826180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811855", "to_ids": true, "type": "vhash", "uuid": "39e84948-b117-4710-af66-99f4381501cc", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811855", "to_ids": true, "type": "filename", "uuid": "52dcadfa-cf0f-4850-8466-cfd6dde988ff", "value": "af9f0ab92ef5c2cd4ec6da1246a8438e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811855", "to_ids": false, "type": "text", "uuid": "686fcf34-c715-4068-b416-5913df65399b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860138", "uuid": "eab73a6a-ca36-4e9e-aaed-0b94c756c97c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860137", "to_ids": true, "type": "md5", "uuid": "d804ae84-5f83-4688-9bab-7cab52ae622e", "value": "d51a6e893ab18967d40bad2563e905f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860138", "to_ids": true, "type": "sha1", "uuid": "e05a434e-4597-4dd4-8873-4465aab59532", "value": "4e877419481dad44b0d5ad7dc2817357d2eefbe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860138", "to_ids": true, "type": "sha256", "uuid": "863d427e-83bd-4577-9506-f8d6fa5ac170", "value": "a685513103bfdd6d41d3eb46ad08f64f50e325bb41c61597e98e1435ad5ff712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811877", "to_ids": true, "type": "ssdeep", "uuid": "f582e61e-b7b0-45c3-9e06-d00638b23662", "value": "12288:0fBzlIEXAJe6ANXYC3HAA+9xCDlwKdnLl6Ks2JjREaIIVXrjZpet6GtqKr5:0fqQ60IWxKoljR5II1r9Y8GtqKV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811877", "to_ids": false, "type": "size-in-bytes", "uuid": "1edf1f51-0103-41f2-b649-b5c270a29b45", "value": "826170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811877", "to_ids": true, "type": "vhash", "uuid": "d5d771a2-0ea8-4401-9aa6-8ff31821118b", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811877", "to_ids": true, "type": "filename", "uuid": "fb6db17e-f6fb-4bf8-942d-9c911ba4e451", "value": "d51a6e893ab18967d40bad2563e905f0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811877", "to_ids": false, "type": "text", "uuid": "ddf2b5d0-5ed1-4d8b-8dd3-23b952814db2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860139", "uuid": "c8330da5-64b9-443e-b0b0-55dfb80b0ee8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860138", "to_ids": true, "type": "md5", "uuid": "abab6508-73f8-49fc-8450-a10db5960626", "value": "5823384b84f5f1a24dff9d26e6d321b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860139", "to_ids": true, "type": "sha1", "uuid": "e0233307-02ab-4b63-877b-6c646211ac63", "value": "2ed3cce3a8a556c3c40a43df58d26889985eb446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860139", "to_ids": true, "type": "sha256", "uuid": "4f94fb4e-73f5-4323-a420-445c9a14713b", "value": "f0c5ea0c23ec0a9e5f0ebe389ff625d70dfd0428709594a07f820a4139ff953d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811898", "to_ids": true, "type": "ssdeep", "uuid": "b3abb2fc-66ca-4e86-9933-616ee7900019", "value": "24576:LfqQ60IWxK8d19YVz7JCqjos2Hgut8l3I:Lf1607K0a7J5os2HDKlY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811898", "to_ids": false, "type": "size-in-bytes", "uuid": "37b3c20d-5272-40f3-9ab9-a7deb5828435", "value": "826180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811898", "to_ids": true, "type": "vhash", "uuid": "4a66cac5-2607-486c-a895-2b9bd187c2b2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811898", "to_ids": true, "type": "filename", "uuid": "a556d60b-61d4-4ec9-8a8d-1ad7c70f4806", "value": "5823384b84f5f1a24dff9d26e6d321b7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811898", "to_ids": false, "type": "text", "uuid": "fbd2bcaf-862e-4619-8907-8f62da4465f9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860140", "uuid": "05872525-f5b4-4f2a-98e5-7826dceb61c3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860140", "to_ids": true, "type": "md5", "uuid": "4c079c03-0634-49e8-b815-bc12022c02c3", "value": "3583a60696484cd53ca63219d190c767", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860140", "to_ids": true, "type": "sha1", "uuid": "063e53d0-32e2-45c7-94c2-874f8e67cf27", "value": "d72031514943ae836bed880742aeccf47f515694", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860140", "to_ids": true, "type": "sha256", "uuid": "243735b0-afba-409b-b99b-a707f526643d", "value": "b867e856a4b4c16c0265ac6729318ee06a335246cd04df3074c6a91c1c1048bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811919", "to_ids": true, "type": "ssdeep", "uuid": "e2b3ff1b-418b-4640-a8e3-a823f0ad08b0", "value": "24576:pfqQ60IWxKAVZ9YVz7JCqjos2Hgut8l7k:pf1607KEa7J5os2HDKlI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811919", "to_ids": false, "type": "size-in-bytes", "uuid": "8927f449-b574-410e-8706-39d702fce143", "value": "826180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811919", "to_ids": true, "type": "vhash", "uuid": "11bcf211-18d6-4ba9-9f94-7f439f987cec", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811919", "to_ids": true, "type": "filename", "uuid": "67adc220-d001-4b6d-ac07-a1b54066bcc7", "value": "3583a60696484cd53ca63219d190c767.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811919", "to_ids": false, "type": "text", "uuid": "3202d163-dcab-45c9-a780-a00e47631942", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860141", "uuid": "858948d9-5a1a-43fc-b0d3-d910d566b73e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860141", "to_ids": true, "type": "md5", "uuid": "64227dfe-e64b-490e-8265-60ccb25acd8d", "value": "05662e4b4c0795326f30c32bd5c7cfa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860141", "to_ids": true, "type": "sha1", "uuid": "1ba797db-d112-4f5e-a2cb-213077451785", "value": "b8d83b8851aa05272f44cb131462108f47d0a1fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860141", "to_ids": true, "type": "sha256", "uuid": "50fc3531-4d68-4021-8a62-5ebf78e3eda1", "value": "b2fa657734378ceb6fc27a4715f8dea914344744983a80c7f3b80ca9e103a2bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811941", "to_ids": true, "type": "ssdeep", "uuid": "7931ca9d-3c26-47c0-aee4-b4f72c09498d", "value": "24576:hfqQ60IWxK/VA9YVz7JCqjos2Hgut8lqF:hf1607K+a7J5os2HDKl8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811941", "to_ids": false, "type": "size-in-bytes", "uuid": "fad73f38-eeb2-4629-9f94-d5a695ea3c5a", "value": "826180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811941", "to_ids": true, "type": "vhash", "uuid": "ed47e748-4316-486f-932c-6564f7f2d23d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811941", "to_ids": true, "type": "filename", "uuid": "1d8c3999-8774-449a-94ef-0e202aa01365", "value": "05662e4b4c0795326f30c32bd5c7cfa6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811941", "to_ids": false, "type": "text", "uuid": "39f1a298-953e-4453-a01a-98a7205f2656", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860142", "uuid": "8670d615-e314-4b8a-b166-80b161d58abf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860142", "to_ids": true, "type": "md5", "uuid": "3b6130c7-73be-4b2b-ba8d-e9df89822f70", "value": "6e54818af2d3082f00427c77f6a77d88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860142", "to_ids": true, "type": "sha1", "uuid": "7a8261be-fb43-4892-b74d-3478272399b9", "value": "f4dc7a0d23869631a05d9b4869991be9cbcc67a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860142", "to_ids": true, "type": "sha256", "uuid": "ca14337a-7bd7-438e-a8a7-578e5ed36856", "value": "65673612fce60b66722feba7d8c569495a7c6896e715dbe32354778965ea69aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811962", "to_ids": true, "type": "ssdeep", "uuid": "6942a4a2-791f-47b6-8968-fefccd8cf678", "value": "12288:WjjXp4m/WXgC0ZhcQNwmtn20KdFLhHe7TE/1QdzzzvISK4tGUs4OQR7xfJ1PfTJP:IjSJ0jzNdWhX1QBcSK4zAQnfPXTJau" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811962", "to_ids": false, "type": "size-in-bytes", "uuid": "446bbee9-1c02-46d4-ba23-a9b37660095d", "value": "823034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811962", "to_ids": true, "type": "vhash", "uuid": "30fb9cc8-57ef-4eec-99c7-ce54d30d419e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811962", "to_ids": true, "type": "filename", "uuid": "ac26703f-5d79-4a77-a3c4-3dc31ee6e9f1", "value": "6e54818af2d3082f00427c77f6a77d88.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811962", "to_ids": false, "type": "text", "uuid": "dd825492-6748-4cc4-8324-ad9a68251897", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860143", "uuid": "02801972-419c-4954-b16b-28d153a60a5e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860143", "to_ids": true, "type": "md5", "uuid": "e19c51da-ee98-4a25-87af-50fdb5c6b530", "value": "725228afd2f084bef144619153cd2c2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860143", "to_ids": true, "type": "sha1", "uuid": "a84bd48a-af88-4396-9321-a1266501a4cc", "value": "6a443d0acb0dfea045cbaf3f478c42eefb4ca249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860143", "to_ids": true, "type": "sha256", "uuid": "1b6a97ed-9264-44b4-9c35-0744f138dead", "value": "417c1eca43baafdeda7abb035fd50f2d35cf83fb4726cd7021470f3a3434af22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740811983", "to_ids": true, "type": "ssdeep", "uuid": "70c2f413-6dbc-4993-879e-4f44ab1f2145", "value": "24576:nfqQ60IWxKOtT9YVz7JCqjos2Hgut8lha:nf1607K0a7J5os2HDKlk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740811983", "to_ids": false, "type": "size-in-bytes", "uuid": "cde01eb0-7373-4855-aba8-266b549f57a4", "value": "826180" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740811983", "to_ids": true, "type": "vhash", "uuid": "73081f34-93b3-4376-9f0b-4f10a4cde6e8", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740811983", "to_ids": true, "type": "filename", "uuid": "424d0e5a-aeaa-4ab1-b3c3-02374ba049fe", "value": "725228afd2f084bef144619153cd2c2a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740811983", "to_ids": false, "type": "text", "uuid": "5ee87f61-9cc1-4960-8661-8a428c780a1c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860145", "uuid": "5489aed9-2c78-49a4-8e16-d12e8a1d247b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860144", "to_ids": true, "type": "md5", "uuid": "46da993e-7b0b-4c79-9e73-642d9eaa76eb", "value": "651c615f766e33c0d98d9220dd0b79dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860144", "to_ids": true, "type": "sha1", "uuid": "16439f68-4bdc-4abd-8897-a76b46370185", "value": "2240823f46b20a5406f3372265467958e044af84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860145", "to_ids": true, "type": "sha256", "uuid": "9dc04c4e-3647-4dbd-ab4d-7d9138bcb1c7", "value": "60acd5a9b7297fcc473a6d7d17e605037abf2d472822906a6ce856f394eeb669", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812005", "to_ids": true, "type": "ssdeep", "uuid": "d7d99968-bf1e-4167-83aa-f5b19deb5929", "value": "24576:VfqQ60IWxKA967phjyHEXRKH5ChQLdKcO:Vf1607KZGIoWdV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812005", "to_ids": false, "type": "size-in-bytes", "uuid": "7fbf880a-4fba-478b-8fa7-5c641fb3d291", "value": "826173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812005", "to_ids": true, "type": "vhash", "uuid": "9de79109-0a57-4398-94e6-f9148ce6d66e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812005", "to_ids": true, "type": "filename", "uuid": "c629a4a9-c8e7-4fa1-8f9d-76c586edf213", "value": "651c615f766e33c0d98d9220dd0b79dc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812005", "to_ids": false, "type": "text", "uuid": "8dd0c646-1236-4ad2-9e11-c1c97f42988a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860146", "uuid": "d9b10f09-8a06-4aaf-8d0b-49e50dd1deef", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860145", "to_ids": true, "type": "md5", "uuid": "9063bb31-2fa5-4492-8786-5e52dcc2f2bb", "value": "ef477c3805c7eb1a53fbf14906a37911", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860146", "to_ids": true, "type": "sha1", "uuid": "e0b9d193-0242-49a2-bce5-1663e166c015", "value": "29c1da5192b57b99df2dd1140db6ac40e9ae20e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860146", "to_ids": true, "type": "sha256", "uuid": "a384e4b7-0a9c-4d11-ad80-3c58975be899", "value": "d5b6120af7cf45f394c9338acb774a4bd1816e1477fd60d51d62c5f28b0938bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812026", "to_ids": true, "type": "ssdeep", "uuid": "ef56fc74-dcd5-4f78-9edd-ab3151187cb6", "value": "24576:VfqQ60IWxKg9L7phjyHEXRKH5ChQLdK87:Vf1607KUGIoWdw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812026", "to_ids": false, "type": "size-in-bytes", "uuid": "a447dd4a-3b17-4b5d-a1c1-a8a6ead17fb4", "value": "826173" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812026", "to_ids": true, "type": "vhash", "uuid": "cf617d0f-34a7-4d4e-a8fc-10796ca19d8c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812026", "to_ids": true, "type": "filename", "uuid": "f7486dd4-60b5-4641-8c66-6d2a4b56e7f3", "value": "ef477c3805c7eb1a53fbf14906a37911.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812026", "to_ids": false, "type": "text", "uuid": "d9e6c853-71b2-4355-a2a3-e43be05840ed", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860147", "uuid": "d71909fe-b44c-481b-83c5-6017688a476f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860147", "to_ids": true, "type": "md5", "uuid": "555cfa4c-9985-49e0-bae3-4a27db48fd23", "value": "ceb4df178388ddbfbd1956c4a1f35225", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860147", "to_ids": true, "type": "sha1", "uuid": "7973cbb2-0e6b-49c5-842f-547500f3825b", "value": "2342a0e833f92d3c43cfc71c51ceb5edf8d28162", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860147", "to_ids": true, "type": "sha256", "uuid": "2f57f746-ccf8-4182-91a3-482e48014395", "value": "cbe6ef01ad5b47a7ca19876dc6e4a214f77f3256dd09698d4c77ff92422752f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812048", "to_ids": true, "type": "ssdeep", "uuid": "16562762-bb4a-408d-b9a7-302a587867e9", "value": "12288:nfBzlIEXAJe6ANXYC3HAA+9xCDlwKdnLl6dzXp1bjy3LsUE5ra0PJQTBd5WFhQLg:nfqQ60IWxK4lG7phjyHEXRKH5ChQLdKN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812048", "to_ids": false, "type": "size-in-bytes", "uuid": "89b54277-c294-455a-8377-cd7c1a0963cf", "value": "826174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812048", "to_ids": true, "type": "vhash", "uuid": "b868ebf5-689c-481a-8d56-5a57e4e41859", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812048", "to_ids": true, "type": "filename", "uuid": "2347cb1b-00f2-4d62-a737-00a9d45685df", "value": "ceb4df178388ddbfbd1956c4a1f35225.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812048", "to_ids": false, "type": "text", "uuid": "c4998c79-d5a3-4820-a2ef-9c231d5b6ea3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860148", "uuid": "11116bbf-5e33-4d7c-a964-d635343bba89", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860148", "to_ids": true, "type": "md5", "uuid": "53c6cbdc-d12d-4c0d-95d4-b1691a9b7d57", "value": "cf99816d836d7c80ede4059322cfdc84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860148", "to_ids": true, "type": "sha1", "uuid": "81b876d2-9fe5-4b69-82b1-15fee0c471ef", "value": "b117b5e989c31a0c389b906e7c4b47dca64115a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860148", "to_ids": true, "type": "sha256", "uuid": "8418cbae-48e0-4f6b-8e9c-cb632422a39b", "value": "6ac4e0e70bd74f41e9930ba20e373edd2fdc9fb9b1fa1dc65109c8ecb5a37388", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812069", "to_ids": true, "type": "ssdeep", "uuid": "3324c1c6-8d82-412c-8029-8e113f293f02", "value": "12288:JeT2WSCbacAxwyLHGDEnKPguv3vPrGjv0Ti6KtOl1kzMVHaeyQQW:JeVA784Kv3nqfIIZefj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812069", "to_ids": false, "type": "size-in-bytes", "uuid": "5ded38d1-cfc5-4e9d-8b5c-1ae0f9be8f02", "value": "581848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812069", "to_ids": true, "type": "vhash", "uuid": "f2918290-aceb-4cee-bb5b-b6a9d38dd148", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812069", "to_ids": true, "type": "filename", "uuid": "c518c889-93a7-4e82-805f-9300c76ff0d5", "value": "cf99816d836d7c80ede4059322cfdc84.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812069", "to_ids": false, "type": "text", "uuid": "41702ee8-81fd-4d0f-8a71-96a764d20f25", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860149", "uuid": "e6b05a30-e32b-4cb4-b2f8-effc16e020e0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860149", "to_ids": true, "type": "md5", "uuid": "59f461df-4b82-46d7-9131-f703939dbab6", "value": "77e0a05b7aee9cdf87053ca97f93dc19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860149", "to_ids": true, "type": "sha1", "uuid": "58c6304b-1c52-4a60-8dd5-48ded54896da", "value": "113d89b1f0bff15b7821523a572d9dbd6b952511", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860149", "to_ids": true, "type": "sha256", "uuid": "d6891918-750e-49e9-88be-f0c6e4709641", "value": "730dee18dbe6e564c6721ee2a560516f5fd197d3424acb0e67e44f9e90ff0499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812090", "to_ids": true, "type": "ssdeep", "uuid": "71fe9bc1-e94a-4cb3-8521-592a53463911", "value": "12288:ffBzlIEXAJe6ANXYC3HAA+9xCDlwKd5LBgms2JjREaIIVXrjZpet6GtqKrS:ffqQ60IWxKSBhR5II1r9Y8GtqKe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812090", "to_ids": false, "type": "size-in-bytes", "uuid": "fb0d67bc-f3c7-454d-a0d7-ad61953f5643", "value": "826170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812090", "to_ids": true, "type": "vhash", "uuid": "9042bbef-a06c-4bd9-99ac-96594739a71e", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812090", "to_ids": true, "type": "filename", "uuid": "396b4085-1fc1-417f-91ee-a87c20fe165c", "value": "77e0a05b7aee9cdf87053ca97f93dc19.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812090", "to_ids": false, "type": "text", "uuid": "c5b54c97-29cf-4b6a-9d61-25de9649b4c2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860150", "uuid": "96bc06e4-71a4-4165-b339-88442314b2e7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860150", "to_ids": true, "type": "md5", "uuid": "52a104ba-75d8-4b78-a0ab-2c3f32e04123", "value": "8116bd1957ff3f00c421574052c52017", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860150", "to_ids": true, "type": "sha1", "uuid": "87517c5c-f06c-4f15-98ca-501e85c8140a", "value": "addfe6c6c6d94aade6ad82f2ef9eba40c0b01b09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860150", "to_ids": true, "type": "sha256", "uuid": "d53516d8-0653-4c60-aa00-54d9df198085", "value": "0af2b64d36a07c595525225d1df49c5285a2f52a15fd651169a3d6f499af29c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812112", "to_ids": true, "type": "ssdeep", "uuid": "313c0b30-b0b8-4071-9f4a-6fec80414904", "value": "12288:ofBzlIEXAJe6ANXYC3HAA+9xCDlwKdtLR0es2JjREaIIVXrjZpet6GtqKr5:ofqQ60IWxK2RtR5II1r9Y8GtqK1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812112", "to_ids": false, "type": "size-in-bytes", "uuid": "7b00815e-8200-4096-8832-e6576177907a", "value": "826170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812112", "to_ids": true, "type": "vhash", "uuid": "53639f1a-8eba-4f2c-b19a-cbdf4a0b483c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812112", "to_ids": true, "type": "filename", "uuid": "1a185a4b-0c73-4209-a7d8-3447bf79f572", "value": "8116bd1957ff3f00c421574052c52017.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812112", "to_ids": false, "type": "text", "uuid": "d51b004f-c3c1-4554-b45c-8867362c09e0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860152", "uuid": "44fd7a21-2e84-46cb-8cd2-9defb050cbe8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860151", "to_ids": true, "type": "md5", "uuid": "35e44ed4-0990-40e7-9492-75486062cec4", "value": "4873d7fdefb2bb168b881bc99dbe3fb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860151", "to_ids": true, "type": "sha1", "uuid": "d15c1339-6055-4ca5-86f7-f3b814d33d98", "value": "1939f87dabe4621d325e036aca4b09ab8715aa1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860152", "to_ids": true, "type": "sha256", "uuid": "15de0660-57bd-4e0c-abf9-36a5c3c87b8f", "value": "3a2a03269eb909307e597ca97ecd9ad2e31308207b29675d5725626a340610a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812133", "to_ids": true, "type": "ssdeep", "uuid": "e7f29ca1-27a8-4178-8d79-9d7355a5dabc", "value": "98304:xTQI0Hy9sBUbe9BX/iM+JDbYHvwgM9BntEG0P7zFUa1Ev8X7L6k9bUBs5:0ue/XqM+Jjn/mG0P7zCaGv8XH6k6Bs5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812133", "to_ids": false, "type": "size-in-bytes", "uuid": "974e667d-3244-4220-828e-3fec64e006fe", "value": "5557943" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812133", "to_ids": true, "type": "vhash", "uuid": "454dd66e-0fce-465a-ad43-8a0491ff83d2", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812133", "to_ids": true, "type": "filename", "uuid": "42ddc4be-e807-45b1-a41f-68ccf796657d", "value": "4873d7fdefb2bb168b881bc99dbe3fb9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812133", "to_ids": false, "type": "text", "uuid": "473e2001-d887-42c1-a0bf-44218ce4956c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860153", "uuid": "c4938ba8-4ee3-474c-a931-8fa5f98be981", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860152", "to_ids": true, "type": "md5", "uuid": "5ee8896e-f646-4978-8d4e-462e101c544d", "value": "c00149ccc733a4849a5f1217f49f0ce0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860153", "to_ids": true, "type": "sha1", "uuid": "74d60a01-4645-4782-a51f-620e762c7673", "value": "3fab2400dde3d229998d075bac54827253441a36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860153", "to_ids": true, "type": "sha256", "uuid": "6550238a-002e-4557-8d56-8b0ccd6e5ece", "value": "40c055e71c01bc95c4efd20e919439f5503e5f235232b87159cf31a474be3fba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812154", "to_ids": true, "type": "ssdeep", "uuid": "33b2ef17-eb6c-455e-8e91-42b979fa8455", "value": "12288:tfiHM2mN37B6ubqhvJb/rlB0lNngQggu021Da1D:tV2S0uGhvnOlNg4u021D8D" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812154", "to_ids": false, "type": "size-in-bytes", "uuid": "c5545bce-c3cd-4b87-a199-252a7af340c5", "value": "595176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812155", "to_ids": true, "type": "vhash", "uuid": "588d7d57-fb71-4a1c-b95d-60142bc7e0ea", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812155", "to_ids": true, "type": "filename", "uuid": "1d9939cd-2fe1-4f3b-963d-53ddcebd7f52", "value": "c00149ccc733a4849a5f1217f49f0ce0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812155", "to_ids": false, "type": "text", "uuid": "2380bcbf-d93a-4d82-be71-d03eb3f1b513", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860154", "uuid": "f7ef0ccb-51c1-4240-939f-9d627938d8f9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860154", "to_ids": true, "type": "md5", "uuid": "afe1fd4d-71d8-461d-bf31-0617bce48870", "value": "b34deb70d066c3a526c830943aa2ef1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860154", "to_ids": true, "type": "sha1", "uuid": "83d46798-77e5-4710-a7f1-ad2c3fc9fbb9", "value": "5c2454abfb5feb2cf2b3e9d9e22eeb8ef221f445", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860154", "to_ids": true, "type": "sha256", "uuid": "9abfa895-a954-490e-9238-3d1032533044", "value": "6b07a13738c7e82660f47a8e85c9f99068f7e8fd2a96b6cb07908f758ef433c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#2745a2", "local": false, "name": "rectifyq:sample-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812176", "to_ids": true, "type": "ssdeep", "uuid": "6143aa0f-ad58-4beb-ba3d-fdb4599695a8", "value": "12288:V4o4vUKXPMqC/xuhjZ+jE2gu3ZKSYrrqMP54md5aIuXZwmnAkQQm:VWvU2NC/xuP+o2gu3iXq0xuX2Jv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812176", "to_ids": false, "type": "size-in-bytes", "uuid": "9e44a177-2404-4e72-b183-b232532e652e", "value": "581851" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812176", "to_ids": true, "type": "vhash", "uuid": "237d3096-79d8-455b-b5e9-777c4f4819f9", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812176", "to_ids": true, "type": "filename", "uuid": "7fbabb07-ade0-499f-8628-6a74906620f1", "value": "6b07a13738c7e82660f47a8e85c9f99068f7e8fd2a96b6cb07908f758ef433c2.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812176", "to_ids": false, "type": "text", "uuid": "49c71e86-1ed0-4128-8940-b6ff561cd19b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:41/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860155", "uuid": "51a60d7c-e74f-42c4-ab5a-a4cae6a76d32", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860155", "to_ids": true, "type": "md5", "uuid": "c4e3beae-f852-40ff-9f78-962abfe810b5", "value": "f12e62e8f71057c740d02a20e8052434", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860155", "to_ids": true, "type": "sha1", "uuid": "21f634dd-66c5-47a6-89e6-4ccd6e5d4242", "value": "abb292010043f608f7429b9b908d0a3a9ae5f504", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860155", "to_ids": true, "type": "sha256", "uuid": "b3ff439a-a3a7-4bdc-9a30-c00efdd3f7b3", "value": "3182f2ae23437a13ee3f8f41085bcaa0ebe29cdb860a923f846ccdea253e0ad6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812197", "to_ids": true, "type": "ssdeep", "uuid": "1167fac5-f750-4117-9b94-35b3624b6e13", "value": "12288:tfggeR1vSGWULWHwc7zFG+bTzFcirUvWu4sm+XSx7XWWs:t4geRdXrcnNHailu4sm+Gs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812197", "to_ids": false, "type": "size-in-bytes", "uuid": "14acc916-9f55-4414-b6e8-d8eff8271097", "value": "595179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812197", "to_ids": true, "type": "vhash", "uuid": "75608c71-5ef8-4e65-885b-2ff4a7edb21a", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812197", "to_ids": true, "type": "filename", "uuid": "759b593f-55c1-4f3b-86c9-fe056ede5b1b", "value": "f12e62e8f71057c740d02a20e8052434.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812197", "to_ids": false, "type": "text", "uuid": "48af6b87-a7bf-408f-b74d-ee54b36c3ed3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860156", "uuid": "ab304274-891e-4918-9c58-1c2e813cf2b8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860156", "to_ids": true, "type": "md5", "uuid": "66ba2db3-c3e7-4fdd-9d39-b5f60f1747cb", "value": "508bf8ad264333a747a324aebb517cab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860156", "to_ids": true, "type": "sha1", "uuid": "57dd477b-1550-489b-8025-18cedbc7e46a", "value": "d08b30ea39cf802f764508cedeea61666fb86d10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860156", "to_ids": true, "type": "sha256", "uuid": "cee93b97-898e-49a9-8c05-31e71e389233", "value": "b351412f4aa0b48865df9c51217eceef9746caccd76df0204f55235a242296ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812218", "to_ids": true, "type": "ssdeep", "uuid": "415e921c-c0ba-4596-8c58-a1f681b5407f", "value": "12288:VfogeR1vSGWULWHwc7zFG+bTzFcirUvWu4sm+XSx7XWWc:VAgeRdXrcnNHailu4sm+Gc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812219", "to_ids": false, "type": "size-in-bytes", "uuid": "706534e1-e393-40d2-8aee-adf0b8f333ff", "value": "595179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812219", "to_ids": true, "type": "vhash", "uuid": "d234b3cc-f9aa-443e-9b16-6594e281c574", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812219", "to_ids": true, "type": "filename", "uuid": "205bebae-e2be-44b4-9ac3-8391bd9dc98d", "value": "508bf8ad264333a747a324aebb517cab.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812219", "to_ids": false, "type": "text", "uuid": "f6608a57-7d14-4aa2-91ba-6bd13faae247", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860158", "uuid": "ebdc6a2c-a41c-494c-9ae0-b4d1084e1322", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860157", "to_ids": true, "type": "md5", "uuid": "4837352e-d758-4f0f-a1f0-81726dbe7b67", "value": "17ef63151df23113f61cfb0508da90bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860157", "to_ids": true, "type": "sha1", "uuid": "78d04864-f8a8-47d1-a2d7-0551361a94f1", "value": "f97a4ddf8e247ab96f54c66ece6d83a1744b7901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860158", "to_ids": true, "type": "sha256", "uuid": "6cc4cace-a6fd-4db2-9301-c586f9c9c0cf", "value": "7f80a05f773f013aed87579a2ac86e9d2abc67a67c52b3f63d7f29cb8c18be69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812240", "to_ids": true, "type": "ssdeep", "uuid": "567afc28-de38-46f1-a60f-6efdf45b2020", "value": "12288:RftN6D8DKHV7TVFjHQ7iqftqndn3IJUvP9NWsUwj+iVP:R7DKH97ju/ftkn+Unj5jnP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812240", "to_ids": false, "type": "size-in-bytes", "uuid": "a27fa636-ef77-4a74-b2dd-4e139cc1932e", "value": "594968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812240", "to_ids": true, "type": "vhash", "uuid": "0cfe16c7-849f-4881-ba6e-69a8c843fabc", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812240", "to_ids": true, "type": "filename", "uuid": "80e346d6-31e3-475a-a9c4-326a4210c545", "value": "17ef63151df23113f61cfb0508da90bd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812240", "to_ids": false, "type": "text", "uuid": "1e6c8166-e661-4edd-af16-445f953be897", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860159", "uuid": "020b1f14-8d69-4777-bed4-37b6a29221bc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860158", "to_ids": true, "type": "md5", "uuid": "b6da183b-5485-49bc-9fd2-58d870a654c9", "value": "a2b074fd8bbb228dc6b467ef1f705d15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860159", "to_ids": true, "type": "sha1", "uuid": "afac8044-a1a6-4c00-96e8-eaa1c94b67ab", "value": "59f4e76743aaf7f4a80d04d63082467ab9f4155b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860159", "to_ids": true, "type": "sha256", "uuid": "e51729a5-a38a-4291-91e1-8f4b31e99616", "value": "5f08dccde1ccf513dcabc7cae8f098a7485e389e4d71db3d5e37e17e58fc7e2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812261", "to_ids": true, "type": "ssdeep", "uuid": "7fa11d6f-2d2e-4ece-97b2-27d6d93089a9", "value": "12288:OfBzlIEXAJe6ANXYC3HAA+9xCDlwKdEL9TgdhmwbQvSOBO4OnA8AxlURQ1lL5G8U:OfqQ60IWxKb9k75Qk4zV1lLA5B9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812261", "to_ids": false, "type": "size-in-bytes", "uuid": "13aba5ae-4bad-47af-a3ad-a1a4558b0e20", "value": "826071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812261", "to_ids": true, "type": "vhash", "uuid": "60a8c95d-92e7-44ea-a8d4-933c53d8d802", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812261", "to_ids": true, "type": "filename", "uuid": "f41024d5-8ffb-4fad-bf53-b50239a2f449", "value": "a2b074fd8bbb228dc6b467ef1f705d15.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812261", "to_ids": false, "type": "text", "uuid": "5ff83aa3-71c4-4a07-bb55-5ee8522cb490", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860160", "uuid": "7d451890-26e7-4a87-aa7a-26a6c86dfa5f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860160", "to_ids": true, "type": "md5", "uuid": "663b28a1-167a-4f37-9123-f9dfa2a4640a", "value": "0d58743ee0f1141cf6a6bd8bf5a316c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860160", "to_ids": true, "type": "sha1", "uuid": "958bca9f-37b7-4a26-a314-e2519f45955d", "value": "4b7722534b19e8600ff912f6a8975b146e876b42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860160", "to_ids": true, "type": "sha256", "uuid": "1eee53c9-6659-4bf3-b3f4-932326d9d42c", "value": "28e7659f3601df0719973aee503163664f57a54ef8c4a5fe43583a5da7e899ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812283", "to_ids": true, "type": "ssdeep", "uuid": "6e0ed626-58d1-4eab-b7ff-4194176f2915", "value": "12288:IfBzlIEXAJe6ANXYC3HAA+9xCDlwKdyYxuP0BGpj8QBKsDgNMOy6eOUvGpa7H:IfqQ60IWxKENC8QBvg86TW2aL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812283", "to_ids": false, "type": "size-in-bytes", "uuid": "ab3014b1-4b1d-41d5-9364-866bacaa81b4", "value": "815838" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812283", "to_ids": true, "type": "vhash", "uuid": "5cbc4bc6-8da2-411f-bf0d-de0af0f05b24", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812283", "to_ids": true, "type": "filename", "uuid": "1be00205-860e-42a1-baae-11580e1c2921", "value": "0d58743ee0f1141cf6a6bd8bf5a316c1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812283", "to_ids": false, "type": "text", "uuid": "cf38ae9b-2632-4a27-a9d7-f898ebe18898", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860161", "uuid": "ea93900c-629f-4202-80e7-7946e66f2a9d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860161", "to_ids": true, "type": "md5", "uuid": "46fd7135-d91c-4efa-afc1-51b633bf8fbd", "value": "81727e3d3ad499f5a1ad27882529508a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860161", "to_ids": true, "type": "sha1", "uuid": "4fcc5964-a146-406f-8046-c07ebf5619eb", "value": "2637770eb73a9539687212ff16b70aaed4ea487b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860161", "to_ids": true, "type": "sha256", "uuid": "3e32d634-aa27-431f-b68d-b44afcfdf59c", "value": "c384febc697e07d646be3ea046a5b5a45afa8f1485f91b9b3f2b785d494db8cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812304", "to_ids": true, "type": "ssdeep", "uuid": "26e063ce-267b-40f4-827d-063f8d8f1b0c", "value": "12288:9frLo4nAEbrGLQXuBoDmJiijcKZpwr5ZBWJbAmIe3Bvwduhg:9Y2DusOcKZpwtI8zexvwUm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812304", "to_ids": false, "type": "size-in-bytes", "uuid": "228cac1f-e381-4b09-9a0e-14b63194ff03", "value": "594884" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812304", "to_ids": true, "type": "vhash", "uuid": "027e05fa-cec0-4ff8-81bd-ebcea93582b5", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812304", "to_ids": true, "type": "filename", "uuid": "3322ac39-e9a8-4527-a490-fb032ae7083b", "value": "81727e3d3ad499f5a1ad27882529508a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812304", "to_ids": false, "type": "text", "uuid": "000156fb-403d-4cf8-ad92-17f2c5315634", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860163", "uuid": "e827f847-1471-49f2-a6f8-8d60c784b23f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860162", "to_ids": true, "type": "md5", "uuid": "38c30d27-51b4-46f4-af22-7e9d50c657d6", "value": "2fabb61c80c148bf7faf985e7d0c4b27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860162", "to_ids": true, "type": "sha1", "uuid": "c6ea939b-04e3-4673-bdb4-2e554b9362dd", "value": "c32eb393ee5d2f772837026465f3b4c339bae334", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860163", "to_ids": true, "type": "sha256", "uuid": "3a8390c8-90e1-4afa-b1bf-90880e4ef3d5", "value": "f7ea47ca8cb9bd069a1b6186282a28dd59969bbe7f61c5d6919d7622d4fc8f5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812325", "to_ids": true, "type": "ssdeep", "uuid": "35ad3644-86b5-4019-8a7e-050120142ff7", "value": "12288:Bf04Dhv0NsJM/bjrHBiBA7RB3FjL3JyGdoQrLDdxaSbxAYLqRE8F9:BydbH46JFjL5y6lrL6SbxAmqbT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812325", "to_ids": false, "type": "size-in-bytes", "uuid": "5d8b7ddb-d9bd-4870-a86d-a5fe6c6213e8", "value": "594911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812325", "to_ids": true, "type": "vhash", "uuid": "0072bbbb-e729-43ba-8e73-174f9801782e", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812325", "to_ids": true, "type": "filename", "uuid": "e3ee88ac-7d05-4a53-8f1f-8b7f23a77be0", "value": "2fabb61c80c148bf7faf985e7d0c4b27.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812325", "to_ids": false, "type": "text", "uuid": "c1662791-586c-4dc4-acb2-8267f146314b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860164", "uuid": "d052c81b-93cd-49ba-b132-b3b9710525fc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860164", "to_ids": true, "type": "md5", "uuid": "050d2c7c-1430-4554-a042-6a2518f2249f", "value": "99ae6ea8476462225a4416dec65d8c91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860164", "to_ids": true, "type": "sha1", "uuid": "551759ea-0a32-469d-8f98-fbcb0db1250c", "value": "6beb9288597e6b5e74f5a28838669b3b9eae2a8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860164", "to_ids": true, "type": "sha256", "uuid": "1c12cad5-a72a-478b-ac22-fcf96f9deb4e", "value": "d2e90f897abeb3ca52fcf9c355006be18ae273cad9b04c5a41c979b2edb14643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812346", "to_ids": true, "type": "ssdeep", "uuid": "e69efdee-d3ae-4235-9f81-7aae301493dc", "value": "12288:RfxAWXwHPuMM/lqgPmlSZv52CfC3B2+Ql2EvUvfO+WiA0M7vZu/S:RZAvHPuMMwgOlTCfHoEvUvf7MvQq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812346", "to_ids": false, "type": "size-in-bytes", "uuid": "a1389372-6392-4bd5-b0ec-81c7b7a634ff", "value": "594911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812346", "to_ids": true, "type": "vhash", "uuid": "3e5d02a4-2a13-426b-89f9-9e341aaf1717", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812346", "to_ids": true, "type": "filename", "uuid": "492c77dc-3fcd-4cac-a9e4-4e9055968a1d", "value": "99ae6ea8476462225a4416dec65d8c91.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812346", "to_ids": false, "type": "text", "uuid": "d1fcbaa0-f3e5-42b3-a2a1-371daaa94c22", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860165", "uuid": "97c70a1b-f74f-4125-ac55-211ab06a3bd0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860165", "to_ids": true, "type": "md5", "uuid": "ee6c8a18-eaff-4f32-ab16-aa9178a31a9d", "value": "1bc41c5da26c397dfd125d04d4150baf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860165", "to_ids": true, "type": "sha1", "uuid": "9c963bef-b4fb-4549-9648-6d273c50d9f0", "value": "f99dc1635d003524c0239b8ed4141501f789c36e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860165", "to_ids": true, "type": "sha256", "uuid": "2a28b61c-abd0-45f1-ad52-1299dea585f1", "value": "9cfe7616a641be2bd8ff8328f518a5e9d97c138049ac11fcdb3eb1e148dbe901", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812368", "to_ids": true, "type": "ssdeep", "uuid": "32fdd4a0-56e5-4a16-8bbf-b30967f7436f", "value": "12288:hf+FXwHPuMM/lqgPmlSZv52CfC3B2+Ql2Ej4hqiJVbOE8wG:hmeHPuMMwgOlTCfHoEj4ActAV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812368", "to_ids": false, "type": "size-in-bytes", "uuid": "0542e062-93e5-4c4e-8e40-96f371972611", "value": "594905" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812368", "to_ids": true, "type": "filename", "uuid": "984d1559-d468-45f3-a3ab-4ce3e22ff252", "value": "1bc41c5da26c397dfd125d04d4150baf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812368", "to_ids": false, "type": "text", "uuid": "a9283796-ef8c-49dc-ac39-1c8ee35311c7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860166", "uuid": "a60c7986-40c6-4b17-9326-232f128f1616", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860166", "to_ids": true, "type": "md5", "uuid": "9e5e152f-e7bc-4609-8910-f1a105ca3fad", "value": "8288e424065dda13b371e6c95796a1cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860166", "to_ids": true, "type": "sha1", "uuid": "d1e9156d-96ce-4fe0-867d-7b294fcce4ed", "value": "80c852bcc46af1c69e07bfe450df85644f6ea727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860166", "to_ids": true, "type": "sha256", "uuid": "e4245011-31ba-454c-917e-59cf3a4fc3b0", "value": "739932abd854e7ca9576a46f51e2e095c9d779b9e033bea63e91aba4eedb0c98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812389", "to_ids": true, "type": "ssdeep", "uuid": "e4d2b557-8d47-42ed-bce8-dcd2b1386e76", "value": "12288:xfW4Dhv0NsJM/bjrHBiBA7RB3FjL3JyGdoQrLDdxaSbxAYLqRE8Fz:xEdbH46JFjL5y6lrL6SbxAmqbZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812389", "to_ids": false, "type": "size-in-bytes", "uuid": "9a4e8378-984f-4db9-9100-dc7ce74d9d51", "value": "594911" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812389", "to_ids": true, "type": "vhash", "uuid": "9fd544e0-29ee-44cb-955b-cf285db0610b", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812389", "to_ids": true, "type": "filename", "uuid": "43f3e525-0215-49c1-8536-6af16c1e6f23", "value": "8288e424065dda13b371e6c95796a1cc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812389", "to_ids": false, "type": "text", "uuid": "7b458089-cdcb-4b7d-8122-e07084493e6f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860168", "uuid": "ba0166a3-aa60-448c-bd0c-7e593173676a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860167", "to_ids": true, "type": "md5", "uuid": "2f895143-8d04-40c0-9ede-97e819c3e679", "value": "27fc4b48357a3f6ac1a54721094656d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860167", "to_ids": true, "type": "sha1", "uuid": "49415537-f72c-4351-87c1-90a705122931", "value": "381ed152446d752f713c39a413a078f04e1c50c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860168", "to_ids": true, "type": "sha256", "uuid": "78dc244e-ae67-4c8f-99c6-2212afe1b934", "value": "295ccbf0dc80060c85bf3b0c4331c6509e08afb11782c96107e33bf2a7d9e38c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812411", "to_ids": true, "type": "ssdeep", "uuid": "fa12fef5-e8ca-4495-919b-8a47d14d9268", "value": "12288:HfA163Xvp3N65Ak1aKGnD0DHLPiWRVamR0xYeFsjejeS2qG/:HoYHvp3Pk1JkDYiWRVbiG7qjecG/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812411", "to_ids": false, "type": "size-in-bytes", "uuid": "c70e67c1-c4b2-41bf-bae0-89dcce58d942", "value": "571343" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812411", "to_ids": true, "type": "vhash", "uuid": "d979cc90-7213-4585-be4d-1ce616cd0bd1", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812411", "to_ids": true, "type": "filename", "uuid": "0dad9ac3-82a3-4079-85de-64238996e57b", "value": "27fc4b48357a3f6ac1a54721094656d0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812411", "to_ids": false, "type": "text", "uuid": "08d2d701-1db7-4a48-9eb9-46e4dbe53eca", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860169", "uuid": "6b27dc3d-5fdf-47e6-b256-859c874c8ce2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860168", "to_ids": true, "type": "md5", "uuid": "e390ef44-763e-4537-9dfb-19cb05d3d59a", "value": "9194b7272e9f485b2163740690f80048", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860169", "to_ids": true, "type": "sha1", "uuid": "0dd4f046-51cc-475c-aff9-480e875729e0", "value": "6abe2f6a2b6ae4e76c093e031449977840b415b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860169", "to_ids": true, "type": "sha256", "uuid": "d1fa9374-9ed0-4aa3-82b9-adc4675165bd", "value": "ec239b97d34641e8da6d54f8a43c73ce6efff5db700bd033087befac63fdc8a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812432", "to_ids": true, "type": "ssdeep", "uuid": "e91c305b-6dc2-4a3a-b44b-d56db556d03a", "value": "12288:xWFQwA35dZWsSuEuDQ1qN2QHhZJ/Nr5Llb2vt7eqRxRs50uOXcoAqNfy:xjL35dZWsZQ7QjLLl4eDFODZy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812432", "to_ids": false, "type": "size-in-bytes", "uuid": "2d150f88-546e-4163-905b-b7d4e055264d", "value": "581839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812432", "to_ids": true, "type": "vhash", "uuid": "676afa9e-1a26-44f3-b61d-629ab743f5db", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812432", "to_ids": true, "type": "filename", "uuid": "fc8839c4-fe9a-4494-bca1-3ec6a6838fe6", "value": "9194b7272e9f485b2163740690f80048.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812432", "to_ids": false, "type": "text", "uuid": "6e5314b2-c4e4-43d0-b199-d9af50cf1cc0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860170", "uuid": "7e412e13-0131-477a-9aab-b187f74bad17", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860170", "to_ids": true, "type": "md5", "uuid": "849ba3e5-4118-4cde-8eb4-45f7a7b486b0", "value": "3a6a539112765a891d52cac9520a2c59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860170", "to_ids": true, "type": "sha1", "uuid": "51a403b5-d400-4eb7-8574-ff55cdb3da52", "value": "c2a2b951d520c322dbfe6e64c54e019cd6d2ef03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860170", "to_ids": true, "type": "sha256", "uuid": "8a91af6e-42be-4cd4-92b2-ef63db3080b9", "value": "c8942aeed7d4c24ebde170c749b38598e31fed5ad785f29b4d18172ff0d3c9b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812453", "to_ids": true, "type": "ssdeep", "uuid": "ab805b21-d197-42a7-b3a5-6531d911eaf6", "value": "24576:IfqQ60IWxKUwG19sr/UTFcQGxHgowvDS6b8aeUWJJ4:If1607K7G1KkTyAow26b8aeUWJJ4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812453", "to_ids": false, "type": "size-in-bytes", "uuid": "c5727028-209d-4354-bcca-06332c2e1eab", "value": "1074892" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812453", "to_ids": true, "type": "vhash", "uuid": "8009dd73-b57a-4275-8463-ad3762dc83a3", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812453", "to_ids": true, "type": "filename", "uuid": "ecaa5b7f-f0c0-413a-80a9-9ac2947deaad", "value": "3a6a539112765a891d52cac9520a2c59.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812453", "to_ids": false, "type": "text", "uuid": "9b9732b8-4da4-49b9-821d-2d26c0093752", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860171", "uuid": "0d94a937-9c88-4eca-8ac5-9fab5cc76912", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860171", "to_ids": true, "type": "md5", "uuid": "d6214b45-d8f5-43da-b5e2-8a622e48b074", "value": "c7f73c3e68bd02f8fabe102d58d5e1bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860171", "to_ids": true, "type": "sha1", "uuid": "c9ab5e1b-c1d4-4f38-92a8-f1bc7239b133", "value": "2919d408de4fab9e8b626e1f0754445c7c46c561", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860171", "to_ids": true, "type": "sha256", "uuid": "2f41e33c-71fd-40ee-a4aa-d397c7f8b24d", "value": "9d8d579aa550646727ab0e5ff4984ab724c31aed61519d1ae56eb47e30af98f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812474", "to_ids": true, "type": "ssdeep", "uuid": "5424e358-53d5-4906-b22b-9dfde09fd036", "value": "24576:IfqQ60IWxK86urjfQEFlvHlb09GfWXS6b8aeUWJJV:If1607Kw8cvb09GfWi6b8aeUWJJV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812474", "to_ids": false, "type": "size-in-bytes", "uuid": "e18af284-eabc-462f-bcbf-1df34bf73c4a", "value": "1074831" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812474", "to_ids": true, "type": "vhash", "uuid": "b0f2118a-a48a-43f4-890a-406c2d3b7db2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812474", "to_ids": true, "type": "filename", "uuid": "3e15d2ef-c6fc-4f33-ae42-f070b4dfa0fd", "value": "c7f73c3e68bd02f8fabe102d58d5e1bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812474", "to_ids": false, "type": "text", "uuid": "e09d82ae-0fef-45ff-9002-0aa9d9ec2460", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860172", "uuid": "49bcd548-e726-4375-b883-d0995c37159a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860172", "to_ids": true, "type": "md5", "uuid": "814c4c4f-6155-461f-9125-89ed0a267248", "value": "ff55889206498dcb546b64a8e3980641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860172", "to_ids": true, "type": "sha1", "uuid": "54f7f149-edb5-4f99-828d-06472bb94155", "value": "c155bef15bc158086a76529467b23fb83ad7b958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860172", "to_ids": true, "type": "sha256", "uuid": "643ce07c-6922-4f66-ab5c-854fae312ab7", "value": "1b74507092e6ec2931849b2f2641ff0bbde1abc273a92031d22eefe1852edff3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812496", "to_ids": true, "type": "ssdeep", "uuid": "5a5a7022-1aca-44c4-8ca2-d91b3ebb26b6", "value": "12288:/OWQVwA35dZWsSuEuDQ1qN2QHhZJ/Nr5Llb2vt7eqRxRs50uOXcoAqNf7f:/OJL35dZWsZQ7QjLLl4eDFODZ7f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812496", "to_ids": false, "type": "size-in-bytes", "uuid": "118f8d3f-a1f2-4d2a-9120-0e99cbfc532f", "value": "581839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812496", "to_ids": true, "type": "vhash", "uuid": "26829052-0ce9-4e35-be22-6e100a2b9de3", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812496", "to_ids": true, "type": "filename", "uuid": "77baeff1-b9e6-4ecc-a02d-fd947c983aae", "value": "ff55889206498dcb546b64a8e3980641.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812496", "to_ids": false, "type": "text", "uuid": "9c40866a-88b0-4c39-8c22-53d6ad7887e5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860174", "uuid": "cfed2e54-6a4b-4a33-9975-15fdbd555f5b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860173", "to_ids": true, "type": "md5", "uuid": "74662483-974b-4d60-a170-f29a3556adbe", "value": "eb7dd455bf560d7ff217581a16ab0e2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860173", "to_ids": true, "type": "sha1", "uuid": "4d1df63a-ce17-4211-a905-2ada7a243698", "value": "bdfa08b2be9094eb3a33100a444219c1c264dc9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860174", "to_ids": true, "type": "sha256", "uuid": "69be384b-8809-4acb-b762-7e932939d53c", "value": "37e52d5f9da10707b24af817f5f3675c3ffbccf31e468d5034a6d34d8e6a6ce2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812517", "to_ids": true, "type": "ssdeep", "uuid": "8cf87973-470d-4def-b132-9806865bd5f1", "value": "12288:IfBzlIEXAJe6ANXYC3HAA+9xCDlwKdrxFx4f4jEHqfJScLxiTfSiXg+KYQ5N9Qv:IfqQ60IWxKmTx41qfPqSiX1ZQ5Yv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812517", "to_ids": false, "type": "size-in-bytes", "uuid": "eae67cb3-eabe-4a3c-b838-6c704948af76", "value": "815761" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812517", "to_ids": true, "type": "vhash", "uuid": "967386d8-7ed2-4353-ad91-5752656561b7", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812517", "to_ids": true, "type": "filename", "uuid": "c5ed1ff3-a85c-4755-a8fd-f73611f629a8", "value": "eb7dd455bf560d7ff217581a16ab0e2a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812517", "to_ids": false, "type": "text", "uuid": "3e4ea0d5-cb53-4de4-a37e-8fc0403db002", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860175", "uuid": "3e77b91e-bf9f-4964-bc7f-8dcdbafa178d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860174", "to_ids": true, "type": "md5", "uuid": "ce5ca88e-e055-4bcf-9e64-ef1fdc82ebc4", "value": "32f752cab805bb5792333d8ca4410a8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860175", "to_ids": true, "type": "sha1", "uuid": "3f3f1880-7ff6-433f-a202-c30c0d3b7862", "value": "b180a0b496e127606639d133f9022a266c085fce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860175", "to_ids": true, "type": "sha256", "uuid": "b8ff500b-727e-4ab3-b096-3816e31f28a2", "value": "e0f147e166aa6a9181e2a27e576358b496e884700d69370bb291d7c1ce228ae4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812538", "to_ids": true, "type": "ssdeep", "uuid": "e6fc5b47-ebaa-43c2-810d-d84b2043df54", "value": "12288:0ANWu5g6wEm7FY+Brvgq+EwSYFIhD4Q9OBxkTBb561CiMyCNEUEhw5:nDOppYvhd2QBxpw5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812538", "to_ids": false, "type": "size-in-bytes", "uuid": "d5b9e293-3032-48b6-8f7e-2e9a3baaf3aa", "value": "581949" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812538", "to_ids": true, "type": "vhash", "uuid": "e25be407-ac81-44c2-afec-729c2840faf4", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812538", "to_ids": true, "type": "filename", "uuid": "038c0f75-9f2d-4599-8d9d-e83575be2f99", "value": "32f752cab805bb5792333d8ca4410a8c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812538", "to_ids": false, "type": "text", "uuid": "6ea1c486-ba80-4183-9ec2-276ac515a3c1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860176", "uuid": "0c5db9bb-24c0-49df-9621-5e20e05312b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860176", "to_ids": true, "type": "md5", "uuid": "99bb75c2-2b72-4fb2-9eef-7d8be3bc1d71", "value": "66626a2ce286252e406a89ad5cdf35fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860176", "to_ids": true, "type": "sha1", "uuid": "3f6bed66-d67d-4b79-981c-0f7776d4af35", "value": "5a497ffe6a1ad7362afbabae8117b7084b782683", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860176", "to_ids": true, "type": "sha256", "uuid": "05cc4c8a-2e47-4a4c-85d4-34af23cbb6d3", "value": "91faf090281a39e799f5906f96d901c390c198972cc85812c05fa9cb712c2546", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812560", "to_ids": true, "type": "ssdeep", "uuid": "c289c9da-6b8e-41da-85ad-f63d2ec187f4", "value": "12288:y8f1163Xvp3N65Ak1aKGnD0DHLPiWRVamR0xYeFsjejeS2qG9:y89YHvp3Pk1JkDYiWRVbiG7qjecG9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812560", "to_ids": false, "type": "size-in-bytes", "uuid": "dbf16296-2857-487c-86c3-947e21852016", "value": "571351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812560", "to_ids": true, "type": "vhash", "uuid": "67b8d6b5-db64-45ac-974b-a1c0660ce914", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812560", "to_ids": true, "type": "filename", "uuid": "37bcb7b5-4c4d-4d0b-bd8a-a8d5247c818a", "value": "66626a2ce286252e406a89ad5cdf35fa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812560", "to_ids": false, "type": "text", "uuid": "0ac31a1b-6fe5-4e0e-b5ba-36068872f169", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860177", "uuid": "c26ead5d-8039-4cb0-ad93-d0c14e69daee", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860177", "to_ids": true, "type": "md5", "uuid": "e4fafae2-2466-46b2-8c15-c6add942a485", "value": "2e46329067986b03acb7ccdaf1e2a439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860177", "to_ids": true, "type": "sha1", "uuid": "dfc1c324-e911-4927-b4f6-cbf0105ba1cc", "value": "b1dfc4a25ce74ff4c335b08beb24883498407450", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860177", "to_ids": true, "type": "sha256", "uuid": "b91f6d0c-c9a5-4f4f-bfe6-00b3cddf9460", "value": "39ed5188a426540b14862f5013eac4f8ba29ca45f2421620f7109a78c0aee6c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812581", "to_ids": true, "type": "ssdeep", "uuid": "d103d5ef-b193-4ab0-b8dc-340f371b4057", "value": "12288:f3WHbin/x+A9uaMQrYmvh4BN0RHjOAybZrfXcqFTbNw9mlQsFXt80e:fV/x+I4gY4o+OzbZrfXcgN4oTk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812581", "to_ids": false, "type": "size-in-bytes", "uuid": "c8d8bbfd-d2f3-4906-8f67-23166a9c0a82", "value": "581947" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812581", "to_ids": true, "type": "vhash", "uuid": "8251d26c-11c5-4eb9-85d4-86c4a6fca882", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812581", "to_ids": true, "type": "filename", "uuid": "142495d1-b8dd-4ac1-83ff-d3cbb9787328", "value": "2e46329067986b03acb7ccdaf1e2a439.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812581", "to_ids": false, "type": "text", "uuid": "e86be127-a907-49f1-9aea-46bc0cf91756", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860178", "uuid": "1a30c08e-050a-408a-8f00-25f439ef3021", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860178", "to_ids": true, "type": "md5", "uuid": "beba0e51-5c2a-4851-88ee-0b33fbccc918", "value": "82387507a326bfb874af440daff35ac2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860178", "to_ids": true, "type": "sha1", "uuid": "93ac9044-9232-40bb-9b41-4929fba6f7b5", "value": "33463abedfb81a0187d3e52b7d259128da800394", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860178", "to_ids": true, "type": "sha256", "uuid": "40ae51d7-7d36-46a0-aa67-9c3a5dd32c6d", "value": "4ae75b73d0fe4399f61b28637cf9f0efd7d3997493b4639086018f25b2d540d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812602", "to_ids": true, "type": "ssdeep", "uuid": "e5f83514-ce42-4e3a-a513-e0692066ffd6", "value": "12288:p2AZXtCfU+8Egc3dY1kt92NzpzpD1kCyiIVw3tCKpxZkXeOugomYBUYc0J:0otCfU+tggdxwppwu2q3DZkygodk0J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812602", "to_ids": false, "type": "size-in-bytes", "uuid": "a26fbcd7-81e3-4cd4-b51a-d6179d94576f", "value": "605323" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812602", "to_ids": true, "type": "vhash", "uuid": "ce2dd1f5-2497-4eca-af0c-32c93e17c6f1", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812602", "to_ids": true, "type": "filename", "uuid": "c5e2ce37-bc8e-4e8e-92e9-aede020a654f", "value": "33463abedfb81a0187d3e52b7d259128da800394.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812602", "to_ids": false, "type": "text", "uuid": "880a8891-b175-4019-aa73-ccea858bbe85", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860179", "uuid": "38165014-78ef-48e4-9560-e3e617104f8e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860179", "to_ids": true, "type": "md5", "uuid": "56ddae14-f197-4f2e-88a0-e3ff5b398edc", "value": "3e8de05b41ee3ebb8e6caf0cbd2349a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860179", "to_ids": true, "type": "sha1", "uuid": "86ebc2d4-05ec-4176-8bab-18ae94e90f46", "value": "3247d7dc362e86a4a6203ff2beed7388b0a3c359", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860179", "to_ids": true, "type": "sha256", "uuid": "be8d3244-42b6-43ce-8534-269fa6986733", "value": "aaada9329914c0e0f58a703c6f882f3a0308ab480a4d9a032561652512beb762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812624", "to_ids": true, "type": "ssdeep", "uuid": "aee82fa3-1e54-45e3-b1ab-07a43e5f0ed7", "value": "98304:bFdI0BxMsBUBc9By4vM4JbbY8vQ6B9BPtC7gi3wM0x/RH21s8AYpD09OpUns+:bYc/ywM4J+Q/A7zZ0fWUYpDYnns+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812624", "to_ids": false, "type": "size-in-bytes", "uuid": "3e52f024-2cbc-4879-b909-ac696061b028", "value": "5557944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812624", "to_ids": true, "type": "vhash", "uuid": "7f73de1f-8646-41fd-b824-7e4e954f71f4", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812624", "to_ids": true, "type": "filename", "uuid": "8d9276ba-3c6d-4a56-b1f3-65d67e4cf363", "value": "3e8de05b41ee3ebb8e6caf0cbd2349a2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812624", "to_ids": false, "type": "text", "uuid": "93af5173-c120-4b49-a756-b2433f556548", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860180", "uuid": "bc348df3-06c0-43ff-b5ab-0feb8fdd2159", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860180", "to_ids": true, "type": "md5", "uuid": "156dcdb7-1d6a-421a-91da-4dc69c17b0f7", "value": "21fab9617a0f20793c5411cb267a4581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860180", "to_ids": true, "type": "sha1", "uuid": "65d95880-b991-46b1-a9aa-0b98a29670c3", "value": "8daad06c2bd28a864540acbb43b5341549903309", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860180", "to_ids": true, "type": "sha256", "uuid": "2549dfdd-e61f-4b52-b7a4-e062329fc642", "value": "d79754a7d324fb491282e16795fb9a9327b8aefd4b95b8693c24f95297ecf24f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812645", "to_ids": true, "type": "ssdeep", "uuid": "32f42389-454b-4694-8583-04bdfdd14fb9", "value": "12288:G+EhwA35dZWsSuEuDQ1qN2QHhZJ/Nr5Llb2vt7eqRxRs50uOXcoAqNf/:GpL35dZWsZQ7QjLLl4eDFODZ/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812645", "to_ids": false, "type": "size-in-bytes", "uuid": "27c2ad1b-4151-4142-ac1d-dda1d31a56f8", "value": "581839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812645", "to_ids": true, "type": "vhash", "uuid": "f3ef911a-fd0b-4aad-8626-b4fa66baec55", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812645", "to_ids": true, "type": "filename", "uuid": "c09ecf7a-ac5e-4dcc-a322-43e86ddada87", "value": "21fab9617a0f20793c5411cb267a4581.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812645", "to_ids": false, "type": "text", "uuid": "4e8dabd5-a529-4048-9499-bce04ed13fdb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860182", "uuid": "7745fbe1-aaea-4df3-aa40-ebd9f1f964a2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860181", "to_ids": true, "type": "md5", "uuid": "56aac015-15de-4d8b-b4cf-3e1d1bf21b0c", "value": "17b26dbaaa09bc51ea688ef1746d02a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860181", "to_ids": true, "type": "sha1", "uuid": "9558b95b-f295-4bad-8a72-e570e9b40b1d", "value": "0585bf57453fe8de8eeea31a59fdf1bc9ff8d384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860182", "to_ids": true, "type": "sha256", "uuid": "32560b8f-72a1-4880-bffe-0775b8e4b18c", "value": "082cf3be04057be51ca927d4844118b42d55d625fed6600bb2f19505df58bf75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812666", "to_ids": true, "type": "ssdeep", "uuid": "c217b88a-87a7-442c-b744-0c5fa7e539ed", "value": "12288:8qxVkRjEWYpYjwFYCX1sF2DVEXnL/pEUSBhtyWxUG+AFf7iiBzOKGJqA:8nREWjwCClsF2yL/pzQhtyWxUG+QWixI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812666", "to_ids": false, "type": "size-in-bytes", "uuid": "635fa2d8-0bda-43a0-96ac-aaa7e793af29", "value": "581847" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812666", "to_ids": true, "type": "vhash", "uuid": "de5a6096-ceec-46fd-9b0c-755c15af5fc7", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812666", "to_ids": true, "type": "filename", "uuid": "de7cc83d-5cc0-4e0a-97de-df508a427d47", "value": "17b26dbaaa09bc51ea688ef1746d02a4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812666", "to_ids": false, "type": "text", "uuid": "9be1a3ef-7d9b-40fa-9065-ab0280765b52", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860183", "uuid": "eac5e8d4-241b-4650-bbea-864c82ff6db3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860182", "to_ids": true, "type": "md5", "uuid": "cbc77c9d-5269-4fc0-9ef7-a023a9b52828", "value": "016cbe744d56b0c3b9a1c0319f79024e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860183", "to_ids": true, "type": "sha1", "uuid": "f30834ca-3f03-4ce1-aa04-a1b6ad3249cc", "value": "e651e5ed418ace30674943bc88c04562f4dc9e42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860183", "to_ids": true, "type": "sha256", "uuid": "4cf1e4ee-efe8-4227-90f5-e1b5467fc6f5", "value": "0871cc3751c07afc9e337b19f47c8a3fc6bf4c13e2f44617238dbddc1c0f791d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812688", "to_ids": true, "type": "ssdeep", "uuid": "4ec9bbfa-2f3e-4b9b-9f44-60d46058d1c2", "value": "98304:CGwI0a/RsBUVV9BJrvMeJxbYCvg7i9Bbt0UIYpVq2bbI1yJ0ZOU46cUesl:Y4V/JzMeJmG/GUXVV/I1yJ0ZOU4eesl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812688", "to_ids": false, "type": "size-in-bytes", "uuid": "9fa03d37-861d-457c-b851-11a4bff20d8d", "value": "5557872" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812688", "to_ids": true, "type": "vhash", "uuid": "ae5c234a-e591-436a-a0d8-4001f1f682ec", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812688", "to_ids": true, "type": "filename", "uuid": "d241085c-f5ff-48cc-b603-f20da4c88275", "value": "016cbe744d56b0c3b9a1c0319f79024e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812688", "to_ids": false, "type": "text", "uuid": "ec244726-86f2-4605-ada3-261c0a8da39e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860184", "uuid": "6e331aef-eb34-40d4-a12a-9c8a41b4b95b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860184", "to_ids": true, "type": "md5", "uuid": "8e1080f0-f472-4944-a327-9705eab470a0", "value": "3d3558a4b87e862c60f168a57597a3c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860184", "to_ids": true, "type": "sha1", "uuid": "35e076d1-ce1d-4880-9673-d2e9324fcc6a", "value": "3a3de5c8a02b88909075ee80480270051f703ba3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860184", "to_ids": true, "type": "sha256", "uuid": "5c3c6451-874b-4165-b3fc-d505acc6b3b5", "value": "0fd552b8d0eb6507ac18ea29d75d8582db6973d8f87e8fb2584644fe6f2d64e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812710", "to_ids": true, "type": "ssdeep", "uuid": "fa09dccd-6b7e-4679-8e82-a5d27cb572c1", "value": "12288:/eXewA35dZWsSuEuDQ1qN2QHhZJ/Nr5Llb2vt7eqRxRs50uOXcoAqNfc:/LL35dZWsZQ7QjLLl4eDFODZc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812710", "to_ids": false, "type": "size-in-bytes", "uuid": "f3653ac2-a753-4f55-9362-009ebb373790", "value": "581839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812710", "to_ids": true, "type": "vhash", "uuid": "96c988d0-0969-46ac-88e0-52131b42b38b", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812710", "to_ids": true, "type": "filename", "uuid": "ab1440fa-6728-42f3-ad21-d047b573a45a", "value": "3d3558a4b87e862c60f168a57597a3c2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812710", "to_ids": false, "type": "text", "uuid": "302d88be-0917-48ba-8743-da604b7e95e5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860185", "uuid": "6a1b348c-a9d7-48a7-a72f-c78f8aa68091", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860185", "to_ids": true, "type": "md5", "uuid": "b983bc0a-ecdd-4da7-9f27-033ee9b37038", "value": "b00618850b8ab011c8c526b1b0d4581c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860185", "to_ids": true, "type": "sha1", "uuid": "9dfceca2-34d0-411f-ac3f-c849a2b8712d", "value": "9d69517424b5a439c9a4ef58092455a90a948811", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860185", "to_ids": true, "type": "sha256", "uuid": "58e3ff9d-3cd3-45b3-8b66-c3ceefafc169", "value": "70c0fb9477310aa2b90fb267e7273a7d6aa0a934479ea9068e7550e5e53e9f32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812731", "to_ids": true, "type": "ssdeep", "uuid": "731ac14a-4509-4bb9-81de-d006372216e2", "value": "6144:cP6x/FOClaVeypkzdMtL+ucP6q4Ks/vJj9xMrwXiUfnz4tcvhm:nFZNukZWL8imsHV9xMf4n1m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812731", "to_ids": false, "type": "size-in-bytes", "uuid": "5bb790d3-c4ce-4882-9d99-dc872455074c", "value": "339742" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812731", "to_ids": true, "type": "vhash", "uuid": "9550e4f1-054f-4f11-9427-20885220ebaf", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812731", "to_ids": true, "type": "filename", "uuid": "c2dda63e-29fb-42b5-9e5d-5b810967748a", "value": "b00618850b8ab011c8c526b1b0d4581c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812731", "to_ids": false, "type": "text", "uuid": "df69bb6a-a989-4292-aabc-d2e6bf4fbf61", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860186", "uuid": "c894d37e-f665-45a9-9cc3-e7657f32186a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860186", "to_ids": true, "type": "md5", "uuid": "da5fd680-1c0e-43ef-9219-bdcc7efc0b8f", "value": "856d507229d3abd74c2f2c781c2009a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860186", "to_ids": true, "type": "sha1", "uuid": "e0c567c7-4bf3-4c6f-a38e-4348d8823905", "value": "498f33c0e2714dc6f04a72690f825d11d73d3aea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860186", "to_ids": true, "type": "sha256", "uuid": "9e0e7e3e-f626-4239-9781-6ed19b89f008", "value": "4de12cd9eb8d8f426aa6bc35395c733c28264c2957eeb98116de196745f1a594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812752", "to_ids": true, "type": "ssdeep", "uuid": "cdff9a94-c36d-4e98-9e55-820068b0e58e", "value": "12288:tPYJ9HUQvtUEiBz6UxDV/96+1epaSg0bxUG+lFf7BgXJUdYr4R:toHLIxP6+1e/dbxUG+7GYmW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812752", "to_ids": false, "type": "size-in-bytes", "uuid": "364a0392-81b3-420f-a502-b01be43f975e", "value": "581854" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812752", "to_ids": true, "type": "vhash", "uuid": "13205b8b-2d3e-41df-8430-2093ba000d01", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812752", "to_ids": true, "type": "filename", "uuid": "5c4bc26f-e46c-442e-894a-a9f416e40bfa", "value": "856d507229d3abd74c2f2c781c2009a4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812752", "to_ids": false, "type": "text", "uuid": "ced24018-05f4-422c-aebd-30ffe5715560", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860187", "uuid": "102c29b4-2756-4884-a0ab-7af19b8a582f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860187", "to_ids": true, "type": "md5", "uuid": "92d310c5-e5e3-42a0-a008-c2c56971a116", "value": "4d54bcdef4cf669d2bb3da6e1ddf96fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860187", "to_ids": true, "type": "sha1", "uuid": "8bf46d69-4fb5-4798-8dd4-e11ed9bb481d", "value": "d70578464081de52ecce785b6cbb89239dde3576", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860187", "to_ids": true, "type": "sha256", "uuid": "b6576ec3-0d78-4125-9cb1-c64104ee9675", "value": "65ee39121971249670e26d7b357ffccb7961ba018a8360773b6c6fdf0079ec89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812773", "to_ids": true, "type": "ssdeep", "uuid": "d0ea02da-41fe-4c1b-8807-bd2a10192085", "value": "12288:rRioZcVKXPorLfJ7ihZu3xCtM4KC77+I9ybrjCEZHM9QCcKbYQh7wwCUzodSSV:rVI2ovfJkZ8gG4f77VkjVZNSbrkma" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812773", "to_ids": false, "type": "size-in-bytes", "uuid": "b0031617-c802-4757-b1b3-1c5cc86dd860", "value": "581835" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812773", "to_ids": true, "type": "vhash", "uuid": "70ef9941-278f-42f0-9196-ccbafe87b5e0", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812773", "to_ids": true, "type": "filename", "uuid": "0c6d7d05-f424-43f0-a3f5-040714abf705", "value": "4d54bcdef4cf669d2bb3da6e1ddf96fd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812774", "to_ids": false, "type": "text", "uuid": "010ba7b7-8d07-4ecd-9b60-07b0ca0535ac", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860189", "uuid": "27d54b76-6127-4194-9b5a-a51fd37292f4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860188", "to_ids": true, "type": "md5", "uuid": "5391de2e-f47c-44d2-9958-a8b6c6939794", "value": "63ed02f8e2bc03d8ee2878f49757e071", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860188", "to_ids": true, "type": "sha1", "uuid": "b337c88e-928a-4700-9e19-e525ae9b8f47", "value": "6f28e5ee2ba5a3220f017e714941d9ceea68bc5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860189", "to_ids": true, "type": "sha256", "uuid": "0a9cc21e-a5bd-4ee2-afe5-85f152fecf9f", "value": "805fac2561dcdc2e074884f0ff232f3d2988139515b807daafd63e7060bdc03c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812796", "to_ids": true, "type": "ssdeep", "uuid": "c658f3c4-f0ec-4c8b-be34-f786f1110e82", "value": "12288:yNgzP8kAe2UjU6gTHpf4E5+X0ZDy8Zom0oaq24QB73ZwTz1:y6PVh1jtkR4fEhbZoXoQp7329" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812796", "to_ids": false, "type": "size-in-bytes", "uuid": "ed408f94-44a8-4d2f-96f1-4e418e69bfdf", "value": "581850" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812796", "to_ids": true, "type": "vhash", "uuid": "67de7670-79a3-44cb-98d3-9cca23b6fdee", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812796", "to_ids": true, "type": "filename", "uuid": "03eed55a-0166-4b91-8dd2-5bc628dcc6cb", "value": "63ed02f8e2bc03d8ee2878f49757e071.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812796", "to_ids": false, "type": "text", "uuid": "f24fd636-ec3e-4239-bc5f-0d4b4ba58821", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860190", "uuid": "e8ffe7c1-c845-45e1-8f98-a460d68d6f94", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860189", "to_ids": true, "type": "md5", "uuid": "e7e7ba51-cc73-4ce9-a517-cf3d49ac586c", "value": "95003f62cb600e871534e01b26ade787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860190", "to_ids": true, "type": "sha1", "uuid": "eb215b61-40fe-4cfd-ac65-c3468e99c91a", "value": "889fe8ef6f42a8fac54b29df12172cab753bb8a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860190", "to_ids": true, "type": "sha256", "uuid": "826eeb56-b6fa-4c7b-a2d2-336e037ede24", "value": "020c1fae8a89f4e741025722c4090f7e388cba004d1f67869eb8b416bda3f952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812818", "to_ids": true, "type": "ssdeep", "uuid": "f32731ea-a748-4ba2-b804-49b3fdde6600", "value": "24576:7f9cI41p8k+8s8QJZ3kkDMGccGTDuyw7edD:7fmI4wk+NS/GYayzD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812818", "to_ids": false, "type": "size-in-bytes", "uuid": "8eb0881d-3014-4773-9ade-a391d5426c1a", "value": "815571" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812818", "to_ids": true, "type": "vhash", "uuid": "9081226d-196e-41cb-872f-771e2252ef9a", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812818", "to_ids": true, "type": "filename", "uuid": "b9bbf528-69df-444b-95da-3cb0a87a416f", "value": "95003f62cb600e871534e01b26ade787.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812818", "to_ids": false, "type": "text", "uuid": "35cbb97d-d89b-4d49-8063-807329b5015d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860191", "uuid": "c1eace04-66dd-4947-ad9d-0720b4487714", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860190", "to_ids": true, "type": "md5", "uuid": "1d495e1a-12dc-40d8-821f-ee915d076e73", "value": "d734fe32dbffc3d4bfdb4e7a32866c8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860191", "to_ids": true, "type": "sha1", "uuid": "07c29840-e4fe-4573-9ce4-2242a25ae450", "value": "f4641543385e3294a8c6fa6acd0f38ac9948b7d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860191", "to_ids": true, "type": "sha256", "uuid": "e868705d-e067-4126-a787-efdc5e893713", "value": "963c10f1380d24b1335bbaa4c3c58e0128bf5f7e0f54906e544e697703ad6b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812839", "to_ids": true, "type": "ssdeep", "uuid": "4e71fab4-92a5-4659-b44d-826bcad7ef68", "value": "98304:y0J8JmSsBUlg9BSu8MGJ5bYLvD/v9B/tB04cTqZnEKanRj3+wJUY0OUksOzZ:Gpg/StMGJS3/L04cTqxEKaR+wJCksO9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812839", "to_ids": false, "type": "size-in-bytes", "uuid": "ad831801-f87a-44e9-b4af-394234934ffc", "value": "5557040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812839", "to_ids": true, "type": "vhash", "uuid": "e4fb9c6d-c589-44a8-8b25-54de9dc08663", "value": "98404012098f21e2127c9b538633caf0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812839", "to_ids": true, "type": "filename", "uuid": "95c3eb02-632f-458c-9528-d19eaaa82607", "value": "d734fe32dbffc3d4bfdb4e7a32866c8b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812839", "to_ids": false, "type": "text", "uuid": "90c4e0bb-133d-4b78-b262-948df8e4fa2a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860192", "uuid": "088c2bb3-f7f7-4c88-af00-2a770966b821", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860192", "to_ids": true, "type": "md5", "uuid": "18fc70ab-ff45-4635-8248-0cc7e1ea3efa", "value": "b6cd07307145a52c8699bad030037a03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860192", "to_ids": true, "type": "sha1", "uuid": "1bbfb06d-0dd2-4450-b793-64c111e8d9dc", "value": "9248a7596d6586fc396c3708fd3ddcee6ebbd16b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860192", "to_ids": true, "type": "sha256", "uuid": "312ec7d2-47c2-4a69-9503-a16fe3d54e22", "value": "8259ee4b18c5b007e4fdb542aaf0d973fe6fb3059fe78583b04d6f7f740c3bad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812861", "to_ids": true, "type": "ssdeep", "uuid": "d7daef5e-a01f-4fba-89a2-f6103eb8c0fb", "value": "24576:d67NSa6ZgM1KC2VwLedu6R4sFJNvgJHkDe:d8SaLMsdPu5s7mWDe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812861", "to_ids": false, "type": "size-in-bytes", "uuid": "09dadbc7-5e5e-4a40-ae08-27b1694f51c6", "value": "1080198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812861", "to_ids": true, "type": "vhash", "uuid": "2eade002-4157-496c-b484-55b75a7680b2", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812861", "to_ids": true, "type": "filename", "uuid": "4033f09d-3f33-4b31-8572-184b284c21ec", "value": "b6cd07307145a52c8699bad030037a03.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812861", "to_ids": false, "type": "text", "uuid": "70c9bd8f-b064-48aa-9bf3-0a8c08c2f573", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860193", "uuid": "83ca55d2-67da-49b5-ac6c-0be981aae206", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860193", "to_ids": true, "type": "md5", "uuid": "bd9bc6a3-887e-4b58-a1dc-2490df50fe7f", "value": "3e4bfc13137f3d37176a63eb1d5b31f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860193", "to_ids": true, "type": "sha1", "uuid": "1ff367ca-6117-4730-9b88-c62af9e56092", "value": "8001857f6b3ab3d008bdcd9067bf5f9788907e8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860193", "to_ids": true, "type": "sha256", "uuid": "3f90cdf3-7bfa-4f20-b29a-57488cd57e9d", "value": "8a1df3330fec5d795b74dd3fd368aa0234fe9de0552a4d52ca10f0c3660ccde3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812882", "to_ids": true, "type": "ssdeep", "uuid": "2de251db-0430-41ec-a64f-82c508d6c3f3", "value": "12288:4pPoR4qxOgYxt64kOqWvdwLYKdqLVpUw9D34GINZzu+uBTQnmXZSVRD0kgXWk0ww:4pJfxcfOHxVrz4GOshllZSVlRk3TQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812882", "to_ids": false, "type": "size-in-bytes", "uuid": "82bd48cc-cd7d-430c-9e63-d0ea4ead93f5", "value": "821366" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812882", "to_ids": true, "type": "vhash", "uuid": "1bccfc46-0c9c-4750-82b7-b44eac1a0632", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812882", "to_ids": true, "type": "filename", "uuid": "71f3177a-0acf-436f-bdd3-0c0629d700cb", "value": "3e4bfc13137f3d37176a63eb1d5b31f4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812882", "to_ids": false, "type": "text", "uuid": "68aa852b-0d41-48c4-86ce-54bc862c3ba6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860194", "uuid": "5dad4b1f-4e46-4d2f-baf0-09279367bf8d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860194", "to_ids": true, "type": "md5", "uuid": "cd506dfd-b2a2-4706-ba7d-7eb281a1a033", "value": "b021dde3d27b7c9d930c942434c9912c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860194", "to_ids": true, "type": "sha1", "uuid": "8466e8a4-6175-4e69-b1b8-246d21271316", "value": "80c4395855e156cbec2a935a2774b6be58ea3656", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860194", "to_ids": true, "type": "sha256", "uuid": "4265a208-82dd-4946-8822-ee850f26805d", "value": "88aac0ee1b4e4377cc68b07e9e19e6dd3906e860f813a2f74c0c93f15f7e3716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812903", "to_ids": true, "type": "ssdeep", "uuid": "75cfe7bb-b1c2-4a70-b35a-19b0a55af564", "value": "12288:bpPoR4qxOgYxt64kOqWvdwLYKd1L1wo/PaeOHgJFrNVQS4SnTiRARxBwSAyx6qK:bpJfxcfOHG1R3VrLXTiRAHBlVrK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812903", "to_ids": false, "type": "size-in-bytes", "uuid": "a761f2e7-59ff-409c-9f30-e1e6ebae392d", "value": "821320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812903", "to_ids": true, "type": "vhash", "uuid": "481cec72-99a6-444a-a9dd-7ba14e225e97", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812903", "to_ids": true, "type": "filename", "uuid": "a4a385d2-aded-444e-95b9-6a1b4048fa33", "value": "b021dde3d27b7c9d930c942434c9912c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812903", "to_ids": false, "type": "text", "uuid": "dc4e2d82-2a64-4ca0-99cf-daf91fdcdf76", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860196", "uuid": "2a1fe3e3-eb55-445d-a622-ddddb2db2a14", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860195", "to_ids": true, "type": "md5", "uuid": "1a953160-1f54-4d64-beb6-d594e9d364a3", "value": "60aa34c59cd8e003f0670b0723474bc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860195", "to_ids": true, "type": "sha1", "uuid": "a0fdde0d-13b2-436e-9fd6-06c094d0ffd9", "value": "ff2743e5dccfeb22cfccc59400191c7316789896", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860196", "to_ids": true, "type": "sha256", "uuid": "a99f1e8f-abc4-4b90-9a6d-1ccbfc9df8e2", "value": "5963cd04554b3ddcebccf45de18bcd9de411b5a4fe1bbb92f0a484769aaa4ee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812925", "to_ids": true, "type": "ssdeep", "uuid": "c9eae51a-7c90-463d-8bc8-707d543cbb1f", "value": "12288:VpPoR4qxOgYxt64kOqWvdwLYKd2LN5bBeR4ieI1a25n5RDnR:VpJfxcfOHFN2R+sa2HL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812925", "to_ids": false, "type": "size-in-bytes", "uuid": "748fd3b0-0548-4a02-937f-5615b5bd9243", "value": "821315" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812925", "to_ids": true, "type": "vhash", "uuid": "da3574c6-9f22-4a2a-8030-9a6acd5c62a1", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812925", "to_ids": true, "type": "filename", "uuid": "fd5db6f5-1f1a-4c2b-a421-02e09dd688ef", "value": "60aa34c59cd8e003f0670b0723474bc6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812925", "to_ids": false, "type": "text", "uuid": "c5bd24dd-69be-4ad6-941f-2d6b542bea75", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860197", "uuid": "c95c00a4-1137-4cb2-b075-6e01e8fc3cfd", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860196", "to_ids": true, "type": "md5", "uuid": "4db2099a-fd2b-4560-aa5d-837a286372bb", "value": "2c1ea3a5efbd099b1513dc24a9cf8cb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860197", "to_ids": true, "type": "sha1", "uuid": "ca13746d-2041-4391-8d25-5e05051ee626", "value": "06e324fb4d221b6c0111e88952174c99b3a2000b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860197", "to_ids": true, "type": "sha256", "uuid": "64b976cc-1157-4e8b-a09e-1f69857e156a", "value": "0584139e1ea78f520071d142b5a2a9f928bdceafaf8ac5a2ae9b00342755edaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812946", "to_ids": true, "type": "ssdeep", "uuid": "f3f4fdda-dd49-494b-9d96-fb40c538e11e", "value": "12288:NcI5lwdItgAEm8NwseuajR3DqCkg5mPFsHNf79m0oELCsGvSJ5do:NhzmE8qG+RJmNstz9XoEu7SJ5do" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812946", "to_ids": false, "type": "size-in-bytes", "uuid": "1eff26e7-8df2-473a-80e2-96efa17d0a85", "value": "604857" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812946", "to_ids": true, "type": "vhash", "uuid": "979201b7-8837-4159-b2bf-88191c9aaca1", "value": "88eb5cb4fe94b8ee524791cdb6aea74a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812946", "to_ids": true, "type": "filename", "uuid": "f4bc231d-d07f-41eb-8d66-2d8f78c99a20", "value": "06e324fb4d221b6c0111e88952174c99b3a2000b.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812946", "to_ids": false, "type": "text", "uuid": "b70cb6c2-f905-4b80-9474-df2462c47ec6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860198", "uuid": "d28bd148-a0ab-43f6-b00d-66d912060c48", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860198", "to_ids": true, "type": "md5", "uuid": "9c20ef2c-aa14-46d1-a42d-c73327ddfdab", "value": "c79c5067fc4758e50557958ed2b40fef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860198", "to_ids": true, "type": "sha1", "uuid": "17b7bc0d-3add-4059-a70c-ff566b7ecdf1", "value": "6715b5b985cd736ad08e3945f30b074f5c3a7509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860198", "to_ids": true, "type": "sha256", "uuid": "78ba5677-29f6-4271-bdb7-2c4604f91db6", "value": "0858218a5681bda685ddde948fb987aecc2c06be6277814b338106a4e09c369f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812968", "to_ids": true, "type": "ssdeep", "uuid": "68bbd5ac-2aba-4916-a7da-fcc12efa6b0b", "value": "6144:GO3JiORjg60VFJfHzUf8bkkwfCwjas0uX9qa6in/5Y5RX3ZYyuBxC5gUK1XC:GO3AOOhZH4fk1wfCwj/0uNmin/5Y5R6+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812968", "to_ids": false, "type": "size-in-bytes", "uuid": "005a3c35-c177-4b91-a654-39486909e180", "value": "339788" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812968", "to_ids": true, "type": "vhash", "uuid": "2ccd5aba-9e4d-42e9-a9ca-2c5665f05cae", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812968", "to_ids": true, "type": "filename", "uuid": "28b0e6bc-4c11-4fbc-925d-5cb0b42f99e4", "value": "c79c5067fc4758e50557958ed2b40fef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812968", "to_ids": false, "type": "text", "uuid": "a56574b6-7a29-4cbc-be83-302eafd280b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860199", "uuid": "4f0dd9a3-64a5-4663-91ec-7c61bb3d93c6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860199", "to_ids": true, "type": "md5", "uuid": "44fada79-7771-4c81-8f70-36715a02c4b6", "value": "e7df360d6e2013926758274e2d2d7355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860199", "to_ids": true, "type": "sha1", "uuid": "93085424-f911-4000-87aa-dee3eccca370", "value": "bdbdcd6d55c40a9946d9d75837334d0b3f695cc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860199", "to_ids": true, "type": "sha256", "uuid": "6bf75eaa-4bd5-48c3-8f05-65015cf541b8", "value": "0196ff9182af2a379285d78060058f14a911f66c5dfca101c1b825842b026a57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740812989", "to_ids": true, "type": "ssdeep", "uuid": "dcc64227-2654-405c-aa45-d3bee2b9cdb9", "value": "6144:y0tlOnKZwj6QhvO5dlcf02c65L8e7rVPwLjUpX0HV5hFVtmkQwWp+MXTU4tcOWk0:ypKZy6Qs5dk0T6VLf1m15LVgkQZ4Mxr0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740812989", "to_ids": false, "type": "size-in-bytes", "uuid": "2078cfb1-724f-4094-88f4-9106163440d7", "value": "339748" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740812989", "to_ids": true, "type": "vhash", "uuid": "e1e52750-27cd-4cc9-ab66-3f96e4730fbf", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740812989", "to_ids": true, "type": "filename", "uuid": "1c04e0ad-bc27-4198-b874-0f11ca401fc0", "value": "e7df360d6e2013926758274e2d2d7355.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740812989", "to_ids": false, "type": "text", "uuid": "9b975e6d-5125-43fb-8cc6-6ad19b809bae", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA5E\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860200", "uuid": "c74ac961-ba53-4d65-94ee-083a9cadeba0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860200", "to_ids": true, "type": "md5", "uuid": "0dc77530-d6f1-471f-be22-56a3f6795180", "value": "30b83e5e449612c1aa9fb998c5f7e013", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860200", "to_ids": true, "type": "sha1", "uuid": "e163480b-20fa-4ac2-ba86-ab919a0e1a0d", "value": "813678a24783dfde9b6875e71be5fa7dda60dbb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860200", "to_ids": true, "type": "sha256", "uuid": "f9bffcbc-50a9-41eb-aeeb-c34091c3abcc", "value": "82922143814987c3452a5962e5c5e344a5d947cae2868a5692585884870601ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813011", "to_ids": true, "type": "ssdeep", "uuid": "d26f1adf-00f3-4c6e-8c2d-3d0c88a6c028", "value": "6144:aBRBf3HM1yPoXqSYkDbLmEezvem1o+PvGGqhYwYMrfMk:cM1EVSfDGEezvem9PbqhNYgEk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813011", "to_ids": false, "type": "size-in-bytes", "uuid": "507b6c02-ff42-43bd-b4b9-8f1d985ff11a", "value": "339784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813011", "to_ids": true, "type": "vhash", "uuid": "882eca83-05fe-44aa-afe4-8c3593259424", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813011", "to_ids": true, "type": "filename", "uuid": "7dd7d1a8-e8d5-4bc4-8134-c203dfbe0b9c", "value": "30b83e5e449612c1aa9fb998c5f7e013.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813011", "to_ids": false, "type": "text", "uuid": "ff7f750d-e050-4e93-9ad0-0917b8f4c2f4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAED\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860201", "uuid": "1390045c-60a9-48c5-b88d-9d545ce8decc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860201", "to_ids": true, "type": "md5", "uuid": "76475d66-c89b-4523-a590-14626b8fd36d", "value": "5dc158194891e933d12b4c2bc0f28313", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860201", "to_ids": true, "type": "sha1", "uuid": "9c304a01-994a-4af1-aba5-d341b8890545", "value": "4b7c9cd5226f5977bf6a7e397734769d4e648f25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860201", "to_ids": true, "type": "sha256", "uuid": "d864172b-0216-4098-a974-b0ac46690ac8", "value": "b6c2e7bd25749f26a4cdebdd1ca0f7f0731fd57e505d726ed6c1447ded1a1faa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813033", "to_ids": true, "type": "ssdeep", "uuid": "440445f7-e920-414f-971e-f042a8d9ba05", "value": "6144:mbXpJkyWOOfUZCVGK4VqcR9EL28ZckoKaO4AxZh2V4EpIM7N1lWkJbR28KXMuWx0:mbXpJk3clPVqo9EncQxXDlMZJbVuNn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813033", "to_ids": false, "type": "size-in-bytes", "uuid": "1afeb0fe-2491-42e7-86e8-62076ee27985", "value": "339771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813033", "to_ids": true, "type": "vhash", "uuid": "384b9ce4-913b-45c1-868d-e2712a090169", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813033", "to_ids": true, "type": "filename", "uuid": "d9877483-13db-4cb2-b30e-e2c06242ef73", "value": "5dc158194891e933d12b4c2bc0f28313.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813033", "to_ids": false, "type": "text", "uuid": "447846dc-a5a1-4a20-a3fc-c30f7f94c648", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860203", "uuid": "817064e1-bb3d-47bc-a7cb-021221d19bc3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860202", "to_ids": true, "type": "md5", "uuid": "185da1eb-e01d-407e-b814-e1eabd26bd74", "value": "2317d412344d6d722387870c8d4575d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860202", "to_ids": true, "type": "sha1", "uuid": "6aa907c5-91cb-41d4-87ea-5216e37f8598", "value": "f685d555fa2dc14066930003ee59b39533eac38d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860203", "to_ids": true, "type": "sha256", "uuid": "34fb964f-ef3c-4dfb-9880-c99774c39899", "value": "d0fae38420e8cc924c1ad5e867e8b466999891f7ec99d6e340c6dc206024098e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813054", "to_ids": true, "type": "ssdeep", "uuid": "b2db0e99-0cb6-4e7f-8792-97a20eb703fa", "value": "6144:upPQbvg9Y6VzwOakiALlI8YkawoeIVEmjgw5p0ll2reAilSbvOHLA5P6:upEvgtTaA+jkyhz50lxNcbvOrW6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813054", "to_ids": false, "type": "size-in-bytes", "uuid": "ea860baf-fcb6-4140-a3b7-7d69c44b6132", "value": "339790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813054", "to_ids": true, "type": "vhash", "uuid": "e56e8c0b-dd0b-4427-baf6-fa6fe8fa1d94", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813054", "to_ids": true, "type": "filename", "uuid": "151fdeb9-4998-4072-9ef1-a0c1c593f471", "value": "2317d412344d6d722387870c8d4575d4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813054", "to_ids": false, "type": "text", "uuid": "979364ff-e682-456e-83a0-dbe49015e472", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAC1\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860204", "uuid": "0531433d-e7d7-4985-9689-bf07a8dbc398", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860203", "to_ids": true, "type": "md5", "uuid": "3b1cadc4-859c-4b10-9abb-a835224ae9d8", "value": "df4608239e9e8f1ff8b1876326c86388", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860204", "to_ids": true, "type": "sha1", "uuid": "e8450e28-fa35-4fa8-89e5-05dcdfa9eed9", "value": "23ec71dc9cd52a51c1d3797d5bb15e1de85a9712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860204", "to_ids": true, "type": "sha256", "uuid": "74e90ab1-5bbb-43c8-89a7-45ba2c6fcc87", "value": "a33f5dd4b2046e639314fc6aeb85f61590800df421833773b448fe355d11479d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813075", "to_ids": true, "type": "ssdeep", "uuid": "85268c68-542f-426c-8f84-f64d208420d4", "value": "6144:NmpAsRUOS/vIa5NeE6xSCimXi0ZcjwdWkJ27AIJpbiU31UicnGlGtUslGvCWA6CT:Ni6O8AevCimX84C7vl1ciuTAvPbg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813075", "to_ids": false, "type": "size-in-bytes", "uuid": "78cee658-0d9d-4313-8a7a-07bb717c4ca0", "value": "339771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813075", "to_ids": true, "type": "vhash", "uuid": "8b1b2644-1494-4623-b3bf-f4d6cd8199a8", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813075", "to_ids": true, "type": "filename", "uuid": "fea56397-4fdc-4e12-9690-d90af86841c0", "value": "df4608239e9e8f1ff8b1876326c86388.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813075", "to_ids": false, "type": "text", "uuid": "2e8ba060-2c1c-49c8-9f44-a09dc66cbbd9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860205", "uuid": "bb36eb13-4333-40ba-8110-e1753190e18d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860205", "to_ids": true, "type": "md5", "uuid": "ecf2aa24-b876-44a7-a1be-d45458dc28c6", "value": "5859f7772c27b6b2003649fb4731c3a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860205", "to_ids": true, "type": "sha1", "uuid": "509bd074-140c-41ed-adde-3a3a159c8dec", "value": "19533a6fc29349659aa5f37c29ae42d7d91c8fa7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860205", "to_ids": true, "type": "sha256", "uuid": "c2c2b701-ef91-4be9-b21e-1d9a2a3e931b", "value": "f33fda4c70c516a3cd9e860b5d820cc32015980b222af9fbf53fbb03605aa762", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813096", "to_ids": true, "type": "ssdeep", "uuid": "5e26b661-6231-4c49-af68-5efc91e55ebb", "value": "6144:7RvpV4Z+jOgBf0cwR2gs+JQNjAStrtvFPtxEVFM6mpwg2LaRiBo:1VVBWR2grYlvzyMxwgRReo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813096", "to_ids": false, "type": "size-in-bytes", "uuid": "816befe7-de34-4412-ad3e-0e8b865cc97b", "value": "339800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813096", "to_ids": true, "type": "vhash", "uuid": "5b627261-2be5-4a87-82ae-bf44f1176063", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813096", "to_ids": true, "type": "filename", "uuid": "2fa5eb04-5b36-4e93-856d-f857f1cdba19", "value": "5859f7772c27b6b2003649fb4731c3a5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813096", "to_ids": false, "type": "text", "uuid": "5838eb3b-e615-4197-a43f-5d628eacc43a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860206", "uuid": "20eb4d98-b0ef-42d8-b2bc-6948e1a58e4e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860206", "to_ids": true, "type": "md5", "uuid": "a7f08deb-3edd-416a-a45e-aed862c877f3", "value": "a1e1ea5dc298817db323db0ee5f7b2a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860206", "to_ids": true, "type": "sha1", "uuid": "2037990f-77e3-484f-a4ef-f397a04a0c15", "value": "f20c2e15f1b3cc85c3a9d36f12e9881ef38a3a38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860206", "to_ids": true, "type": "sha256", "uuid": "3f952d17-be87-44d6-9843-3e7c4dd4b0fa", "value": "90782b8bc768cae4e489be9bb958b66c2d87ed7040742765930dc0eef053e7d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813118", "to_ids": true, "type": "ssdeep", "uuid": "811fccf6-e815-4c69-b531-1bc0ebfc0829", "value": "6144:nrnEejPvocpmBgri56TDULPCS92UbjtWTEkL9KZsfY6acGPE8snaaudCuGG:nrEe7v7pyglX1S9/jtWh9e6uynaaudCo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813118", "to_ids": false, "type": "size-in-bytes", "uuid": "60e708d8-8aee-42a4-a641-aa01846d2389", "value": "339749" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813118", "to_ids": true, "type": "vhash", "uuid": "88282a8e-4654-42b2-904e-5a9a23daf27b", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813118", "to_ids": true, "type": "filename", "uuid": "9f3415db-1fc3-44a6-ab12-dfcb9854784e", "value": "a1e1ea5dc298817db323db0ee5f7b2a2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813118", "to_ids": false, "type": "text", "uuid": "55375843-8d51-44a9-a3a3-e6dadc0fbb5b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860207", "uuid": "a77ad168-0218-4302-9b72-3a871baf9b0e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860207", "to_ids": true, "type": "md5", "uuid": "e55450db-6084-4b25-bafa-5ae99df692c5", "value": "379358b371885381a00e725277d55242", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860207", "to_ids": true, "type": "sha1", "uuid": "91b1acf4-6b30-4dc3-aef0-3c2d060c6adb", "value": "c72a8434390f345bac50f4bbd39834b938c4419d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860207", "to_ids": true, "type": "sha256", "uuid": "f60ff3d3-fcf7-4aba-9fc0-158af1f00ba7", "value": "c7c3a8b24b1a77fa8d9c338ec9dd687216787375732defcbe99d7cfc9907d631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813139", "to_ids": true, "type": "ssdeep", "uuid": "c1cb246f-45f8-479f-a933-044e155e25fd", "value": "12288:JNI8NIQNITNItO94wLz4bt+BTFTeaN8ZKDWB26/Z6qDXXhVe0hL7Pe7/KvO:JZjKgNw/4AhTe88Zmx6EqDXXhcYy/KvO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813139", "to_ids": false, "type": "size-in-bytes", "uuid": "e3cacfa1-4a7e-4a2d-b47f-1b57acd97612", "value": "730309" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813139", "to_ids": true, "type": "vhash", "uuid": "09942777-6d90-4fa0-98ab-f645347ad084", "value": "8443f3238cb8011500aff59190a59802" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813139", "to_ids": true, "type": "filename", "uuid": "6f721212-efab-4504-ab44-c2b5c6d3d61e", "value": "379358b371885381a00e725277d55242.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813139", "to_ids": false, "type": "text", "uuid": "fe0efc08-0dad-4efa-85bd-599d96b86486", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860208", "uuid": "a24094d8-6ae4-4574-bfe9-fd12fd326892", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860208", "to_ids": true, "type": "md5", "uuid": "f1ca748e-96af-4343-8e38-4e9b624ff825", "value": "2c29b09b802927997e62671d26c385a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860208", "to_ids": true, "type": "sha1", "uuid": "d37cf2f3-dd44-46fd-9c40-64406a462d44", "value": "73abe4f7e237393380b61f55cc11037d6d0c6f85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860208", "to_ids": true, "type": "sha256", "uuid": "eb673428-fba7-4001-8646-54885d2575fe", "value": "61a03ed2b2b7a06e1c8e590d1ed08d1edfe8230aa66e16e3cd87b6263f438324", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813181", "to_ids": true, "type": "ssdeep", "uuid": "fc06a222-c965-4985-ae9a-e6a85836d31d", "value": "12288:gp5Aenh7D4XElEUwpEhHXsxKdzLl29Emm0SmiwacsTzWLc9eUO2lhQHwT8:gpdQEmrp6zlJL3WLwfvJ8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813181", "to_ids": false, "type": "size-in-bytes", "uuid": "c28621ef-87c7-433c-9877-e4203b16e212", "value": "820185" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813181", "to_ids": true, "type": "vhash", "uuid": "0800e2ed-d29c-4da8-ae6a-807b7afe508f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813181", "to_ids": true, "type": "filename", "uuid": "4cbfe042-ce0e-46ae-bc54-aec9b203b9c3", "value": "2c29b09b802927997e62671d26c385a1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813181", "to_ids": false, "type": "text", "uuid": "17eb31e5-d1b1-4720-8c80-81ed85b83a61", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860210", "uuid": "e72feeb7-0a88-4bb6-b65d-8b54a7fe4e86", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860209", "to_ids": true, "type": "md5", "uuid": "cf847941-569e-44fb-a32b-7a96e25ae7f1", "value": "22d8ff7fadc3de647a95010bc6983796", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860209", "to_ids": true, "type": "sha1", "uuid": "fadf0179-2536-4ebd-8c9e-8fe24f5b1864", "value": "497bdb9b5642fe31397c730652d0bffc208b9486", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860210", "to_ids": true, "type": "sha256", "uuid": "ae3e7e5d-9ed7-4b5d-92d3-b8739c4586a2", "value": "3d058051e0867dac35fccb0ca5cffcce133af59e6f0427b3ce7230965d80d164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813203", "to_ids": true, "type": "ssdeep", "uuid": "824859a4-a38b-4a96-b780-85379efa446e", "value": "24576:ujSJ0jzNdoemn9gX4n/myQOOTsBsLducy9:uk0jTSneXg/myQOEpp0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813203", "to_ids": false, "type": "size-in-bytes", "uuid": "4bc77779-9c73-413f-b028-48c40b9ceb00", "value": "809934" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813203", "to_ids": true, "type": "vhash", "uuid": "e3288493-be9d-4f73-9640-e51b04ed40f1", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813203", "to_ids": true, "type": "filename", "uuid": "17234e6c-b506-42c0-93be-1808a2824248", "value": "22d8ff7fadc3de647a95010bc6983796.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813203", "to_ids": false, "type": "text", "uuid": "f9e047ff-bd03-478a-bbe5-a477b519a545", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860211", "uuid": "dbe2e2a2-e126-486b-af15-8fda55298310", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860210", "to_ids": true, "type": "md5", "uuid": "6dad37aa-9097-4507-9675-cf90ae6cb51b", "value": "f9f0281520e006965b50c1c82a246a11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860211", "to_ids": true, "type": "sha1", "uuid": "9b9a8555-4d18-4438-91c7-4e1c68570a32", "value": "ea770f79a81a529cb51172d6754218fb1884f374", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860211", "to_ids": true, "type": "sha256", "uuid": "b03c74a3-b1e3-468b-92b3-de9c8a8b9b91", "value": "4cf6f2ae921e65af9d4549843820132132804c0674defe1a380e30f0d82880f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813225", "to_ids": true, "type": "ssdeep", "uuid": "e07bc646-2e6c-48bc-90c8-3f6312e30c74", "value": "12288:fBTRMWF4vlQeQMs+nO3hXfnWrjKd59LNwaUjGclD6dUT4g8fvPhXm53EBSf9tX/l:fBKlQisQGhPf9NpXclmdW4gMvZVIX/l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813225", "to_ids": false, "type": "size-in-bytes", "uuid": "fbec62ef-41b5-4201-afba-5d754b14247b", "value": "820078" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813225", "to_ids": true, "type": "vhash", "uuid": "88766a8e-8383-4344-a15a-cc05bf377406", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813225", "to_ids": true, "type": "filename", "uuid": "5e038103-e0b1-43d2-a3a8-05a9282d115c", "value": "f9f0281520e006965b50c1c82a246a11.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813225", "to_ids": false, "type": "text", "uuid": "b8f2b4b0-88c2-4082-9125-bc99a6ac4356", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860212", "uuid": "3bd13d1e-382d-4afe-883e-7c58a4505279", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860212", "to_ids": true, "type": "md5", "uuid": "2bd0d8ea-4258-4624-8109-44e5f90e38d6", "value": "19554c9459b8fe93dcf510e11d871c7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860212", "to_ids": true, "type": "sha1", "uuid": "3cb950c4-9e53-428b-8bba-ff063e008e62", "value": "c09a7edd439eb41394c7cbe836fade89950fe9df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860212", "to_ids": true, "type": "sha256", "uuid": "bd492f7e-cac1-4603-a7dc-b1e7c77130e4", "value": "5d608b5dc9c2896cad2b8a78f688ecb1fa36b0944d3e485cb2ace20d3de3bb9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813246", "to_ids": true, "type": "ssdeep", "uuid": "f120c925-6b0a-413f-b02e-c5dc118cae41", "value": "12288:FBTRMWF4vlQeQMs+nO3hXfnWrjKdBFQesBk71qo6rS0oDoHKtYPlSP6H3xZ6Cp8G:FBKlQisQGhPTWG711yGD5glxB8+ya" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813246", "to_ids": false, "type": "size-in-bytes", "uuid": "71944bae-388f-4adb-a022-120006172c33", "value": "809909" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813246", "to_ids": true, "type": "vhash", "uuid": "22a7cda8-2677-48ff-8609-1df531266b9d", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813246", "to_ids": true, "type": "filename", "uuid": "6ac7bbc6-3a82-46e1-916b-6b59ae57b2ea", "value": "19554c9459b8fe93dcf510e11d871c7d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813246", "to_ids": false, "type": "text", "uuid": "282cee39-9fbb-41ad-bc87-736ff30e1ce4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860213", "uuid": "71925d75-3297-41e9-8071-ce6eefe041b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860213", "to_ids": true, "type": "md5", "uuid": "6d1ec1db-bd19-4a64-a77e-51a6ed1947c6", "value": "022f622969e5ce59b96f6b0b8a01296a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860213", "to_ids": true, "type": "sha1", "uuid": "4635faf1-a7d8-4abe-9769-18c33e02f0f3", "value": "ebb5ddc4de40c215829f89f9013e7b98b4fe03aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860213", "to_ids": true, "type": "sha256", "uuid": "c0cdb3b9-edbc-48d4-aec0-2a5e180dc986", "value": "f070e82e9fc5d8753417f06541febff7fdf9f60e9b7ec3c0635f0faf25663471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813267", "to_ids": true, "type": "ssdeep", "uuid": "55fa632b-2304-4ff2-a92c-ee804819a891", "value": "6144:e3dk1+eaXVETEd6k1WjM7ZYvOl+Qmb8/mTea1o964kArWzPX82u4yfDQkzNJ:e3dk1z4EQd6EMfWlu4Yho96XAr0Ps2V8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813267", "to_ids": false, "type": "size-in-bytes", "uuid": "23f4ae12-85d6-4873-82a3-b21b997f0ba9", "value": "253685" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813267", "to_ids": true, "type": "vhash", "uuid": "a31d0e82-7ab3-45e7-bb47-3d2e3715d540", "value": "18d72edf629d205b5e6f05850b9e7d10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813267", "to_ids": true, "type": "filename", "uuid": "1334b10c-ce14-45f5-b5f1-97581650ceb3", "value": "022f622969e5ce59b96f6b0b8a01296a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813267", "to_ids": false, "type": "text", "uuid": "1e35b3c4-3dd8-41c4-9a0f-5974e882739b", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860214", "uuid": "fb9008fb-2bb1-42ad-a21d-0c82f65a1ac1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860214", "to_ids": true, "type": "md5", "uuid": "89da7354-1ff6-4409-aada-917d7dbff933", "value": "2aa9d22b140477f96942370ae12a4985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860214", "to_ids": true, "type": "sha1", "uuid": "2a265e20-ba5d-4fe0-8654-e21dc6bcd62b", "value": "f75c4cfc4ed2bb062ee4ed3f4a8a78809b384ee6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860214", "to_ids": true, "type": "sha256", "uuid": "5f15cbab-76ca-438d-9608-e8a7f3f21bdb", "value": "8b23006a76092daf016f13a0fcf08af01c830a5f1b6fa046693cade22fe5cf2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813289", "to_ids": true, "type": "ssdeep", "uuid": "7d02f761-f1b2-442d-bcb6-cdded1cf1ca5", "value": "12288:LjjXp4m/WXgC0ZhcQNwmtn20KdHLFyaZAtbI3vKIzcGgvggQah6uuK3adeyfZA4:XjSJ0jzNdYFNZsbuv7zcHvwi6MqMWA4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813289", "to_ids": false, "type": "size-in-bytes", "uuid": "4402bd48-e84e-45d1-ac7d-d453c10a411c", "value": "820273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813289", "to_ids": true, "type": "vhash", "uuid": "badb117b-5554-413a-8173-53de3608728c", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813289", "to_ids": true, "type": "filename", "uuid": "db68928b-6d6f-49a3-9dc1-f17ea9af7e3d", "value": "2aa9d22b140477f96942370ae12a4985.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813289", "to_ids": false, "type": "text", "uuid": "f3b24e6d-18ff-4a88-ad76-5586d78f79b6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860215", "uuid": "c2eea52f-e5fe-4dce-b40d-a156c207f02b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860215", "to_ids": true, "type": "md5", "uuid": "9c07b594-3080-495e-9be9-623ce8cca45f", "value": "0763c22a1461d5b258fc985cfec65978", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860215", "to_ids": true, "type": "sha1", "uuid": "bbc90b83-f959-4e80-8241-9f22c02d619f", "value": "e24df3659561781185bf30097da8fa0f5474e015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860215", "to_ids": true, "type": "sha256", "uuid": "e631330f-5987-443b-8807-34d55d6dbc93", "value": "75a75cd56b158d45265924accb5a2f53ebe4c5e21d0208a2a4a8722090159daf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813310", "to_ids": true, "type": "ssdeep", "uuid": "69e1b3d1-3e80-4d2a-9c80-43c80026bc1f", "value": "12288:ZsX84J82jaS3SwEiRQOV72QZzfWoJbm0oRIbtE8rB5i:ZWj/3uOV1ZzbXoOtEMB0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813310", "to_ids": false, "type": "size-in-bytes", "uuid": "1e2c804d-b519-41aa-a94c-a33b6feab316", "value": "581875" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813310", "to_ids": true, "type": "vhash", "uuid": "ecc3905e-d321-4480-a281-d62f01135de8", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813310", "to_ids": false, "type": "text", "uuid": "803e9168-d4d9-4a04-8e15-bcf9cdf304b4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860216", "uuid": "22789178-dfc5-4e9f-874f-654bad0711f7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860216", "to_ids": true, "type": "md5", "uuid": "adec8544-af57-4675-913d-55f99f912e62", "value": "09fece08d13250ebcabcd1fafcc0e5a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860216", "to_ids": true, "type": "sha1", "uuid": "71ae5d79-e9cd-478e-aba7-24b5171b50cf", "value": "4ffb0c625cc38aaf86e73ebecf7c40e9bdc7d363", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860216", "to_ids": true, "type": "sha256", "uuid": "292fe5fe-e46d-4f9b-9d35-039efa199963", "value": "ef39ef11c1890bf3764afe095f3549b163e2370b2c4fc1f00343ddf4ffebad2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813332", "to_ids": true, "type": "ssdeep", "uuid": "f84d7af8-474e-487b-9bf5-175febf424f6", "value": "6144:TzILBjeW1VgWy+LTPU+fI/31pR/LcTJqsrtK0olC31XiY4x:TMFf1SW/4BI60MClS7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813332", "to_ids": false, "type": "size-in-bytes", "uuid": "af7bb1c9-9097-4492-bf9d-705724916817", "value": "339752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813332", "to_ids": true, "type": "vhash", "uuid": "4ed211dc-5a2b-4196-942a-e14583458a5a", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813332", "to_ids": true, "type": "filename", "uuid": "3a982891-23ab-4098-8238-571b33b6dd87", "value": "09fece08d13250ebcabcd1fafcc0e5a7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813332", "to_ids": false, "type": "text", "uuid": "d7831644-28ab-48c7-8bcc-5e1856a46466", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860218", "uuid": "670c264b-5838-4ab8-8c67-e3f380e0d567", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860217", "to_ids": true, "type": "md5", "uuid": "4c192ac3-31f8-4ea5-86bb-74ea407d4a76", "value": "40f4a84e78a90286df1d7526dcd64b43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860217", "to_ids": true, "type": "sha1", "uuid": "ada9d520-7595-4b58-a766-1145c9ffaf52", "value": "efef898afe7172a1ff24c5875f4b5c76dbe5982d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860218", "to_ids": true, "type": "sha256", "uuid": "1b1daf2a-ab38-4245-b1b9-f49e1f4fc113", "value": "98d27ee5c1f621da3a6af663bd545ae73f56981f9a8249fb028c39751fe3e3ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813353", "to_ids": true, "type": "ssdeep", "uuid": "e7b372fb-b2a2-4aa7-9741-3c5772252272", "value": "6144:8oo8YxJrjCn6J6OR+CDZfXsDyiZChONicGP3hsfxccogwn+zvXIy6WyR:8oojx5DsONDxXayiQaiPac6wmIXHR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813353", "to_ids": false, "type": "size-in-bytes", "uuid": "8190adf3-6f2d-4122-a813-3aad1546b5a3", "value": "339816" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813353", "to_ids": true, "type": "vhash", "uuid": "7f456d3d-39c4-4716-906b-c2ef92900926", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813353", "to_ids": true, "type": "filename", "uuid": "2c99606c-aaa4-4d2f-9526-19f5a1f3502e", "value": "40f4a84e78a90286df1d7526dcd64b43.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813353", "to_ids": false, "type": "text", "uuid": "4ff62cbb-a374-419f-b49b-66accfa50628", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860219", "uuid": "0e3dd0a6-e166-4da0-ad44-6e6ec5994340", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860218", "to_ids": true, "type": "md5", "uuid": "faa8f12b-42c8-49a0-b182-b45f83a1c721", "value": "e1914dab4f523443d8e883ed848aa04e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860219", "to_ids": true, "type": "sha1", "uuid": "a4d97e86-bb16-4230-9629-fe0e4a7a7e74", "value": "ba1ac70e8c026f05c499d2bdd65a0999bb94e5e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860219", "to_ids": true, "type": "sha256", "uuid": "5c17c3e2-11cc-4430-944f-1afb49f8f41f", "value": "41fdb035ee7b26c07cb90cadf1693148883846845b68257d9564e0fa8a24ca6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813374", "to_ids": true, "type": "ssdeep", "uuid": "77177a25-1f0b-4088-966e-c6d95f0c06e7", "value": "3072:Rh5ckMUlxL8vUYdhj/BLKfLZH+mcvhktSG9/pkzH0:YUh/YdeFHoqtSUKU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813374", "to_ids": false, "type": "size-in-bytes", "uuid": "8e5f688e-3613-4f3d-842c-5fa81660995d", "value": "117265" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813374", "to_ids": true, "type": "vhash", "uuid": "242485a8-cf95-4e88-9b4a-6f2aff685ca3", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813374", "to_ids": false, "type": "text", "uuid": "ca54d555-7f86-4582-9697-50a91e082ef4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860220", "uuid": "152653bd-4b9f-48a0-9243-bd367e5593ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860220", "to_ids": true, "type": "md5", "uuid": "531d207e-e362-4102-85de-16619b918894", "value": "bfeb3d08bfdd2dee79b82208fbde26ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860220", "to_ids": true, "type": "sha1", "uuid": "edd5d948-fe53-49f1-a811-26d035aa4333", "value": "c48a617e4e99f4ca9f54f5ecdf6861aa301e32a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860220", "to_ids": true, "type": "sha256", "uuid": "9c16473f-0791-417f-92c1-593de78e916c", "value": "3b52494defdbd9fd62ea92816e4f64b0e9b6cc4380984b682f9a7ce09b80829a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813396", "to_ids": true, "type": "ssdeep", "uuid": "451fb79d-c4f5-4978-b1dd-a4c478df2e22", "value": "24576:8jSJ0jzNdX1kmoDB/3NBDy8FHDbiTsfSEekHAW:8k0jTWB/lJDboiLHAW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813396", "to_ids": false, "type": "size-in-bytes", "uuid": "113a67fb-355a-4743-a134-5db10b9b9301", "value": "820263" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813396", "to_ids": true, "type": "vhash", "uuid": "3d7e4e9b-0246-4ccd-9a93-d8471d843452", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813396", "to_ids": true, "type": "filename", "uuid": "fd3684b5-9767-458f-a2f1-99fbfe81d095", "value": "bfeb3d08bfdd2dee79b82208fbde26ae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813396", "to_ids": false, "type": "text", "uuid": "88be37d2-3942-47be-8572-b1f4f55c2e4e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860221", "uuid": "8ef1a3b0-4433-4cb0-8571-79111f95a4b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860221", "to_ids": true, "type": "md5", "uuid": "09787ad3-856f-4982-a17b-924125613799", "value": "0c2ab9b4ae8063a2a78a085f16ff5045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860221", "to_ids": true, "type": "sha1", "uuid": "c848a267-5681-411f-bb7c-05d1059f70d4", "value": "2605bdc8532e14b0109cd369fd6d17f0e45e4aeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860221", "to_ids": true, "type": "sha256", "uuid": "9a921f7f-e3ac-4692-8206-25430afe89f3", "value": "d80847ceaf9007d2eae8b13564795e389497da60a607304062a48f7836498cce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813417", "to_ids": true, "type": "ssdeep", "uuid": "71d79049-c546-4b0a-ba43-493071dee6b1", "value": "1536:tpbguvLg/MbbVlUbgLKxe7wuQt6XDyLaFArHETO1dVhfEyt5KwsEk76ggOLh:jZTgkTdKxfMXDybETOnb/t5Kw6GgT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813417", "to_ids": false, "type": "size-in-bytes", "uuid": "c26bf338-5dd5-45e7-9bd9-16737d4185da", "value": "88780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813417", "to_ids": true, "type": "vhash", "uuid": "c49c3204-3291-409f-8da3-a9bdf0a49134", "value": "de6883b7d67d282feec7646c05c31afe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813417", "to_ids": true, "type": "filename", "uuid": "8b259d0e-eff0-4dca-a424-b06ad0702f4f", "value": "0c2ab9b4ae8063a2a78a085f16ff5045.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813417", "to_ids": false, "type": "text", "uuid": "3054622f-bb60-4680-89a0-82f016aa9872", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA13\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860222", "uuid": "86876ade-5e22-418c-bf69-f0521410ba3f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860222", "to_ids": true, "type": "md5", "uuid": "3420b474-1674-4411-9fb3-0c3ebbef657e", "value": "0c7b887b4f7118ce7b6e563a2bafc35a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860222", "to_ids": true, "type": "sha1", "uuid": "01a776e8-1c5c-4a39-b107-6748f6bd1ef8", "value": "902999e9e023dc9668eec12617b772b708b306cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860222", "to_ids": true, "type": "sha256", "uuid": "ae9a0209-2b91-48fd-ab82-b21e5f391507", "value": "8a2b8688c24442d66f918eb01f54b5f630c9ad0d45162e74d510bf269773f81d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813438", "to_ids": true, "type": "ssdeep", "uuid": "4968f004-7e6a-4c04-a98b-fc5cb0e73db3", "value": "6144:4XdVHsCU0MCj59vpV6Q8xzR51KsrnHZCmADqgFD5W8hhgfauBk0u0lejdwDeG960:4XdVHdQKsctFD5pUBj2dwD5R3F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813438", "to_ids": false, "type": "size-in-bytes", "uuid": "6dd17de9-ad6e-4ed2-aca6-b263d8acc993", "value": "339732" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813438", "to_ids": true, "type": "vhash", "uuid": "50aae9d7-3d8b-4f7e-a4b7-60bb57af86dd", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813438", "to_ids": true, "type": "filename", "uuid": "53331f6d-cdba-462c-900e-07f2ef733ecc", "value": "0c7b887b4f7118ce7b6e563a2bafc35a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813438", "to_ids": false, "type": "text", "uuid": "69dff13d-1400-41f9-8520-c55ece1fba00", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA9B\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860223", "uuid": "68399082-2610-4589-80f3-53061413f34c", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860223", "to_ids": true, "type": "md5", "uuid": "36f77100-b6ae-48c3-b6e8-b9183296d6ad", "value": "0e03cae81a0a2ee8ec0865401a97900c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860223", "to_ids": true, "type": "sha1", "uuid": "eeaca11a-ed37-4d00-8bc9-00ae26cb4231", "value": "0cdd43d12c51e1554a0b85ced666b219bc44f19c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860223", "to_ids": true, "type": "sha256", "uuid": "143b3a75-aa40-42fe-9685-c91b4a9b2bb6", "value": "28f11ffebc8cb9a52fddc9d2d6d5aec69cdcba7c68dabb531665ef43354cfd2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813459", "to_ids": true, "type": "ssdeep", "uuid": "d0b4aa63-341b-4fba-a954-d5e5caa52f55", "value": "6144:we6d7AlwtZjQAfohGWS8Dsv60dYiXU+9XCkHfglJEuI/aQFWtX4ta/aFz:5a0lZAfubU60JPj/8JEpFWJviFz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813459", "to_ids": false, "type": "size-in-bytes", "uuid": "6eecc9de-1306-4d17-9f50-ff6de03c34ac", "value": "339784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813459", "to_ids": true, "type": "vhash", "uuid": "b62201d3-78f4-472d-a2e3-5750c1e80b57", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813459", "to_ids": true, "type": "filename", "uuid": "670a6db0-80e1-43ca-a173-e43e9d4c5dd2", "value": "0e03cae81a0a2ee8ec0865401a97900c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813459", "to_ids": false, "type": "text", "uuid": "3acb4ccf-56bb-486d-96d8-7edf124b03fa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860225", "uuid": "b5454276-9f0e-4990-ac2b-846d70bf9d35", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860224", "to_ids": true, "type": "md5", "uuid": "c3018fee-3490-4fb1-9118-10ca9c56fe04", "value": "2cce776d3a184ab417b715d2d9524915", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860225", "to_ids": true, "type": "sha1", "uuid": "292b5c99-a1bd-4e4e-889f-5c80318db10b", "value": "06922b02ee86db06137183451ac8a380e7bc3499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860225", "to_ids": true, "type": "sha256", "uuid": "01198013-83da-425e-9c9b-90623274e7db", "value": "d5a4525f38cf567e40e9ba4215027b24733f56337949ab74761ffea1081081bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813481", "to_ids": true, "type": "ssdeep", "uuid": "eebd8692-a33a-4993-ab7b-605132f61091", "value": "6144:vAYfVrOwDiOGARVdArLsIun1lTAJkuv0b0wjj1ZS4IPoTrSK3hFVtXPI1PsTRJ1u:vAcVCvzieL8n1lk8b0wHyPGrSK3LV9It" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813481", "to_ids": false, "type": "size-in-bytes", "uuid": "16380f39-f2d6-4d47-aa05-dac1ae6efe57", "value": "339743" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813481", "to_ids": true, "type": "vhash", "uuid": "c0bee12f-2e77-48e9-a9a0-20aceff81d35", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813481", "to_ids": true, "type": "filename", "uuid": "ab0021b0-a834-498d-85c9-6d3e0085bed7", "value": "2cce776d3a184ab417b715d2d9524915.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813481", "to_ids": false, "type": "text", "uuid": "2925e72b-ff3e-47e2-aa5a-21705902cb44", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860226", "uuid": "378fb555-e077-477f-a5c6-f6d6b9a4beb1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860225", "to_ids": true, "type": "md5", "uuid": "4c7a817d-9205-426d-800d-f1947139bcc9", "value": "d749d53c221adb73988577a046981c55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860226", "to_ids": true, "type": "sha1", "uuid": "eab01a33-5dd3-4a89-8386-946c538749ce", "value": "1eddb5dd9c1b7ebfc9531bb17f5b87563346b24b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860226", "to_ids": true, "type": "sha256", "uuid": "3258cbdf-1daf-4891-ba49-ebde67446dd9", "value": "97256974a634feabad8ab8c16063914ff12ee913bf6dda39323a957d7672b4cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813502", "to_ids": true, "type": "ssdeep", "uuid": "96a4c9c7-4e4d-48a8-b9b5-92aab364c1ce", "value": "24576:9jSJ0jzNdn50moDB/3NBDy8FHDbiTsfSEekHAz:9k0jTOB/lJDboiLHAz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813502", "to_ids": false, "type": "size-in-bytes", "uuid": "62e9d344-065e-43c9-8b98-ae8009f80bda", "value": "820258" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813502", "to_ids": true, "type": "vhash", "uuid": "56d99afb-52ed-45b6-88dc-54c24a33bb0d", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813502", "to_ids": true, "type": "filename", "uuid": "2c331635-1b56-4002-95bd-93e5231cfb76", "value": "d749d53c221adb73988577a046981c55.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813502", "to_ids": false, "type": "text", "uuid": "c4a48d8d-efed-4c79-9cff-dfcaf161e711", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860227", "uuid": "51da89fc-502c-4b77-8af8-141d4bd473d0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860227", "to_ids": true, "type": "md5", "uuid": "638ae25e-ab5b-47b1-b157-de8e45d7427a", "value": "dc116ccd9f6cc9a4b946208ad6b407d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860227", "to_ids": true, "type": "sha1", "uuid": "8e908ca7-a931-46f8-972c-5a2d91ed3805", "value": "0eb6c0e31cb8cf5cc97b86c1de4b4fc484deca72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860227", "to_ids": true, "type": "sha256", "uuid": "934f1b45-e2c8-4e12-92b0-4714ca0ab396", "value": "fedb92d94a0f123583326ad074a66aa2e8c27e7ff7694735c2ca3c0ef1caa2c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813523", "to_ids": true, "type": "ssdeep", "uuid": "426ab21d-b339-4cdf-bc88-0293f7af72d0", "value": "6144:zZ0EWZwJ/P7I9NSVTGiLgWCr0ZopqIP2WgOEDT7ck5RhFVtwsNYlw1uqs+gw4hDG:DWZQI9NhcuC4PYOEDT7b5RLVzYMuT+iw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813523", "to_ids": false, "type": "size-in-bytes", "uuid": "bc3f3ddd-8240-48d7-a7c2-f1211a20fc17", "value": "339771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813523", "to_ids": true, "type": "vhash", "uuid": "5c368a2f-ee8c-4f44-8139-13545ac2ad64", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813523", "to_ids": true, "type": "filename", "uuid": "408d846a-5542-4690-af9b-4938a9ee6d0c", "value": "dc116ccd9f6cc9a4b946208ad6b407d7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813523", "to_ids": false, "type": "text", "uuid": "9c9e08c3-3d66-4573-be4a-04076e200bcf", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860228", "uuid": "69f6a1d3-3474-428a-b39d-63505d92ecf0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860228", "to_ids": true, "type": "md5", "uuid": "9e17e96c-82f5-4073-98b4-c961184fc916", "value": "13e7e05e1aedb91d9a739fec20cc6de0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860228", "to_ids": true, "type": "sha1", "uuid": "bc20f3e3-1dbf-4db7-9c64-533ea1fb1eeb", "value": "56f07337fe3370c82fd1e7e03b3a4c9e18de415b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860228", "to_ids": true, "type": "sha256", "uuid": "ea2245a8-1847-4669-beaa-0c695ecc9ef0", "value": "b85c15db5ebd955ce57f38c104f4e94ac129266fc1e2478ba719ddc9042573b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813545", "to_ids": true, "type": "ssdeep", "uuid": "f6cde109-7458-444b-a396-3b12b8b822c0", "value": "24576:ljSJ0jzNdsJnmoDB/3NBDy8FHDbiTsfSEekHAH:lk0jTqB/lJDboiLHAH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813545", "to_ids": false, "type": "size-in-bytes", "uuid": "51b3e78e-4555-4741-b2ab-46e4cb6af890", "value": "820262" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813545", "to_ids": true, "type": "vhash", "uuid": "a40d7fb0-5d23-4130-b8bc-5bbd155045cf", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813545", "to_ids": true, "type": "filename", "uuid": "de7b819b-f9d5-47aa-8644-578e4c1c8d72", "value": "13e7e05e1aedb91d9a739fec20cc6de0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813545", "to_ids": false, "type": "text", "uuid": "8fba6398-8e03-45c8-a00a-865f36f589d2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860229", "uuid": "dbdde125-6339-4c2e-bd2b-7210daef5077", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860229", "to_ids": true, "type": "md5", "uuid": "89b606e5-e124-4b97-bd53-d2f24838df80", "value": "7e60f07b38a32353dcc52ad53db3040e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860229", "to_ids": true, "type": "sha1", "uuid": "e73db76d-bb1d-4374-be03-5edc4e253207", "value": "6e477c8587cf580a4e2edc28b7731cafa6c60d97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860229", "to_ids": true, "type": "sha256", "uuid": "c055d6a3-8542-46f3-8dc2-3b74cc2e7787", "value": "5f149941ae59c32c06a4c99d0f17c3c283b7c6163df4d8d18f94160357a1a507", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813566", "to_ids": true, "type": "ssdeep", "uuid": "14401725-c43a-4bc7-9e03-706271b0d37b", "value": "12288:WjjXp4m/WXgC0ZhcQNwmtn20KdFLp80jwkAV89sfVqXLO9f1wpXdvAaoe5cJ7A03:IjSJ0jzNdqpfja8accGvAYcpHbCF2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813566", "to_ids": false, "type": "size-in-bytes", "uuid": "7f108369-5691-4dfa-91bf-4439b02b68fa", "value": "823054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813566", "to_ids": true, "type": "vhash", "uuid": "032b7c9e-f0a9-4c64-9a12-151f2609fb0a", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813566", "to_ids": true, "type": "filename", "uuid": "e029c83a-c06a-4b92-803c-2d7247125578", "value": "7e60f07b38a32353dcc52ad53db3040e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813566", "to_ids": false, "type": "text", "uuid": "0486686b-1931-42b5-8469-7db4794e7300", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860230", "uuid": "aef35c33-d191-407d-885e-6d613e2b7633", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860230", "to_ids": true, "type": "md5", "uuid": "f4581e05-67ac-48fe-acf9-be252b941cec", "value": "c84454228de8353ce9c958c4fca36fa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860230", "to_ids": true, "type": "sha1", "uuid": "d6fd108d-4dc1-48f9-a4f2-76f4867a9d22", "value": "3b86a2ff869093c46414492ccffe9a4543c6fe93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860230", "to_ids": true, "type": "sha256", "uuid": "f3efd6b0-b103-4ec9-bf4d-6fbf1a8a8ed4", "value": "1327744699fe86a2dcd96652e10da6aa7179bbb06bf26a2d4b8fe63ed649e039", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813587", "to_ids": true, "type": "ssdeep", "uuid": "d4c9fde9-5f37-4133-a101-78bb8aea1ebc", "value": "6144:VRwURwEwhY9F4d+aLpCIDV1HE1UC/wwBMzYdPrEg0V7:TwkwpyXnaLp1DrHMHB5dPYgI7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813587", "to_ids": false, "type": "size-in-bytes", "uuid": "3d3a9758-a89e-4981-901c-f31d1d446bef", "value": "248086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813587", "to_ids": true, "type": "vhash", "uuid": "2ea40ad7-8ff8-4f94-b530-3464ede1010f", "value": "6fb26d796a6e1215dd2fabf133c7d5c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813587", "to_ids": true, "type": "filename", "uuid": "0845c3c5-41bf-4b7e-990d-3257d199e17c", "value": "c84454228de8353ce9c958c4fca36fa0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813587", "to_ids": false, "type": "text", "uuid": "3d3c4062-6531-46dd-ac44-5dc92e301a8a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860232", "uuid": "19756fe8-03a4-4a79-9a05-0c79a32e3356", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860231", "to_ids": true, "type": "md5", "uuid": "c8908feb-554f-4583-8cd2-a4c74c809362", "value": "b19a64313f2faa64d75bec3dbb16f3f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860232", "to_ids": true, "type": "sha1", "uuid": "4b62ac0a-bd1a-4ee7-b740-c4e463d815bf", "value": "ccad622f7715aa68b544d9e26a3132b9623cfb70", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860232", "to_ids": true, "type": "sha256", "uuid": "1394d7eb-34ef-4c91-bc30-0d4c727f588e", "value": "79c7d28019399b0078d3ab12e07a4331ed50a95d3ea2b40027b152997f061004", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813609", "to_ids": true, "type": "ssdeep", "uuid": "368d82e6-828e-49ec-83e7-c6d2e474f56e", "value": "6144:VRwURwEwhY9lId+aLpCIDV1HE1UC/wwBMzYdPrEg0Vb:TwkwpyLXaLp1DrHMHB5dPYgIb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813609", "to_ids": false, "type": "size-in-bytes", "uuid": "3c79401f-9a17-4561-982b-945c6e4270d9", "value": "248086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813609", "to_ids": true, "type": "vhash", "uuid": "27035dd4-294d-4dfc-b886-307e1d8119ee", "value": "6fb26d796a6e1215dd2fabf133c7d5c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813609", "to_ids": true, "type": "filename", "uuid": "e2e9faa3-d31b-422b-8143-23ec909ba990", "value": "b19a64313f2faa64d75bec3dbb16f3f8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813609", "to_ids": false, "type": "text", "uuid": "0bbf8f18-615b-495c-b025-8dc9bc4b8484", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860233", "uuid": "a43db845-374d-43b3-96f9-c5793a3057c0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860233", "to_ids": true, "type": "md5", "uuid": "d0e0f1dd-0821-4dff-bdd8-42dd45602e3f", "value": "979eb7a12a57a89414baf2bc39f009d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860233", "to_ids": true, "type": "sha1", "uuid": "e65bc8f4-a73e-41e0-9f99-a54d2d8a5550", "value": "4419c600b5b118453b9bd8d7eba1add20bd3b65a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860233", "to_ids": true, "type": "sha256", "uuid": "d690c60b-6715-4eab-9c50-f5185c9ac9c2", "value": "d5bba8ce3e9d98c748ade1003de7853fe28a86bf3a2d61f8a071f7d5830a7b03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813630", "to_ids": true, "type": "ssdeep", "uuid": "a3a186a6-4aba-4b7f-a21e-cbe35445926b", "value": "6144:TRwURwEwhY5rKIg9a8Nu+ItBKdUJtsH33wd3lOQ9qPC:dwkwpy5mICNu++KG40x9qPC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813630", "to_ids": false, "type": "size-in-bytes", "uuid": "14d59e2b-5fab-4606-9ec3-16c53d5a5d9f", "value": "240227" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813630", "to_ids": true, "type": "vhash", "uuid": "584f984a-e69e-408d-a2c5-06faaa3ce06d", "value": "a53a8e60e325474c1c4f2e0482a9da9a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813630", "to_ids": true, "type": "filename", "uuid": "f23cef61-66d5-4c2e-9fca-3658913294dd", "value": "979eb7a12a57a89414baf2bc39f009d9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813630", "to_ids": false, "type": "text", "uuid": "327a4916-6cbd-418c-b424-1c74f6541e11", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860234", "uuid": "8ca78c0c-c1ee-4bc2-9e11-4846a41066e2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860234", "to_ids": true, "type": "md5", "uuid": "6e1a7b85-0a43-4393-9166-6abb6d3cd461", "value": "248dcbd782551cf72b8dc286fd1057f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860234", "to_ids": true, "type": "sha1", "uuid": "637c4fa6-4fbb-4e08-a7fb-5a74b596d0fd", "value": "9014d8e1825c30c9b7d05f2544bcf3ad43fd9f46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860234", "to_ids": true, "type": "sha256", "uuid": "116a7c2e-396d-43be-91bb-1fa72583cafd", "value": "945f980daee07cf027f89836cb2cbab0b301fe5a090794aba8ca099c3a9fda7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813651", "to_ids": true, "type": "ssdeep", "uuid": "fc0e9699-62e1-4a84-b255-50cd1acd04c3", "value": "6144:VRwURwEwhYaspX76CKSrqShHV+NygfASRhfDBs:Twkwpyv17/Bq2HVX2Rhm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813651", "to_ids": false, "type": "size-in-bytes", "uuid": "7623ec14-a51e-4959-bc98-60ec4120aa2f", "value": "248179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813651", "to_ids": true, "type": "vhash", "uuid": "9dd95ed5-5946-4b9e-b46a-07f9b890d348", "value": "6fb26d796a6e1215dd2fabf133c7d5c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813651", "to_ids": true, "type": "filename", "uuid": "8c8d4f21-a3e9-4be2-b570-6a4464800208", "value": "248dcbd782551cf72b8dc286fd1057f2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813651", "to_ids": false, "type": "text", "uuid": "423b51e0-f2d4-4b93-b2d2-769c8edc1159", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860235", "uuid": "c1e01126-dd0d-43c5-9257-c1a85a15e5d0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860235", "to_ids": true, "type": "md5", "uuid": "27e3f01b-2df5-40b4-813e-6f36d44a8147", "value": "98c1ffd4594b1d25672711d01e493480", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860235", "to_ids": true, "type": "sha1", "uuid": "0d53f6f3-d660-4a19-a974-87f65fcfedc7", "value": "019d3f86ceb072af8d1fb5f391b65dac28d96e66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860235", "to_ids": true, "type": "sha256", "uuid": "4d9f36e6-e56a-4258-870f-349de0aa9e1d", "value": "004873e6afaab2aa54c54c559f505f9b914d76355422f74b27bb10cfdd09378e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813673", "to_ids": true, "type": "ssdeep", "uuid": "11b90b67-3e46-4529-9d2f-eed8f904cea5", "value": "6144:MD6RKxo611ujoBMgE6mTrD9StY815LKo0Owx1+CqaJRVf6RLk:UoqogE6m7/87KYu4CTXVf6RLk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813673", "to_ids": false, "type": "size-in-bytes", "uuid": "2aa6dbbd-8fc5-421f-a294-9bbfde3b102b", "value": "332103" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813673", "to_ids": true, "type": "vhash", "uuid": "4ea8f19c-6e0f-46d2-bea1-d4d05051c27d", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813673", "to_ids": true, "type": "filename", "uuid": "a93345aa-bfd3-4e7c-add2-2c8b6aa724b5", "value": "98c1ffd4594b1d25672711d01e493480.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813673", "to_ids": false, "type": "text", "uuid": "af21b2d4-78a5-4ead-bf7c-1b27989f87a2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860236", "uuid": "ae80d15b-eaa5-45b5-be1d-9832059743a0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860236", "to_ids": true, "type": "md5", "uuid": "7b328218-bc5a-4b99-adf9-59e18b05d0df", "value": "01361e4e380c315bcfae17b495b94a12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860236", "to_ids": true, "type": "sha1", "uuid": "2d7071ef-c190-48ab-bcab-036b3f929e80", "value": "2d79a64ed66fe2fa1caff37788b3c410bad34c83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860236", "to_ids": true, "type": "sha256", "uuid": "7edf64cb-2d3d-47e2-8d16-b8d9a2aa6f39", "value": "9e122414cd4edcc783926ce64cf8be35262a21774b5fff09eb49697cae54f886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813694", "to_ids": true, "type": "ssdeep", "uuid": "2830b296-9687-4545-a99a-1a76058ee671", "value": "6144:TvNOFW58cDtNQ5lkm2IH1/hplCjuGh6HQcuh3I3SeZlhV7ess6AMLI+7bMvWQVnq:bUU58uO+m2IHXpliVh6wcA3INZZiCAMv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813694", "to_ids": false, "type": "size-in-bytes", "uuid": "9c98f4ae-7f4b-41bf-993b-6b3e37bdc263", "value": "339713" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813694", "to_ids": true, "type": "vhash", "uuid": "0bbc9088-d70b-43d8-b6e8-cded567ec46f", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813694", "to_ids": true, "type": "filename", "uuid": "9c750cbc-0333-45ff-8191-fddb9c926d4e", "value": "01361e4e380c315bcfae17b495b94a12.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813694", "to_ids": false, "type": "text", "uuid": "387e87ea-5d6d-46d4-8bcc-c271332fc5b9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860238", "uuid": "c14e0711-14b6-4958-b389-5953eabe6a9b", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860237", "to_ids": true, "type": "md5", "uuid": "6f9e02ee-e178-40b5-9f1b-c90254413b86", "value": "c939567ae241522a025a2f107255d092", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860237", "to_ids": true, "type": "sha1", "uuid": "cbf761a4-9451-4a80-b51e-4354c3115b31", "value": "bece1ab7392ef52cbb393f13fd952f2a19352b8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860238", "to_ids": true, "type": "sha256", "uuid": "c6d72c6c-7ba8-4b55-81ad-7ebc82ae5280", "value": "a1666b1288f385b66ee2a08dc6572b5a18a9856a1b31e1698276650f6647a522", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813715", "to_ids": true, "type": "ssdeep", "uuid": "3d594c4f-365e-4028-9292-08ef92a44a58", "value": "6144:VRwURwEwhYsaZm+aLpCIDV1HE1UC/wwBMzYdPrEg0Vv:TwkwpybvaLp1DrHMHB5dPYgIv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813715", "to_ids": false, "type": "size-in-bytes", "uuid": "9a6b53eb-a7b3-4b54-92f0-4fb78130824d", "value": "248203" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813715", "to_ids": true, "type": "vhash", "uuid": "66480274-a764-4acf-9e4b-5d6f99aa6af9", "value": "6fb26d796a6e1215dd2fabf133c7d5c2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813715", "to_ids": true, "type": "filename", "uuid": "c75ee6cc-4f61-43ed-96d6-e35542f95f6d", "value": "c939567ae241522a025a2f107255d092.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813715", "to_ids": false, "type": "text", "uuid": "2b567180-0b5c-499a-859e-040dd986f7f2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860239", "uuid": "ec02b525-4c0e-42c3-b111-b18c966ba1b1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860238", "to_ids": true, "type": "md5", "uuid": "01f60937-fd84-4186-99ea-07e043627ffc", "value": "b5649c1ec9aa3b0bf959661c2112c192", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860239", "to_ids": true, "type": "sha1", "uuid": "0a4bd203-cc63-482a-8982-6468331b79ab", "value": "927fd5265f9fc7d945475847e6c1859674b40302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860239", "to_ids": true, "type": "sha256", "uuid": "b1155661-360a-4d47-91e4-4ec8c71092ef", "value": "7a640fa74f886a284ba6f6aa4f6fcd35365bc8927460ce17a8b0664219fbf046", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813737", "to_ids": true, "type": "ssdeep", "uuid": "3b997f1b-3dee-46da-b8f6-65bca533ace6", "value": "1536:ZguvLg/MbbV9ulbgLKxe7wujt6XsyLaFoy8kCoUdpnyXhj5kml:zTgkXJKxsMXsyerQbQhj5J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813737", "to_ids": false, "type": "size-in-bytes", "uuid": "73c85919-fd69-4ccc-9d52-ead8332da238", "value": "87310" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813737", "to_ids": true, "type": "vhash", "uuid": "b23fbc7b-0214-46e5-a034-28289593484b", "value": "9ff60f1db807cd425df943541b69ef73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813737", "to_ids": true, "type": "filename", "uuid": "2c5a50a2-267f-4045-8d56-2306fdf4e93e", "value": "b5649c1ec9aa3b0bf959661c2112c192.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813737", "to_ids": false, "type": "text", "uuid": "17d79d01-0037-48a5-a2e9-52df3233a708", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860240", "uuid": "57ab9cc7-156c-4744-acc1-849713223607", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860240", "to_ids": true, "type": "md5", "uuid": "36ff9d75-c44b-4e1c-81e2-89526d379f7a", "value": "de6df1946fa70f906c4b00dcf1479b63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860240", "to_ids": true, "type": "sha1", "uuid": "f7bbc799-2dde-4f41-9c7f-54631b563668", "value": "e44499489e234344569972e4711e71d4d3ae9043", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860240", "to_ids": true, "type": "sha256", "uuid": "a7ba0cac-c99d-4a8a-a2a7-3932608a544a", "value": "97fe4fb5f51f18acd2ba2db134ea791ec36719c45cf7c5b051c43e88647aaee6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813758", "to_ids": true, "type": "ssdeep", "uuid": "1425b229-5cb9-4a8c-b8a6-736c33daf6d9", "value": "6144:oHuLRbGDx1BsbuCMmXcgXY5yoX0+nrJHYnq8NxSgDOnfB5f0FDJV903HV9bRZbt:oHuLRCF3S5MIcgXHD+nJYq8c8FV09" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813758", "to_ids": false, "type": "size-in-bytes", "uuid": "ab60e60b-b935-4e8d-b6ce-5c5de23c9054", "value": "331476" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813758", "to_ids": true, "type": "vhash", "uuid": "b5fcc5cd-bceb-4676-8503-4e8c83b83e06", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813758", "to_ids": true, "type": "filename", "uuid": "dca6452c-7833-4efe-bb9c-e5988381bf17", "value": "de6df1946fa70f906c4b00dcf1479b63.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813758", "to_ids": false, "type": "text", "uuid": "e4cd2d67-b1a1-4cf8-9c67-72023071b46e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860241", "uuid": "8f5d505c-2e88-481b-a6de-4c837e11ddbf", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860241", "to_ids": true, "type": "md5", "uuid": "86985902-0d63-4976-ac00-d20382deb4da", "value": "748b92b2a4c3b8c7b8edf3df12e9eb99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860241", "to_ids": true, "type": "sha1", "uuid": "4eaf77ca-8f3b-4932-82f1-7cc451127351", "value": "72b1fd337e2f00a00a29b1bdb2d875d0e2118f50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860241", "to_ids": true, "type": "sha256", "uuid": "2a63e37c-8332-413e-b861-405f7eb8e61c", "value": "2d4739f9848165d93af90500f3f037324bde75ccbd6c5849b14c669bc9bdc11c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813779", "to_ids": true, "type": "ssdeep", "uuid": "99fc5510-b691-402f-bf51-bae69a22aa02", "value": "6144:xnYjrlAFxKrPoNvMMgvIc6na8a4cRnk2bA+czOm+sQvyUzbYZ:mlu8PoNUXIna805p0NzivyU/YZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813779", "to_ids": false, "type": "size-in-bytes", "uuid": "d5e0f51d-b04d-4b26-a4e1-4fb288607fa8", "value": "331477" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813779", "to_ids": true, "type": "vhash", "uuid": "7c14f6c3-2061-456a-98d7-af01d22eca95", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813779", "to_ids": true, "type": "filename", "uuid": "28c135cb-f67f-4918-a677-f523f86bddee", "value": "748b92b2a4c3b8c7b8edf3df12e9eb99.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813779", "to_ids": false, "type": "text", "uuid": "a339dd0d-40c8-41ab-a9ed-884f856a2020", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860242", "uuid": "05043283-d798-4e10-b19b-f254f3961d9e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860242", "to_ids": true, "type": "md5", "uuid": "2df8f069-e642-4d55-94cd-ee14ec64ef5d", "value": "df855dfe8afcadd0ddd73d97584e3b84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860242", "to_ids": true, "type": "sha1", "uuid": "82aa2986-15b0-4f37-a88f-42d9091ce887", "value": "29b2caabee895c3d97b9367dd260a9bfc33f31bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860242", "to_ids": true, "type": "sha256", "uuid": "484ac954-51d8-40cb-91e0-399f723ab82d", "value": "a08443ff17898dc58c5d6a507716e093c2719b8ff240a665269a0de45a808c50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813801", "to_ids": true, "type": "ssdeep", "uuid": "1cf66a98-1d18-4ace-b490-c6dbca2e350a", "value": "12288:0jjXp4m/WXgC0ZhcQNwmtn20Kdl14+y6SmTBOKc/0XB3ViJ4spHBvAdX2FpOj7EJ:ujSJ0jzNdOw+TDc/0S4sphvs4pOcpoG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813801", "to_ids": false, "type": "size-in-bytes", "uuid": "556221a6-dc53-4930-bf29-e57e45bcd84b", "value": "810121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813801", "to_ids": true, "type": "vhash", "uuid": "8680cb80-79be-48c3-aea0-b78ba25cfe8d", "value": "595971ed6570297eca609550c8a1ac6b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813801", "to_ids": true, "type": "filename", "uuid": "d1d6e17d-d810-4193-8ab4-2a50e34feb59", "value": "df855dfe8afcadd0ddd73d97584e3b84.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813801", "to_ids": false, "type": "text", "uuid": "4793d508-0000-4191-94c2-377585183f7d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860243", "uuid": "e91a33cd-1b65-4a31-a490-7fe545ccc41e", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860243", "to_ids": true, "type": "md5", "uuid": "389b85fb-18f1-4db5-88dd-eeef7c694245", "value": "38dc65df7abbc8d06f058fa9337497f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860243", "to_ids": true, "type": "sha1", "uuid": "2bc50018-1d22-4b5b-8154-877a88a4b4ea", "value": "813eac605073923a3c480a3cfd0fb1181c6a1a63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860243", "to_ids": true, "type": "sha256", "uuid": "6e19fe66-6d58-4c3e-83ae-a60f168596fd", "value": "c17a7e0c846f3b406f79b36b77e51c2c7246aa522ac7e34d5f4dc7187fa0a207", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813822", "to_ids": true, "type": "ssdeep", "uuid": "569cfed4-93bc-4fcd-931b-e19e80a04b01", "value": "6144:VUKamg5DIWQ8x2EBUxc7auGkfycMFDy65lnt9Mqp3:s5DIWQk2w7aKmsIYq5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813822", "to_ids": false, "type": "size-in-bytes", "uuid": "e9dc1a1e-8df8-45c5-83e5-2264b6a2bb2d", "value": "331461" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813822", "to_ids": true, "type": "vhash", "uuid": "85ae1dc7-480a-4b23-86e4-8d20ff8af18d", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813822", "to_ids": true, "type": "filename", "uuid": "1264d3e0-a903-4349-98bd-10e7f74232c1", "value": "38dc65df7abbc8d06f058fa9337497f7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813822", "to_ids": false, "type": "text", "uuid": "d24b79f5-68ed-4253-b8c8-cba3908aaeb5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860245", "uuid": "f21962ac-b154-4476-87f5-42085c8de8ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860244", "to_ids": true, "type": "md5", "uuid": "314b73d0-d5e9-45bc-8e75-4c99678a9614", "value": "6a5322336d0be2fae77657791f6b65c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860244", "to_ids": true, "type": "sha1", "uuid": "415423eb-28f8-425d-916a-3a48493fc396", "value": "3ca9ee43ee35869c4fdeb15194e552281fd6b5ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860245", "to_ids": true, "type": "sha256", "uuid": "20d85ef0-0dc1-4bb5-a362-687160f283fa", "value": "8badc32ea4694212c07e369ea2f74e1fb16a4a68b7341dbadedc7369c76dc105", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813843", "to_ids": true, "type": "ssdeep", "uuid": "e8092fca-9eee-4c3e-9d89-bfd188844553", "value": "6144:LGnX2uOzd+Ofc2qxKnaya4rvFe6/xqRqjLmUCnIMRJM9N:LS2R+OfXkKnayDvFeBqjLmUIJ+N" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813843", "to_ids": false, "type": "size-in-bytes", "uuid": "180879f0-3b4f-4cb2-99d1-6f8e7740524f", "value": "331510" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813843", "to_ids": true, "type": "vhash", "uuid": "29f264de-6e5d-440b-a35a-d580d2d48228", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813843", "to_ids": true, "type": "filename", "uuid": "6720db24-905d-4d26-8bad-5b507dbcc2a5", "value": "6a5322336d0be2fae77657791f6b65c9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813843", "to_ids": false, "type": "text", "uuid": "512ec7ef-ba57-4fd8-8cac-37c4a8924d94", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860246", "uuid": "2e009675-d930-4291-affe-5c97a0300f4a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860245", "to_ids": true, "type": "md5", "uuid": "14f8b7da-ad99-43a8-a681-4c75f4851492", "value": "71f9693eb45d50c9002be2fe5d1317a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860246", "to_ids": true, "type": "sha1", "uuid": "e0e1ab59-b517-4ea3-b512-0defe0e08938", "value": "bdec8affaae684de9844a410f2f642828c7352e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860246", "to_ids": true, "type": "sha256", "uuid": "ec03bdec-5674-40e3-964e-65dc72b65d87", "value": "7fa9bef1513b48653955976e15439fdc7bc7d051d4dedb9ecaa3999205d32286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813864", "to_ids": true, "type": "ssdeep", "uuid": "863e2b51-00be-4b25-9ed4-95cf7f7c8565", "value": "12288:0jjXp4m/WXgC0ZhcQNwmtn20KdK4ekXL9r+jOXpNk7g1NRUOKF4OfxpiH0uA86:ujSJ0jzNdzeIjOXpNagbRUOyXpinA9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813864", "to_ids": false, "type": "size-in-bytes", "uuid": "ea1e4a2f-543d-43a2-a1b0-650c3df51a1c", "value": "809945" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813864", "to_ids": true, "type": "vhash", "uuid": "76c182a7-a2ce-4cc9-8384-833764fbe1e7", "value": "595971ed6570297eca609550c8a1ac6b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813864", "to_ids": true, "type": "filename", "uuid": "f8b546be-e27e-4802-8531-9d75cf00fc94", "value": "71f9693eb45d50c9002be2fe5d1317a4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813864", "to_ids": false, "type": "text", "uuid": "66ac5908-a47a-4c32-a264-6df2fa54bbfb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860247", "uuid": "9316472b-b11a-4a0f-8ae3-21452acf79f6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860247", "to_ids": true, "type": "md5", "uuid": "9605a9af-b490-4dbb-a8e4-85fc10d9e533", "value": "9072597bc57e101c9568ff7952ef506a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860247", "to_ids": true, "type": "sha1", "uuid": "98f3b349-ffcf-4856-804a-b4d910e10092", "value": "a55ae91d20cd2f55a9310bf853875a04d895800b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860247", "to_ids": true, "type": "sha256", "uuid": "7180c6a0-ab5b-4452-a83d-2ca41a2a9782", "value": "f5c8fdb15987c22b2f86c7ae39768bd14d17e0a1f2a1ce81492cb9aad31b9f4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813886", "to_ids": true, "type": "ssdeep", "uuid": "620ea776-c008-4554-a0fa-fdb781982874", "value": "6144:g3TpJciM5pc/csNQcZUL0n1umLVz0ohXlQo8OMNFx3Qh5BlvyJq/mByjqzaO79F8:ETpJS7C6cekUSVzfVQIMxAhTNyKmAjqa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813886", "to_ids": false, "type": "size-in-bytes", "uuid": "16091cab-d87c-446b-bf37-ec9f48ff5d5e", "value": "340296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813886", "to_ids": true, "type": "vhash", "uuid": "76373a21-5606-46c8-ae7a-85b925b8de5c", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813886", "to_ids": true, "type": "filename", "uuid": "5343c0f6-bbcb-4ac4-9e88-e37d0d2b4a60", "value": "9072597bc57e101c9568ff7952ef506a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813886", "to_ids": false, "type": "text", "uuid": "e024361e-2162-4287-a27f-34a1126eb11a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860248", "uuid": "d7749328-3481-4e40-bf83-c47caa1a9430", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860248", "to_ids": true, "type": "md5", "uuid": "5c16c775-4f67-4690-876a-0daff4d3aba6", "value": "25ca58bb9a8479fd5628c9afcf2dc7d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860248", "to_ids": true, "type": "sha1", "uuid": "3123f144-8d12-4be7-b0da-ca1350b18739", "value": "991ac9c87d40f5267a392f1e4ad175bfb49e7099", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860248", "to_ids": true, "type": "sha256", "uuid": "91f1275f-5d6e-4a21-be49-4bb83efa432b", "value": "d90db70de84c0e79658bec30cbf2c6ae882a1d0eb6b6d907ec5039fc7b6bf6ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813907", "to_ids": true, "type": "ssdeep", "uuid": "d02a1ced-1f8e-4b49-b4e0-bc88b739bb35", "value": "12288:tNI8NIQNITNIUiRad9fklByunEtyKg1oo7AWWAWTP9dwnTJBqjw4ly5DNH:tZjKoifEhnEtyl1o5TP9eCrA1B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813907", "to_ids": false, "type": "size-in-bytes", "uuid": "86d2ac89-15ce-42b3-94d4-0e7da8f9133c", "value": "730081" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813907", "to_ids": true, "type": "vhash", "uuid": "6cc234bd-fef4-4a27-af4b-7f87ef07806d", "value": "8443f3238cb8011500aff59190a59802" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813907", "to_ids": false, "type": "text", "uuid": "a270986e-d178-436a-be9d-5b0b8c793549", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/SmsThief.E!MTB\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860249", "uuid": "5cecaba7-490f-440d-8baa-b3c816ab69eb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860249", "to_ids": true, "type": "md5", "uuid": "78a9380f-b52a-4925-8487-dedf6cb28938", "value": "c327250f36a4dd6eb1cd8132bf26cbf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860249", "to_ids": true, "type": "sha1", "uuid": "0405d83d-142a-428f-b6bb-a1531300edd7", "value": "7e710d08822b183c08e2c79cd5a86fd3cb2d4b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860249", "to_ids": true, "type": "sha256", "uuid": "1f9dad68-0b3b-4c75-8fec-525386bc33d1", "value": "e7dc015fa173ddd00c585f884f3ac14ff80c9e953c29c5b1b781b5ad94cf18a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813928", "to_ids": true, "type": "ssdeep", "uuid": "60eb5f2b-caf0-4b80-a252-755bee0d1eb2", "value": "24576:CLqlbQ4qZXt+G2j6VGBdooa0mBzho3vTB3fK9lyAR:CmqZX32j6VGh73LNfKu+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813928", "to_ids": false, "type": "size-in-bytes", "uuid": "fc30585c-40ad-48a4-b063-b34d1da4517f", "value": "1091342" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813928", "to_ids": true, "type": "vhash", "uuid": "78d41579-d720-42de-b9b0-0a24d4860627", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813928", "to_ids": false, "type": "text", "uuid": "8dc6ecc1-0a2e-48b0-bcec-d0dff93c8621", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860251", "uuid": "5f51c648-f4c5-428f-9dd4-54b2bd6b4c81", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860251", "to_ids": true, "type": "md5", "uuid": "75c5d3ce-5b9e-4c73-a258-1dc0ea7f9e04", "value": "f9b61c680629c9dcb0f77f61afae4c29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860251", "to_ids": true, "type": "sha1", "uuid": "1e334f15-6974-4468-bbb0-2b888d8d41c7", "value": "9f6f32d98aa76266ef67c0852e6eb2b3a3d51603", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860251", "to_ids": true, "type": "sha256", "uuid": "2412bcda-5bb4-4876-9a32-a9c11c720b5a", "value": "4f106c1b4f606e17427df2f797a95b5f8dbf65c6745fc8156a25c45233b1349d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813950", "to_ids": true, "type": "ssdeep", "uuid": "4de55f9d-1fd5-4c39-b262-f9f064c055ab", "value": "6144:Hn/MhsmKZxHMwmZ9S8VWC9LimhnYni8oIGjoPJHsLHG:Hn/kHKZ1mTnV9LiSnYniIGjkHaHG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813950", "to_ids": false, "type": "size-in-bytes", "uuid": "4850164c-14d4-4f27-af81-f13d9c6f1928", "value": "256494" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813950", "to_ids": true, "type": "vhash", "uuid": "0cab60b4-90d0-4cc3-ae74-88c89ece1ebc", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813950", "to_ids": true, "type": "filename", "uuid": "cdeb7b30-a7f2-4e65-bdc4-cec1730dd882", "value": "f9b61c680629c9dcb0f77f61afae4c29.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813950", "to_ids": false, "type": "text", "uuid": "af3983f2-6a8e-4e9c-a4af-e6efe03a4650", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860253", "uuid": "ecdb90a8-5d9e-427b-bab9-eb35c33e2b91", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860252", "to_ids": true, "type": "md5", "uuid": "994efaa7-6c8b-412c-9844-97759cf75656", "value": "782628f89741ff8ea8b7f82a53141248", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860252", "to_ids": true, "type": "sha1", "uuid": "af150c7d-4c1a-4bdd-acfb-fc73d7e52918", "value": "0c09c19a9b6dc56297a18a29e82f8798a1b0ccd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860253", "to_ids": true, "type": "sha256", "uuid": "86518ef0-eda4-400f-934d-4391e0112f7d", "value": "6a55c2a8a9abb62665ec90c78423105356da5da8287988d5237363d53e4c602f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813971", "to_ids": true, "type": "ssdeep", "uuid": "7449cc20-b635-44ab-a0bf-f758cdbe2018", "value": "6144:lk17cvUEH7zmIlZPmpDeoaQDLDZ4SY5IO9L7x24UvAb/oC:i17c8aHmGZuZ8mDdY1tJbwC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813971", "to_ids": false, "type": "size-in-bytes", "uuid": "4994dd8d-977b-4114-bc32-0a201a3a5eb3", "value": "256447" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813971", "to_ids": true, "type": "vhash", "uuid": "7b68e5ad-ad9c-4a80-8ae2-5a875da45d95", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813971", "to_ids": true, "type": "filename", "uuid": "070125b6-711d-4e52-a20b-53a4c9609a3a", "value": "782628f89741ff8ea8b7f82a53141248.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813971", "to_ids": false, "type": "text", "uuid": "8acf164f-494c-413c-8a54-5e0e975bda6d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860254", "uuid": "98a7cb92-bd38-4f92-9df8-c17719ffca2d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860253", "to_ids": true, "type": "md5", "uuid": "16ca91d1-55dc-40fc-8f84-c64142128a27", "value": "a0e3e4426ae90273d33f7abb13d868d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860254", "to_ids": true, "type": "sha1", "uuid": "aae4f3ef-e2ce-442b-94a5-3687afaac532", "value": "ceee377a48a6ae6dbcaa1256502482e812e5a8f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860254", "to_ids": true, "type": "sha256", "uuid": "c989f8b1-8af9-4eb7-a7c8-7f21635e01be", "value": "9a39bc9f04fb28631627db6ea44b464e86f620421803163ae911399683ec23b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740813992", "to_ids": true, "type": "ssdeep", "uuid": "cac89b67-22c6-4e78-8454-723af1f33990", "value": "6144:0Z/pP4GYr5G0towx3BtcUCvEtItxbaU1EnK7x4SKKBj9lNzXnf/F:0ZhgGk5/tNBtcZvcI3W5OWBKN5Xf/F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740813992", "to_ids": false, "type": "size-in-bytes", "uuid": "1f196494-4f89-4d8b-b832-761315a02024", "value": "331197" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740813992", "to_ids": true, "type": "vhash", "uuid": "53eb2590-fde1-4cc9-a08d-32c5c34bcd95", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740813992", "to_ids": true, "type": "filename", "uuid": "d9cbf1d0-25bd-494a-ad61-8caece5de3f0", "value": "a0e3e4426ae90273d33f7abb13d868d2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740813992", "to_ids": false, "type": "text", "uuid": "49430af0-87d9-4dc6-9ca8-a3325c7f6620", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860255", "uuid": "96327760-1a43-4ae0-b3a4-03938d5f9449", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860255", "to_ids": true, "type": "md5", "uuid": "d40558e1-16e3-4fe6-8b3b-c3fc4e24c38c", "value": "b7090752318ad3d9e81c655ce102f278", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860255", "to_ids": true, "type": "sha1", "uuid": "832ea6b4-264f-426f-b53f-cd9e8c22ffca", "value": "a76c6170c7c22d3caa07f26988ff4b5a0f196f0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860255", "to_ids": true, "type": "sha256", "uuid": "e1351335-1ce5-4f48-abbb-317cc5015458", "value": "cb450312d102df5b2b928032e5e6f06e0cfb178b7b27cfb83004c403c6fc16e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814013", "to_ids": true, "type": "ssdeep", "uuid": "5b5a65b8-eb84-46c0-b5c6-480081ce3158", "value": "6144:0b/9hd5kZaWP2U/ZIbLzF4YUoK/3DD+8pUPTxxPkhQRdUK:0blWPN/Zq/DUoeD0PzPAWdf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814013", "to_ids": false, "type": "size-in-bytes", "uuid": "5aad1a24-2d91-4c82-b91b-ddae64abaa02", "value": "331482" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814013", "to_ids": true, "type": "vhash", "uuid": "e71b0897-56b6-47fc-aed1-a7a2ec7c993a", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814013", "to_ids": true, "type": "filename", "uuid": "dd37f84a-0f99-46b0-9632-6db5e081c588", "value": "b7090752318ad3d9e81c655ce102f278.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814013", "to_ids": false, "type": "text", "uuid": "9c7cb2d7-4638-4f69-811b-3d101e9651b1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860256", "uuid": "aa20502d-0e76-4f29-856d-2ee41dc899cb", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860256", "to_ids": true, "type": "md5", "uuid": "5560acb6-fe3b-4067-9a59-b00b56eadadb", "value": "ca84c8efe4b5171bdfa8f8d4137246be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860256", "to_ids": true, "type": "sha1", "uuid": "0a7bffc4-325a-4690-a558-f01177aef008", "value": "e0dbbbd3fe58c64c631c6878791cca709f56e046", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860256", "to_ids": true, "type": "sha256", "uuid": "d79caf6d-b254-4eaa-8b56-b9495f4974dc", "value": "a08d2c1dbf991a3440d11c9b386134485489a6f3447f40404fce7342312a1b0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814035", "to_ids": true, "type": "ssdeep", "uuid": "a58205e6-f1d3-42a6-a27e-c9889ad5c38a", "value": "6144:U6RkBBmAP3wWgqhhJCNy+fyZzUQMVWZbLYTCDJNFPryk4SJjPw:Fkvmwgeg4kyZnMuYTCLFPr34y4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814035", "to_ids": false, "type": "size-in-bytes", "uuid": "e1c61cee-29a0-44d0-bffc-f9200a91aed1", "value": "331493" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814035", "to_ids": true, "type": "vhash", "uuid": "5b5cc8d9-39ab-4f4e-911a-883d6cf742ad", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814035", "to_ids": true, "type": "filename", "uuid": "b0ec7123-7769-49b8-bf53-c78a860632dc", "value": "ca84c8efe4b5171bdfa8f8d4137246be.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814035", "to_ids": false, "type": "text", "uuid": "4450acf4-2315-4e10-92b1-e8b9d1009263", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860257", "uuid": "ba5eceb8-00a2-4225-bbd3-0c443c2990b0", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860257", "to_ids": true, "type": "md5", "uuid": "fc3e24cc-2039-4a11-9407-750c2cc4e5dd", "value": "c7c793c4f8008a56b4430069d224dfea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860257", "to_ids": true, "type": "sha1", "uuid": "ebbc2177-3a10-485b-a0b4-900d0bd6bca3", "value": "7322a91e9a28acd4f9d82031261902d026298b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860257", "to_ids": true, "type": "sha256", "uuid": "751cd0d6-ea29-4092-8663-962a7b1191d6", "value": "9821f9380aa36a608db863371f2290df6b54fe2cfee67c00d87ad913c1916bf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814056", "to_ids": true, "type": "ssdeep", "uuid": "ea2d8993-d970-4f3d-9659-23498765226d", "value": "6144:65p6U0ckLqH+u53ikxjfaRaE3Wxpb25a5JW66/OkVIdpCfKG+sDe/HdAbq:VyEqeubxD9EGzi5ajW+dpCfW/HdAW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814056", "to_ids": false, "type": "size-in-bytes", "uuid": "52c1d9e3-1ae9-462f-8b5e-0e6be4e44f14", "value": "332108" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814056", "to_ids": true, "type": "vhash", "uuid": "5e39b536-1973-418d-8da5-80eaf3089055", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814056", "to_ids": true, "type": "filename", "uuid": "7275c4a6-9994-420d-8bce-27c436ef95b0", "value": "c7c793c4f8008a56b4430069d224dfea.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814056", "to_ids": false, "type": "text", "uuid": "aa3b5c18-46cc-43c5-b874-4f9227bf0555", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860258", "uuid": "74300790-89af-4d43-9ba6-8311d6fd4244", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860258", "to_ids": true, "type": "md5", "uuid": "1ec1925e-7f37-4955-b29b-399c0241f163", "value": "106d0db0d2b137131da8dfb84a8b1956", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860258", "to_ids": true, "type": "sha1", "uuid": "4d186bc0-ea23-4895-827a-0b09abae6025", "value": "c19767c3a4c9f21e9872f669dbfb6e7022bb98e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860258", "to_ids": true, "type": "sha256", "uuid": "70746cfe-796a-4d31-a959-643c5c3b4416", "value": "5c3fece1159102f76240b9ca3d76a1307de663e8fa68f4ae80612ab6b2f021e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814077", "to_ids": true, "type": "ssdeep", "uuid": "99868fb7-d9e3-4132-a2ab-c89814017f4c", "value": "6144:/lVpxCFMnY9MAyP87dRG8CWKMKT5jlMp6eYKUSJefgvmB8n:/HCFMnSZyk5RG/MujkHnUSMYvmBs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814077", "to_ids": false, "type": "size-in-bytes", "uuid": "59bff121-83a8-470d-ab82-75e824ef7b22", "value": "339835" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814077", "to_ids": true, "type": "vhash", "uuid": "1c0e1fad-bc1a-4dc2-906e-b935bcfc2bf5", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814077", "to_ids": true, "type": "filename", "uuid": "198a487a-d665-457e-83a5-8f0cc718e9e3", "value": "106d0db0d2b137131da8dfb84a8b1956.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814077", "to_ids": false, "type": "text", "uuid": "d73a92a3-e38e-4e29-ae7e-b7e5dc8d05f3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:33/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860259", "uuid": "880963e5-1ab7-45b0-b499-2100ce819f81", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860259", "to_ids": true, "type": "md5", "uuid": "48686ade-296e-4a32-ba75-76404af549e9", "value": "8ff095578d955d62a120806bbea8a0fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860259", "to_ids": true, "type": "sha1", "uuid": "ee3523ca-fead-44f7-9b3e-09c4737a2697", "value": "9681e3a7772c67a691cb327c3b18072a0ed23345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860259", "to_ids": true, "type": "sha256", "uuid": "6b7ec41e-d7f2-49bb-9e19-201f42482f75", "value": "40dfb7fea1c7fe47acc9df27a45e1c6fc9917fef9aa2d8bbb6932ed732a59c11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814099", "to_ids": true, "type": "ssdeep", "uuid": "5ad674f9-3ffc-450b-ac39-c122dd7090b1", "value": "6144:qQAgOMq9X1c9dH910qOjcus5RbJCk7zzuczYn5AZi0nMUeEo1Ofoy/W4Fq4ob:jyMq9k10XoDd7fFjZnnMU0Gp/W4c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814099", "to_ids": false, "type": "size-in-bytes", "uuid": "6c297c22-fbc1-4ec8-93d9-d41626db400a", "value": "332120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814099", "to_ids": true, "type": "vhash", "uuid": "6fd31d26-b9de-45e2-96ad-d8ae5f4faf32", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814099", "to_ids": true, "type": "filename", "uuid": "9ed7a7e2-d812-49ed-af7c-9b41afc7dd99", "value": "8ff095578d955d62a120806bbea8a0fc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814099", "to_ids": false, "type": "text", "uuid": "bdd13a44-5575-440d-be28-dbfa3e858c0d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860261", "uuid": "bc4caabb-e4f9-4ea2-b9e9-1e9f5336e855", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860260", "to_ids": true, "type": "md5", "uuid": "bd8752ef-f248-434b-b585-07bf4f7b1557", "value": "a4902e21088e7781dde552181b5366cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860260", "to_ids": true, "type": "sha1", "uuid": "63d4c2cb-211b-4bf7-a7e1-2ecb95e8748c", "value": "afbc793a4886480fb570ca2f6e4884a816a32b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860261", "to_ids": true, "type": "sha256", "uuid": "00c7430c-61df-4d6d-acc3-a27f8f9599a2", "value": "744490ab6f2834cc0001bbbee8f35909c1a7d3c8684ced7915b78f3d29a7981d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814120", "to_ids": true, "type": "ssdeep", "uuid": "81ce51a1-b5f6-467f-a852-2e3bb838891c", "value": "6144:Y4FxBKCrWPGrpcpEk5Iypfdxo88AZlsW5obyMxS4UGnNlzhm/A6Ul7I8P2:YWxLWPcpcx5xplxEW5MUGkRUJP2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814120", "to_ids": false, "type": "size-in-bytes", "uuid": "f6a971d9-7280-40c1-8c56-85103c152e0d", "value": "331522" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814120", "to_ids": true, "type": "vhash", "uuid": "4a4e8c34-3743-42d8-8888-011cd3cf9cef", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814120", "to_ids": true, "type": "filename", "uuid": "6d06f186-e5fb-4615-9182-39787c003c5b", "value": "a4902e21088e7781dde552181b5366cf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814120", "to_ids": false, "type": "text", "uuid": "5634844a-8e09-49aa-82dc-ebfb83e56026", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860262", "uuid": "fa8497aa-fc17-4654-8f58-dbb24a267cd8", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860261", "to_ids": true, "type": "md5", "uuid": "51676a73-3061-44af-8554-eaabeb6372ec", "value": "34e4fecfd7e55338ce60cedcdd38bbff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860262", "to_ids": true, "type": "sha1", "uuid": "e6a5459d-62dc-425c-97cb-421c62b25ef0", "value": "86ebc0f8afb2a743ac84ab37e277455456e7b9db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860262", "to_ids": true, "type": "sha256", "uuid": "2df9d0c1-b805-49d4-9523-6c50daf65803", "value": "1a5d7fb3ef5f1ee602d33c08396623d7db16e9e5fea786ca8123827acfa08c55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814141", "to_ids": true, "type": "ssdeep", "uuid": "2c681f91-1054-43d1-b9a5-965684837304", "value": "6144:uMi6tzYzrY8djDcEZNxOMpGaMHLrlcj+nlWtm/n1vDmHa2ImFbRtEQC+h3FYjt:NiGY/Y8pcVuGaMHLr2j+fdWzEfAWjt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814141", "to_ids": false, "type": "size-in-bytes", "uuid": "5b8c5503-6c3e-4620-9a24-2b1fa10fbc07", "value": "331468" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814141", "to_ids": true, "type": "vhash", "uuid": "2f6a7ea9-2325-4b92-921f-530b9213a6a3", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814141", "to_ids": true, "type": "filename", "uuid": "f2a3aad3-bfa4-48f2-9be1-d819165f58ac", "value": "34e4fecfd7e55338ce60cedcdd38bbff.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814141", "to_ids": false, "type": "text", "uuid": "65d004a4-c6e5-4e73-9023-6a5d848486a2", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860263", "uuid": "c47b05f9-261d-436c-bf43-a7f8e5d06576", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860263", "to_ids": true, "type": "md5", "uuid": "80cef18a-0e2a-4d22-ad2d-34851b9398ea", "value": "049c59442e3761a5af3f83a313511971", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860263", "to_ids": true, "type": "sha1", "uuid": "725fffe0-39f6-4b6f-ac55-f0396e1761f4", "value": "25e36f7f3cd16ed62d3ef3bb12ff0d26a8f61217", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860263", "to_ids": true, "type": "sha256", "uuid": "77a7b0ea-3cb2-49f9-abe9-34d29bafa827", "value": "b3ad6e3d64c97bf0ad35cdcaaada1c822abf581c4d717290f629a54d4d6e8d57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814163", "to_ids": true, "type": "ssdeep", "uuid": "b5658228-9204-4162-b528-ead6c0cfd178", "value": "6144:7wD7X/jY9T4C3VZVhBDKWzS/0rTKkuTJeoyBA7bj28pUPnq36W3co5NADi:sD7rY9T4CFhBPW0SQO3YPn/qNSi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814163", "to_ids": false, "type": "size-in-bytes", "uuid": "d44ab62d-7428-4fd0-99cf-3c1a0a38f76b", "value": "331465" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814163", "to_ids": true, "type": "vhash", "uuid": "e6dbb604-9702-4220-b6e5-3b5ae16bf752", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814163", "to_ids": true, "type": "filename", "uuid": "19cc1b5c-1a36-40a9-b351-b7ccd25bfc70", "value": "049c59442e3761a5af3f83a313511971.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814163", "to_ids": false, "type": "text", "uuid": "6ab7b243-f7e1-4460-b701-1e867bdd36d6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860264", "uuid": "acf33ad4-ca4c-4566-be4d-5c01bcfa23c2", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860264", "to_ids": true, "type": "md5", "uuid": "1cd0cc65-8b5f-47e0-bed0-52d53dbaef2a", "value": "2a1839aae24db785e4a1c2b90b8178f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860264", "to_ids": true, "type": "sha1", "uuid": "b2e35be8-5d45-4529-8681-963b91674d11", "value": "0129bbfee36fd3418742397f03ab434df53a0754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860264", "to_ids": true, "type": "sha256", "uuid": "781d8e24-6868-4b91-9b5a-28ab185d6df8", "value": "6438a0cb32d1ba9238864c306d7cc3c03037a7f14c8b334c77978baf0a749b12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814184", "to_ids": true, "type": "ssdeep", "uuid": "61474fdf-2506-4720-bfd6-d65f95f14f7b", "value": "12288:BfBzlIEXAJe6ANXYC3HAA+9xCDlwKdiLNZzzR9l25gZSXYYFO09tUG7f1HJjG1Kk:BfqQ60IWxKpNtd9lKKSXYYI0EM9BXQyg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814184", "to_ids": false, "type": "size-in-bytes", "uuid": "d2572a15-7347-42b8-8b85-15cb0333b5ab", "value": "826179" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814184", "to_ids": true, "type": "vhash", "uuid": "280af702-f9e6-4641-a01e-a511f7f78d03", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814184", "to_ids": true, "type": "filename", "uuid": "cce37e1e-13d6-441c-b295-ec5853204b23", "value": "2a1839aae24db785e4a1c2b90b8178f8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814184", "to_ids": false, "type": "text", "uuid": "3520f8a2-f93d-47f2-8883-e9d82581e292", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860265", "uuid": "61cfbe68-4099-4e60-a624-cf206dadb140", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860265", "to_ids": true, "type": "md5", "uuid": "c0c55f04-854a-4a19-8e5e-f9aa2073ef19", "value": "f0d71b27acf08fd146596917bc74cde7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860265", "to_ids": true, "type": "sha1", "uuid": "9a5c9be7-33e8-4c45-b35c-d1ecd2da7100", "value": "02847f51a9ae8d97d703f372f8b77a1e1a40774d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860265", "to_ids": true, "type": "sha256", "uuid": "b63cac2b-4221-41e4-acf0-e350251e4d83", "value": "1d5286fc02cfd7eef9f71f3b60bb0f7b619147a6634839f575672fe692f377bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814206", "to_ids": true, "type": "ssdeep", "uuid": "d27c7758-5bc7-4a29-bedc-67858c34662f", "value": "6144:UD6RKxo611ujoBMgE6mTrD9StY815LKo0Owx1+CqaJRVf6RL2:8oqogE6m7/87KYu4CTXVf6RL2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814206", "to_ids": false, "type": "size-in-bytes", "uuid": "7f8e9663-4e83-4ce0-b050-198387650685", "value": "332103" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814206", "to_ids": true, "type": "vhash", "uuid": "a6f5bdcb-beeb-4941-a1d7-f926170e1dfd", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814206", "to_ids": true, "type": "filename", "uuid": "0e375bce-1d6c-4add-bc54-0a405fc2af28", "value": "f0d71b27acf08fd146596917bc74cde7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814206", "to_ids": false, "type": "text", "uuid": "3f29baf8-7bf8-4e10-94b5-05b1f7d2f017", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860266", "uuid": "db86c42e-c746-444d-aae3-2e8b3a34aa91", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860266", "to_ids": true, "type": "md5", "uuid": "d8b6317e-ab85-49d6-be0e-627220998529", "value": "557b06e931a694783e2387bb634083cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860266", "to_ids": true, "type": "sha1", "uuid": "8000c41d-e68b-4c67-b3ef-c6d621c98df6", "value": "1278654a7e6411f25c10a72e4db41468233ce519", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860266", "to_ids": true, "type": "sha256", "uuid": "290a762c-a8aa-4e04-9ed2-d510f5130f23", "value": "e012b17837f4577653087b335f6f173cbdb59c8cdb53986b11b2c91b73b3b412", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814227", "to_ids": true, "type": "ssdeep", "uuid": "69fda2eb-adfe-4620-bd2f-ef374ce1500d", "value": "49152:ctHe87sZV3XqsTUpHd1Jl+q7E+DMb4ucrgkqdO3BhN2KjbG:+A/XqFDJ77PDacrgndO3Bh8P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814227", "to_ids": false, "type": "size-in-bytes", "uuid": "1e8db1c9-6c49-4402-96f9-056a335a3c05", "value": "1828011" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814227", "to_ids": true, "type": "vhash", "uuid": "da8dd93f-13c6-4612-ac33-af0f0072e9ff", "value": "e244d1d5e99628d66fd568c27428c997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814227", "to_ids": true, "type": "filename", "uuid": "6759188e-ca61-4c68-93f1-c89615261835", "value": "557b06e931a694783e2387bb634083cf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814227", "to_ids": false, "type": "text", "uuid": "4bb47d0d-46da-446c-9a56-f25addcf8372", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:34/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860268", "uuid": "83633eb4-67d4-427c-9090-9f4a01a31852", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860267", "to_ids": true, "type": "md5", "uuid": "ea94de12-c937-4944-a590-753b6cc2fbd1", "value": "badf29d1626b7542c5c208f9c62cdbae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860267", "to_ids": true, "type": "sha1", "uuid": "f5b0bdf7-d96e-4ac9-927a-0bd854b4c0c6", "value": "7f8c19c2b34389c66aec08604bad03c796699138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860268", "to_ids": true, "type": "sha256", "uuid": "9504897d-ab4f-4bdb-acd5-e404d03c0ba5", "value": "2232a04bfbe26bb7280658594810512ee9c7e23117aca391443cab56fdf4f9ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814248", "to_ids": true, "type": "ssdeep", "uuid": "d2f7cadb-a519-4890-b69f-d440d4dd8ab2", "value": "24576:WJ6GHXMa9Uo0sfqKgGkYtRo61YM329QUwAPsS:WZHXLR0s1gXSV1z3+Q05" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814248", "to_ids": false, "type": "size-in-bytes", "uuid": "fed5fa7a-a3a9-4153-b475-688f708cdee7", "value": "1077956" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814248", "to_ids": true, "type": "vhash", "uuid": "71205808-879e-46ae-80be-0560b8fb1583", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814248", "to_ids": true, "type": "filename", "uuid": "2840c6fc-5b82-4d66-ad0e-1ab8dbed59d1", "value": "badf29d1626b7542c5c208f9c62cdbae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814248", "to_ids": false, "type": "text", "uuid": "90532ebd-1328-4a18-b00b-7cf690fb9b03", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860269", "uuid": "358336f6-896e-466e-94ff-e6ece239bf28", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860269", "to_ids": true, "type": "md5", "uuid": "068ee9f7-49f6-44d3-b5ff-eea2a8e997f4", "value": "b8a7ddd72fa38a60af45cb4c25cb35e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860269", "to_ids": true, "type": "sha1", "uuid": "af0b0000-2677-4081-b61d-c1a69a6e3fb0", "value": "68b699e269a1024aa16bbcbec336cf6fadc7420a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860269", "to_ids": true, "type": "sha256", "uuid": "c686ac1a-879a-4818-8623-f50d6e993654", "value": "59b44fde25f7a7e89b9bee249fb88168d2bb4801ff16c5e72dd8f992ccbdb3df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814270", "to_ids": true, "type": "ssdeep", "uuid": "0f64c281-928a-49b8-87a8-956c527eeaf7", "value": "12288:BfBzlIEXAJe6ANXYC3HAA+9xCDlwKdtLpszKDw7sAswuay0WYpZj13/PBUrRLPFr:BfqQ60IWxK+p7DweTayiZDwFxh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814270", "to_ids": false, "type": "size-in-bytes", "uuid": "1ca19d27-b267-4a16-afbf-a85606f4c3b3", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814270", "to_ids": true, "type": "vhash", "uuid": "abac47ac-96af-40df-a755-af6d17770d9f", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814270", "to_ids": false, "type": "text", "uuid": "85052c53-6fee-456a-aefd-836d2c61a93f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860270", "uuid": "ec286d91-dc81-429e-b205-67dafc135a04", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860270", "to_ids": true, "type": "md5", "uuid": "756a66b1-d99f-48a4-ba45-c254090153c3", "value": "f5efc8c78609b4e6cf3f0f87579ae2f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860270", "to_ids": true, "type": "sha1", "uuid": "e153205f-de5e-4fb7-a6aa-157876057bd3", "value": "ba250b1700d771d08f01b53a6dde5e1a4626b676", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860270", "to_ids": true, "type": "sha256", "uuid": "69afd320-bb0b-4de9-b5f4-fd36fae39907", "value": "7278efc1d895dd6b4d9d636208727f05a011943039b0ef3668cdb7e028aee5e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814291", "to_ids": true, "type": "ssdeep", "uuid": "7765f53f-ede9-4cab-a827-e9c46ef88b4a", "value": "98304:7yDUigoj269i/9ZPbGtHv2pnsXCJuzWkqkGxGxQebKi4MLTANMgYrKeI0jdzLG5j:eDUC2n/zgMs6uzvNOAQi4IxgYrKgp21" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814291", "to_ids": false, "type": "size-in-bytes", "uuid": "cadbe550-1727-4695-86d2-62f7dca8caaf", "value": "5549713" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814291", "to_ids": true, "type": "vhash", "uuid": "92b5373d-cdd9-48d4-beb9-6e7248c320fb", "value": "33a118cbcb9b2dc1b71e3207578df45e" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814291", "to_ids": false, "type": "text", "uuid": "4e3f80b3-9e78-4dbd-93fc-61479c5ad6ae", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860271", "uuid": "4d8b3093-8bbe-428b-9cce-dedffe1ee2fe", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860271", "to_ids": true, "type": "md5", "uuid": "0333989d-8b15-45a1-a775-fb8d2d3da1ce", "value": "bc42fdd4c8fb300a7192110964c276f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860271", "to_ids": true, "type": "sha1", "uuid": "7c6a2559-c753-4560-838a-f991a0993b7c", "value": "8a6ab2df8deab2805fce0fe576e7783328b96c3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860271", "to_ids": true, "type": "sha256", "uuid": "0f0fdbcc-8754-4cba-9aa3-18585467eeea", "value": "40c6eaa37d623683479c960b7043a43f38e7f02c74809aaeb3d139411973da78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814312", "to_ids": true, "type": "ssdeep", "uuid": "267c0d20-db89-4f8c-a8c7-445830bb61f3", "value": "6144:IRJqlX4A3Tnx3C1ZiYtjSsglqngvMn+Aut+OucIKCczx3zWUj/m:QqNXFC1MYN9ngvhtZ/IKCct33K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814312", "to_ids": false, "type": "size-in-bytes", "uuid": "98fdf5ec-7bbe-41df-867d-89a9b6e98a7a", "value": "339769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814312", "to_ids": true, "type": "vhash", "uuid": "6855825e-ef14-472b-8f62-0cc6429a72f6", "value": "aeeb5d750f0c553aa23a9f0fc7a917fa" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814312", "to_ids": false, "type": "text", "uuid": "ccab05c7-5b8b-434f-9d5f-15a0672528b7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860272", "uuid": "02fa02cb-c42f-4742-869c-3b37d3d0f914", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860272", "to_ids": true, "type": "md5", "uuid": "0ec3a9bf-0c28-474a-b828-30883fa3fb0f", "value": "a09dcb7335ebca2a18ca1d1d9e8c2f5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860272", "to_ids": true, "type": "sha1", "uuid": "d27d4bb1-af8a-45ba-aa57-d50af632f234", "value": "e5eeb6427bb337d80982d93b708e62caa15ed2e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860272", "to_ids": true, "type": "sha256", "uuid": "ec38247b-626f-449e-a1c2-81a2222d2168", "value": "bf2ae29d48f7a1fc6559029f7b255e3166e4d1f09eb4f5b721ff798e54cd854b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814334", "to_ids": true, "type": "ssdeep", "uuid": "0d3eae74-b7e5-4c2f-ba01-7ec453c6a975", "value": "6144:KiLovDbXGGpnqtcDek/36bNrN+alWY4/xwEGf1ktYyqFG6HXENoBU4+8E:3LovDLvqtueY36bNJ+SWYSwEGmYPGLqE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814334", "to_ids": false, "type": "size-in-bytes", "uuid": "d73b0840-3e59-4592-967d-30b1c0ca40c9", "value": "332131" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814334", "to_ids": true, "type": "vhash", "uuid": "0cf97538-6f1f-4ad7-b2e6-36dc0accdde1", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814334", "to_ids": true, "type": "filename", "uuid": "3a323dd4-a83b-4038-97d8-1631e35164af", "value": "a09dcb7335ebca2a18ca1d1d9e8c2f5a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814334", "to_ids": false, "type": "text", "uuid": "afcd5dc2-0da6-4fc5-87ef-dcbf5d262ca5", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860274", "uuid": "ed6d1e17-e42b-4dc0-bc4b-410b29b4c3bc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860273", "to_ids": true, "type": "md5", "uuid": "aede4764-243a-4824-853f-665e52d9a0b2", "value": "e8b6137dfe8b20ae8581fd9fe77256cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860273", "to_ids": true, "type": "sha1", "uuid": "4a8d2fb4-fcc7-400e-b248-29b81cc0c09d", "value": "3109b5b1272d1538c556f278ab473b474ef21ccc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860274", "to_ids": true, "type": "sha256", "uuid": "0a59806d-c592-41e5-9742-229ea57492d8", "value": "fa9bb74b7910ac979d7f57b41522447c0333a128438a2a71f336b487efed7557", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814355", "to_ids": true, "type": "ssdeep", "uuid": "aff2a6d7-e48e-4ca4-b1ac-7a8cfaf39a48", "value": "6144:KYiLovDbXGGpnqtcDek/36bNrN+alWY4/xwEGf1ktYyqFG6HXENoBU4+80:QLovDLvqtueY36bNJ+SWYSwEGmYPGLq0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814355", "to_ids": false, "type": "size-in-bytes", "uuid": "3e1dc237-32cc-4fdd-b06d-bda4ceab9ad6", "value": "332109" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814355", "to_ids": true, "type": "vhash", "uuid": "4c007758-9bf8-4c10-b616-c169bca1afe2", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814355", "to_ids": true, "type": "filename", "uuid": "b01b42da-1ccf-49dc-b2d3-76ba4e0b1d85", "value": "e8b6137dfe8b20ae8581fd9fe77256cc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814355", "to_ids": false, "type": "text", "uuid": "568b3298-c1df-4361-b8d3-5cd46c6ff72a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860275", "uuid": "d1a31242-ad08-407c-a629-cb815a12e25f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860274", "to_ids": true, "type": "md5", "uuid": "d5022345-3b45-4e07-9de2-90231da0c1ad", "value": "114bab13aaf739bc4f64776e07cbb7a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860275", "to_ids": true, "type": "sha1", "uuid": "e0fb60a4-5db4-4755-a6e6-284dd4412276", "value": "d483ae5cab92d5a5367b9664a028ed2afd66e611", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860275", "to_ids": true, "type": "sha256", "uuid": "266b592f-9363-4852-b3f2-c9488e8cacd1", "value": "e31d7e3b299fd81c6c546e9b5366755e4fb3fa4fc9218d52dc3c7e9081fed085", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814376", "to_ids": true, "type": "ssdeep", "uuid": "951deb57-3aed-4a9a-b88c-50e1fc310262", "value": "6144:rpbAecduq+frcoMFZa7Xs7cpkVfao47xQ6Hgpv5fA92iu9Kf4qGZ+Vu:rpbEWl2eXvqk7tI5fAt4oVu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814376", "to_ids": false, "type": "size-in-bytes", "uuid": "8a195ca5-fd44-4540-b7c4-ef78638b81d4", "value": "256491" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814376", "to_ids": true, "type": "vhash", "uuid": "39bf8eda-e17c-4281-a651-7244a8875a3a", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814376", "to_ids": false, "type": "text", "uuid": "541b6426-80a0-4fa5-9f95-3bbd03f99013", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860276", "uuid": "a1cec815-aff9-4717-89c4-7eb67729bbc7", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860276", "to_ids": true, "type": "md5", "uuid": "bffb8bb4-4c7d-496e-993f-82cbc829d095", "value": "45149892580673dd452ae3d3eaa55c63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860276", "to_ids": true, "type": "sha1", "uuid": "dbf2efa3-5975-4007-9fed-5b4e8d38d202", "value": "27c468f85421389aa8afbeb33d5bf41b1f678e88", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860276", "to_ids": true, "type": "sha256", "uuid": "31d35cf0-7f49-4249-a9ee-25e2546a0172", "value": "f95d079310ec3a8195fe036a68f421ec04700b89b15e4ebeea83e2ff0a3fefa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814398", "to_ids": true, "type": "ssdeep", "uuid": "129ca77b-82d9-444e-889a-7066588f7793", "value": "6144:39QfHHLAw00xuji9bA2/84cCX2x5cUpq+QHmr8zgQ16va20/ZCfrnCUifLr/h:CHHqubAc8r7cTGrE/20RCfjCUAzh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814398", "to_ids": false, "type": "size-in-bytes", "uuid": "9319bdd0-a8b4-4a3b-b038-84a58e8caffc", "value": "332133" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814398", "to_ids": true, "type": "vhash", "uuid": "fdb4d1e8-d590-490a-8299-7052049ab0c3", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814398", "to_ids": true, "type": "filename", "uuid": "9c8a1d75-90ca-465d-ab7b-f6e79febc7c7", "value": "45149892580673dd452ae3d3eaa55c63.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814398", "to_ids": false, "type": "text", "uuid": "78d2ef8e-6dd3-4115-8f96-057c55ecdc12", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860277", "uuid": "f5b9be1d-6f46-41d2-8063-b42ee2bc4bea", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860277", "to_ids": true, "type": "md5", "uuid": "3e5e68f8-fdf7-4d66-ae96-6a1b9d412516", "value": "6aa8d74d4c84a7f7f5871fcb8bf779b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860277", "to_ids": true, "type": "sha1", "uuid": "859a145a-3a46-4a8d-b862-59dc3fa777d1", "value": "b07b478dc16aacfd10da16db2f8c58321283a1a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860277", "to_ids": true, "type": "sha256", "uuid": "e08911df-376c-46e3-92b8-a8f4a5295939", "value": "a176771ef138b146434d6076447d6ad52040e5c9013b0f43927ef6507c3d0518", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814419", "to_ids": true, "type": "ssdeep", "uuid": "de1ec72d-30d2-4bc0-9f7d-cc2b44b6aa62", "value": "6144:lu7Khe1owKv6aRTer3s38uPiws/FIeDvt2Y/gcPe2bO:lu7Khe1oNXCr3mPe/V2Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814419", "to_ids": false, "type": "size-in-bytes", "uuid": "34416f27-e1ff-437e-8e41-aaf04d084cfe", "value": "323228" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814419", "to_ids": true, "type": "vhash", "uuid": "807ffe1d-e83e-4e33-a90b-0e4a16603afc", "value": "f15d1a3d55b108a5a6cc1995a98f263c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814419", "to_ids": true, "type": "filename", "uuid": "24dc798e-0e19-4533-830f-3efb5eeae1e2", "value": "6aa8d74d4c84a7f7f5871fcb8bf779b5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814419", "to_ids": false, "type": "text", "uuid": "5f14d20a-071b-4262-8162-d3e4f3584362", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860278", "uuid": "246b69ce-4d5b-4b45-bae1-5e16ce67b2dc", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860278", "to_ids": true, "type": "md5", "uuid": "597ba305-ef8b-4126-8c9c-0da6ff5ef3c8", "value": "35dac8d80caab07505629cb592c4a8cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860278", "to_ids": true, "type": "sha1", "uuid": "7eb062c2-29c8-4089-84fe-345c507e84b7", "value": "e97009a6b9f37fa0226d4dbedfcc0fcaf5ea6478", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860278", "to_ids": true, "type": "sha256", "uuid": "dfd49860-498d-4d05-99de-73cc0caff496", "value": "f720c5104427a1d309423ea88dfc0019768efc7405366865770fe5c12b1cd961", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814441", "to_ids": true, "type": "ssdeep", "uuid": "d216d15d-4dac-4f53-984e-7e67ab393ced", "value": "6144:si3Sk9d8VRvqfou8Q4uCDA7QSsccp4CnCgA7bjsAT/TEdKSFDdGUHR1C:r3f9kqNJdQSstp4CCl3pTlSFDNHR1C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814441", "to_ids": false, "type": "size-in-bytes", "uuid": "4b46d090-5e53-49e7-92d9-66af64278c53", "value": "331409" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814441", "to_ids": true, "type": "vhash", "uuid": "683ed528-ac75-4ffb-854f-dc950adbcdc4", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814441", "to_ids": true, "type": "filename", "uuid": "76a54c9b-f769-4252-ba17-decc061608d8", "value": "35dac8d80caab07505629cb592c4a8cd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814441", "to_ids": false, "type": "text", "uuid": "595572cc-2e57-4141-8e88-f17502b6bf99", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860279", "uuid": "7d507118-e5cc-4c30-b76b-91485f182b92", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860279", "to_ids": true, "type": "md5", "uuid": "b6728768-4be3-45ee-84f4-ba347a494d2c", "value": "e8a85371027b9ea8456d50078a963a93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860279", "to_ids": true, "type": "sha1", "uuid": "279e02c7-f7c3-46a1-b935-7b12d41a892d", "value": "553ed921af5b9527f9c60a8c4660d18e16aeb131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860279", "to_ids": true, "type": "sha256", "uuid": "5c367865-7c92-4eb1-aa3b-df83118e84dc", "value": "56e027ea2c6ff39336338dfcb815ac84e5d3c30b1d581910c589423c0a991e32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814462", "to_ids": true, "type": "ssdeep", "uuid": "abd01803-9807-4de1-8133-e7333818dfc8", "value": "6144:XV0Ukg1NtMfP6A3V4Sj9q5wc3VN9r7EqQRH25lSSskI7++9SkvDt:F0o1NtMnb+cU11o1RClAf++9SoDt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814462", "to_ids": false, "type": "size-in-bytes", "uuid": "5e061f96-8548-4845-8d92-3e16b5ca5701", "value": "332883" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814462", "to_ids": true, "type": "vhash", "uuid": "15e53437-ce01-4a4a-9f9e-1f2e1f308ba7", "value": "80671b9842767b31c401ed4e27997e74" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814462", "to_ids": true, "type": "filename", "uuid": "190b50c1-e672-4886-a390-b4151cbfe303", "value": "e8a85371027b9ea8456d50078a963a93.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814462", "to_ids": false, "type": "text", "uuid": "0473b2fa-88e7-4643-8f10-64a7bd6efe3f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860280", "uuid": "ff6e44c7-11ce-4009-8b7d-4369efaeb12a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860280", "to_ids": true, "type": "md5", "uuid": "7e7c3428-0c96-451e-bc0b-83af88c65da4", "value": "906df2ed9ff81233111286e425239702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860280", "to_ids": true, "type": "sha1", "uuid": "9ceb0d78-9405-4f46-a17d-2908e580ab41", "value": "da7d4d83aefbb0b94b0d936097dd46ec34856dd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860280", "to_ids": true, "type": "sha256", "uuid": "1f9f3574-7dc4-42b7-b1ea-482f7c93546f", "value": "bf27530bd7e5a46ed7cbb2976328752648f76b0f6556148d287d61ed6203bb93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814483", "to_ids": true, "type": "ssdeep", "uuid": "5426d0d6-ed2b-4ad5-aa51-3a25f990c82a", "value": "6144:s9QfHHLAw00xuji9bA2/84cCX2x5cUpq+QHmr8zgQ16va20/ZCfrnCUifLr/CH:zHHqubAc8r7cTGrE/20RCfjCUAz2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814483", "to_ids": false, "type": "size-in-bytes", "uuid": "bd2db944-48d9-4e24-bcd7-485b28e1065c", "value": "332104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814483", "to_ids": true, "type": "vhash", "uuid": "99b9bb16-1e06-4488-a27c-dbeb6099d103", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814483", "to_ids": true, "type": "filename", "uuid": "dbaaf6f8-6f44-4828-99c2-a4315145aec6", "value": "906df2ed9ff81233111286e425239702.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814483", "to_ids": false, "type": "text", "uuid": "55c3f337-04ca-460f-9753-a49bb5546a32", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860281", "uuid": "fdd6cb65-c0c5-4423-b2ea-cd5350bbbaa6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860281", "to_ids": true, "type": "md5", "uuid": "5391609b-81e1-44eb-8d76-8b72319dd1c6", "value": "4d532c403455edd6c20cf67c91faca9c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860281", "to_ids": true, "type": "sha1", "uuid": "47769947-8bb9-4923-8259-9dbcd47bc482", "value": "0769379b96ca753ad688cb3ec9bbbddc07ff8e13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860281", "to_ids": true, "type": "sha256", "uuid": "e4c4f574-3b4a-41f0-a83c-c36d765ffaa1", "value": "3eec3b551554b201d9d3a5f549bf343e222dc9783b3f0cc34dbec5c7b3fd48a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814505", "to_ids": true, "type": "ssdeep", "uuid": "68212e90-6760-4435-a4f5-dc1b8130e202", "value": "6144:pghmw4hMRb/9fhYP9iNksKArnqOBzY9S3e4Ao29OfqOC9E4N39DcnKofOkX:pemw4gB5YQKNOtYGe4A7Owbrg/2kX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814505", "to_ids": false, "type": "size-in-bytes", "uuid": "cb49333c-9a15-4590-b992-abaa2a61d4f9", "value": "331469" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814505", "to_ids": true, "type": "vhash", "uuid": "958d4d64-3385-4e2e-9145-df7b3a3405f0", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814505", "to_ids": true, "type": "filename", "uuid": "0a01c2cb-db8d-4412-b5bf-bd5c37fe9309", "value": "4d532c403455edd6c20cf67c91faca9c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814505", "to_ids": false, "type": "text", "uuid": "dbfb364b-4c9d-40c4-893a-edc5c4d51ece", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860282", "uuid": "7aca9581-5a58-460f-99db-e25486062679", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860282", "to_ids": true, "type": "md5", "uuid": "d6947ac2-15eb-4f2d-a88e-8c0a39881bd3", "value": "73e98d43345eeb10c7847f6b92a2b120", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860282", "to_ids": true, "type": "sha1", "uuid": "ff94221d-e159-4955-b033-7c0384b61423", "value": "a7d0a7d47ae220f79240404466857e87718f3283", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860282", "to_ids": true, "type": "sha256", "uuid": "5782ec0f-771e-431d-852e-c57cfdf0e4f0", "value": "d02bdbc0a70b354c427eac6b954d417d14b42407f665c93bb329c62ba57e6fbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814526", "to_ids": true, "type": "ssdeep", "uuid": "3d3517b3-ffb2-45eb-a660-f279e0ec94ce", "value": "6144:ng8WIXhdpcX/V31TzdH8Gi+L8clZ9HYCj2nNDNqc1xLfYHCC0NLffk:n15p2Tza68clZ9HYCjOqc/LzCmnk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814526", "to_ids": false, "type": "size-in-bytes", "uuid": "d909229c-fb49-4f57-88c7-8b50afdd08f9", "value": "331486" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814526", "to_ids": true, "type": "vhash", "uuid": "e58c3b1b-5ce0-4c1c-b3cf-e6e4fdf7cd41", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814526", "to_ids": true, "type": "filename", "uuid": "819780e4-a029-49ee-a5be-82c03906a831", "value": "73e98d43345eeb10c7847f6b92a2b120.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814526", "to_ids": false, "type": "text", "uuid": "3f8a8324-8bd7-4d03-86ad-00c061c21f52", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860283", "uuid": "dd5212a9-f878-4038-97d4-8c320684e30a", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860283", "to_ids": true, "type": "md5", "uuid": "adc6bd23-5573-4539-9d60-6437eebdf46f", "value": "fa5b88b4eb30ccb1d6850eccefff06d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860283", "to_ids": true, "type": "sha1", "uuid": "4435d9db-bce5-45aa-b97f-b0aac0d8feee", "value": "d2e566a00cf6ff64ce40455e562098a84c546e3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860283", "to_ids": true, "type": "sha256", "uuid": "88a3517e-2eba-4af1-acfe-e194df2e9297", "value": "a7a8eb9edb455486604903d01593a098f5cf501db9e9d950db23801d83d4d149", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814548", "to_ids": true, "type": "ssdeep", "uuid": "ea366780-f7db-4e20-bd47-51caa7889e60", "value": "12288:dfC/0GiYps5cX3lCFHldJ5m3PJ7eq3UtfZ3L3En0A0EHdHh:da/AYpso3lCFHldJqB7eqEtVLU0t6h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814548", "to_ids": false, "type": "size-in-bytes", "uuid": "a9a13db4-a9f0-4683-8e82-21db9d8848ae", "value": "595695" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814548", "to_ids": true, "type": "vhash", "uuid": "b12597d6-cdf9-4f43-b464-b91b4a12f6cb", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814548", "to_ids": false, "type": "text", "uuid": "821bd1bb-9d8c-44ba-a5d4-80140aedf8b4", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860285", "uuid": "0ee1aa34-f08e-45c6-a6e2-c4976f66604f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860284", "to_ids": true, "type": "md5", "uuid": "fcc3cab0-973a-46a2-a4d9-7436412fbe60", "value": "314ca6cb7969b5484b4c1173eef80551", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860284", "to_ids": true, "type": "sha1", "uuid": "3784d5aa-c055-42a3-8ea9-b7ed6043c78e", "value": "097b153e28a4a2ce54b2930339909cd0b4f961e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860285", "to_ids": true, "type": "sha256", "uuid": "5e0f8a7f-0568-4800-8701-6b54f5868301", "value": "491d7027a191d5448c09d5335c95a7c16330789d3ebf4b3cdf2381753551d8fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814569", "to_ids": true, "type": "ssdeep", "uuid": "de2df017-6946-491e-a6dd-aa36c3389b37", "value": "6144:yBCIddG4Tyxyae5ULzPf409kW7U19nwanDuZZp5XQfRUC:yBCILGQyBe5Yg09Do9JnDuZZpNQfx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814569", "to_ids": false, "type": "size-in-bytes", "uuid": "ac2ea90a-0e90-4028-a661-69759b8b2ef6", "value": "241760" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814569", "to_ids": true, "type": "vhash", "uuid": "bdcf430b-6687-4a5c-9634-641688880ee7", "value": "2e2222cff9e5ce3467f040d4d1c229fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814569", "to_ids": true, "type": "filename", "uuid": "8dade1a3-f58b-4775-a538-1e035d4d976b", "value": "314ca6cb7969b5484b4c1173eef80551.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814569", "to_ids": false, "type": "text", "uuid": "35dffcbf-0f15-44f8-9414-a71567d2920c", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:24/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860286", "uuid": "59375885-e21a-497f-9da1-a665aaa1ad58", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860286", "to_ids": true, "type": "md5", "uuid": "671b0f8e-2d93-4d5f-944b-621d1093950c", "value": "d251a6915f2284ea5f0968b6fff24e3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860286", "to_ids": true, "type": "sha1", "uuid": "1c72edb7-bf03-4c9f-8e26-7ca4f7c104cb", "value": "13ef1f90a7206017df337443f96426c8da61b77a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860286", "to_ids": true, "type": "sha256", "uuid": "9cb5cc80-dabd-4070-af78-2e214ee5a6be", "value": "7f70354b6b21ac5998a0194332296debbff432531614d9d4d7baf2e343fd5515", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814590", "to_ids": true, "type": "ssdeep", "uuid": "9a50960f-f317-43b2-8025-0402b23a4a01", "value": "6144:BBnkdVwKnESN/gFfiVOfGtqqZde4p/qEw+lUISMtpO:BBn0fnEStdtqmdN12+K2t8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814590", "to_ids": false, "type": "size-in-bytes", "uuid": "a399daae-e8dd-40b0-9572-5290fd824fc2", "value": "247928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814590", "to_ids": true, "type": "vhash", "uuid": "44bfa52a-7341-4286-849b-86bfaee50d69", "value": "2e2222cff9e5ce3467f040d4d1c229fa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814590", "to_ids": true, "type": "filename", "uuid": "bd6a2512-7b30-4ec5-b04e-7c66f5c7d11c", "value": "d251a6915f2284ea5f0968b6fff24e3e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814590", "to_ids": false, "type": "text", "uuid": "4299ff99-d789-46eb-ae59-cd4f4c6df874", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860287", "uuid": "4bdfd02e-2a46-4cfb-996f-626a7df2c076", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860287", "to_ids": true, "type": "md5", "uuid": "b748b5b1-1c9b-4d3d-b9cd-b51ec3e646a8", "value": "6c303a8d240959e585bb68aa3304d805", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860287", "to_ids": true, "type": "sha1", "uuid": "7562f683-1567-446c-aeb4-88514afe4d4e", "value": "0b13e467b620403c0d5b9811c213876ee4a3e8a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860287", "to_ids": true, "type": "sha256", "uuid": "459fa972-f32f-4a4f-9872-0b2c5d26bc69", "value": "ca913aa9f473c9c207be4df761e6dda49babc740170753b770c2751515e8553a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814612", "to_ids": true, "type": "ssdeep", "uuid": "2f2245ea-23b3-4315-ac82-1275d6c81697", "value": "6144:e7K8HJScF5YoFDXiSPJu7Tm3blnzolL0M4YZ2gYQfyUSrmd71uEoH3MF4mEt:e7ZJD7YoxiSPqTm3hzEQM4Y+1DroMEwz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814612", "to_ids": false, "type": "size-in-bytes", "uuid": "3a10359b-20e1-4d67-8bcd-4132e98992be", "value": "324923" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814612", "to_ids": true, "type": "vhash", "uuid": "268a9869-e759-417c-81a1-71d88b8e15a7", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740814612", "to_ids": true, "type": "filename", "uuid": "ba0b572c-b99a-4c7a-92e5-802f7f444844", "value": "6c303a8d240959e585bb68aa3304d805.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814612", "to_ids": false, "type": "text", "uuid": "087b3dee-287d-4275-a012-59a1d1a45a8f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860288", "uuid": "756563d7-4aac-42f3-b0a0-6d9fdd85ab85", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860288", "to_ids": true, "type": "md5", "uuid": "4b4e314d-5bc5-408a-b854-d72683899fde", "value": "4a8bc5b4097957315cbef93ff8532376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860288", "to_ids": true, "type": "sha1", "uuid": "493c18ce-158f-4034-817c-17cbb468de21", "value": "84b6629d013938a8892d03fad1445248d8acca37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860288", "to_ids": true, "type": "sha256", "uuid": "a329c012-e8d7-487e-ae5f-b959a6782f1e", "value": "cc0e397bf7de6a4c6ddef03d97ceff341f80ab56583a497ddc1235b3c0848d83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740814806", "to_ids": true, "type": "ssdeep", "uuid": "8a778f11-ec74-4a15-b030-d6ddbb3375e6", "value": "98304:nS3pGbNs271WgO/ODZnTru8EJgyaLCAGl:nS52pWeZnm8Dy/l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740814806", "to_ids": false, "type": "size-in-bytes", "uuid": "dc74bf19-7273-4037-bc8a-b51c33599fb9", "value": "3509221" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740814806", "to_ids": true, "type": "vhash", "uuid": "6d4c7e21-8f3b-4735-b247-1f19b0d00aa7", "value": "9ca402340eb2f08dcdea58971a1e452b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740814806", "to_ids": false, "type": "text", "uuid": "f4ab371b-e746-4ef7-bfa7-c6bfc0ad57ce", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860289", "uuid": "da3d0b2b-1e38-4e1a-86b9-618f55a47908", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860289", "to_ids": true, "type": "md5", "uuid": "de3da3c0-f84e-42a3-9018-e73679ce542f", "value": "385661c337e2777bbb6ea236896e35f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860289", "to_ids": true, "type": "sha1", "uuid": "a21f62d4-9100-4432-bfc4-1ba0a7a3b217", "value": "45c3c713bee898dffa92421ad1316ffb2274c716", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860289", "to_ids": true, "type": "sha256", "uuid": "36f7ef7f-1b15-4291-8e3c-230019d92b55", "value": "45a791a0ab5366103a670d0ec351ff5829de3c4498960c54b14b1aae3f98d82b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829854", "to_ids": true, "type": "ssdeep", "uuid": "0fc34e86-2145-4085-a3f2-88b2e8b0ba0e", "value": "6144:+AVxk9px4+9rBG45FQuNRzFBah1dcU4ffDIt6NGSdmpYMRe/S/rwL:Hxwpx4osUQrOU4hNGRpYMRU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829854", "to_ids": false, "type": "size-in-bytes", "uuid": "081274be-acf2-446e-8d7e-77f54a14610c", "value": "331478" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829854", "to_ids": true, "type": "vhash", "uuid": "090b0a6d-1de5-489a-95ba-9c721976cc03", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740829854", "to_ids": true, "type": "filename", "uuid": "397b8c04-6a6c-4619-a772-39dfaf813ac9", "value": "385661c337e2777bbb6ea236896e35f5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829854", "to_ids": false, "type": "text", "uuid": "3d7cd6c7-a698-4602-8ee8-883dbd2ede54", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860290", "uuid": "d9c3ee68-0b49-4a0a-aaad-8a891748a7ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860290", "to_ids": true, "type": "md5", "uuid": "3d42cf85-dcb8-4181-92ca-44bf8012595e", "value": "28a1dc779bb78fdc5ffd463ef310e48b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860290", "to_ids": true, "type": "sha1", "uuid": "57a01af7-b042-4db9-a902-32a326f62b2a", "value": "d7fa5d1af176d96c97bb18228c2df8faebe48a8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860290", "to_ids": true, "type": "sha256", "uuid": "c7b87aef-a9e3-4ce4-8905-f42a9908d63e", "value": "8840c787a46dcc032bbbb1b73da3f0aeb52a667d7e42a9f5267f2128d46bcde6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829875", "to_ids": true, "type": "ssdeep", "uuid": "a62dd20e-6673-4fe9-a7b4-d058c57ef971", "value": "6144:yI7Khe1owKv6aRTer3s38uPiws/FIeDvt2Y/gcPe2b5:77Khe1oNXCr3mPe/V2+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829875", "to_ids": false, "type": "size-in-bytes", "uuid": "ca85e712-8dc1-4ecb-8645-fe5dd271f259", "value": "323202" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829875", "to_ids": true, "type": "vhash", "uuid": "1a84eb3e-a726-4874-919c-331574e4af74", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740829875", "to_ids": true, "type": "filename", "uuid": "e152e06a-b22a-4c90-a777-d9106a078b69", "value": "28a1dc779bb78fdc5ffd463ef310e48b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829875", "to_ids": false, "type": "text", "uuid": "b24d6cdf-5c1f-40f2-9e41-136ddaa29ab9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860291", "uuid": "e07dc3db-2505-4dc3-af5f-6b33d3987e96", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860291", "to_ids": true, "type": "md5", "uuid": "2c9c4cd0-7f0a-4199-a364-e196dd350ef1", "value": "63e798af7c5c7ccdea583614aa88e765", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860291", "to_ids": true, "type": "sha1", "uuid": "a1753645-b61b-43c8-9b3e-773f2e623c98", "value": "f8d45dbcd4c3c7ba64b63157a3e6cf85cd92a70f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860291", "to_ids": true, "type": "sha256", "uuid": "e213b687-1c07-485f-aecd-1e4ac6667f3b", "value": "dcd4ac8f53e82be54c07c9776a0b24735dda49956286ac052aafc2d82a6b132d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829896", "to_ids": true, "type": "ssdeep", "uuid": "0ff2a4cc-2116-446b-87d5-74bf57c65d48", "value": "24576:njSJ0jzNdmBAmoDB/3NBDy8FHDbiTsfSEekHAG:nk0jTjB/lJDboiLHAG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829896", "to_ids": false, "type": "size-in-bytes", "uuid": "f6d05aac-f63e-4407-9a61-3641d400daee", "value": "820263" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829896", "to_ids": true, "type": "vhash", "uuid": "19e6cc12-2b47-4c5f-a725-f983502788ff", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740829896", "to_ids": true, "type": "filename", "uuid": "43a44a74-939a-4cd4-9e21-a04a788dd85b", "value": "63e798af7c5c7ccdea583614aa88e765.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829896", "to_ids": false, "type": "text", "uuid": "e91b0b09-0fbe-4daa-9e2c-4666ec0165bb", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA13\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860293", "uuid": "0bc8fb76-b895-42b2-b034-f349b8e49ff1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860292", "to_ids": true, "type": "md5", "uuid": "383b9c0e-dc65-4b76-988f-3e710c86b24b", "value": "e9bd527ffb62206cdaa9ee072c2b8569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860292", "to_ids": true, "type": "sha1", "uuid": "ac754232-4b8c-4b4a-a659-67d4d348aab3", "value": "07c9710a7b671838282b84c063895215463e8bfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860293", "to_ids": true, "type": "sha256", "uuid": "877a4b1a-b589-4fb9-afb4-7c0817458e45", "value": "03fc10828a2314f9c85f784aea5383e28a409792d30ac62e01170aa422fdfe81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829918", "to_ids": true, "type": "ssdeep", "uuid": "4771b580-1feb-4db5-bd2b-fb616bb7a72d", "value": "24576:XpdQEmrp6kA+zDWsihcKK6ASpcGxV0eEA:XkEm46BiC36bWGy7A" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829918", "to_ids": false, "type": "size-in-bytes", "uuid": "e16d975f-0193-4c0b-b53c-d52e42c81173", "value": "810112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829918", "to_ids": true, "type": "vhash", "uuid": "67e871df-e9d6-4b82-b4fa-cbc98ad69b3b", "value": "c36973eb8206bed8554fed699a990879" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740829918", "to_ids": true, "type": "filename", "uuid": "546f6ceb-a3aa-40da-a379-cab2616d5192", "value": "e9bd527ffb62206cdaa9ee072c2b8569.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829918", "to_ids": false, "type": "text", "uuid": "213d9fb6-cf03-4af7-835f-96edd69b489a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860294", "uuid": "837a68cf-4023-4afc-ba4d-15f2b852e8f4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860293", "to_ids": true, "type": "md5", "uuid": "7161852a-fa57-4dc1-aed0-b51302cc66c7", "value": "0b13001f72afec43526e155fc04d057e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860294", "to_ids": true, "type": "sha1", "uuid": "ef707cb4-34ad-4871-baf5-68a9c9a60328", "value": "677a2a8f89f1013340ffc39c47c4ce9f009e624e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860294", "to_ids": true, "type": "sha256", "uuid": "dd10a3e4-e717-41c6-8adc-4b685430a314", "value": "a916393d3699e8a9e180541cea7fed4787760b045bdef5f665b754011fc010b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829939", "to_ids": true, "type": "ssdeep", "uuid": "6168987f-d4a9-4f0f-a4c5-264564f25996", "value": "12288:GfBzlIEXAJe6ANXYC3HAA+9xCDlwKdWLtZbWls4pASn5ET6qv6pzcsrNyq9Fa6XH:GfqQ60IWxKptGs4fCLwoA/9FxH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829939", "to_ids": false, "type": "size-in-bytes", "uuid": "31979adc-0cfc-4438-9014-4a105c83a35d", "value": "826825" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829939", "to_ids": true, "type": "vhash", "uuid": "93aa3fdd-b62f-49b3-b47e-eac742d1e5c0", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829939", "to_ids": false, "type": "text", "uuid": "950b0bad-7c23-4b36-ab65-60cf6d4db55f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860295", "uuid": "012a6dd6-d882-4da8-98c6-9487580ecbaa", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860294", "to_ids": true, "type": "md5", "uuid": "79112c96-0795-4531-9cd6-4d7340965577", "value": "2d2e4bd47c3f60af929df0f3695f1ddf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860295", "to_ids": true, "type": "sha1", "uuid": "1c27cc26-f68d-4dab-aaac-740962aabe59", "value": "0c7de955e909b5e266d993cb9e84c0593af32591", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860295", "to_ids": true, "type": "sha256", "uuid": "0cd01405-589f-4895-8c42-fec65b7a622c", "value": "cac1d3d9214b60474f6a1c7be28efd5415580567637304e96e4257c172eb104b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829960", "to_ids": true, "type": "ssdeep", "uuid": "5efcf33b-5ea2-4261-8062-ac6a7ef401f6", "value": "12288:jfBzlIEXAJe6ANXYC3HAA+9xCDlwKd+LtFMipSUrBH8uyWPcvaKCdcDpxmWgF:jfqQ60IWxKhtu6SUrBH8uJtdcDr6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829960", "to_ids": false, "type": "size-in-bytes", "uuid": "d0618192-9521-464b-b537-dffbb822aefb", "value": "826820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829960", "to_ids": true, "type": "vhash", "uuid": "ecc36cbe-83fd-4efd-9ffd-14d3ec340608", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829960", "to_ids": false, "type": "text", "uuid": "fbf8a78a-8d4d-4182-b6bb-a938f44bf74a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860296", "uuid": "03bf648e-d140-4124-b5a9-7bdc57c48cb5", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860296", "to_ids": true, "type": "md5", "uuid": "4ce4f027-3ca5-4c53-bb49-92ca58f6f2c5", "value": "91b4130511db93e940e4e4493253136a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860296", "to_ids": true, "type": "sha1", "uuid": "2d0cbae9-b57c-4734-861f-74e532805550", "value": "c350f8f72dd796cc7ae9dcb688742aadca5aaf03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860296", "to_ids": true, "type": "sha256", "uuid": "8db687e9-89db-4a9d-a711-4976dbf02c90", "value": "bd64d73b4a892aba6105624bf8a84cf878b15eb9dbf2a307fe33c6d89e00ec7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740829982", "to_ids": true, "type": "ssdeep", "uuid": "d690e076-3241-4850-a98d-ba72b7b2e40a", "value": "24576:kqfqQ60IWxKEVoc03jSEdN9pI6VeaEelKAOdhS5Tr6F:kqf1607KL3NT9p79Eelv5TrY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740829982", "to_ids": false, "type": "size-in-bytes", "uuid": "bb396e3a-136c-4908-b05b-711b86cdbe83", "value": "826818" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740829982", "to_ids": true, "type": "vhash", "uuid": "1cd93aee-9060-4585-9091-b3a8c857a715", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740829982", "to_ids": false, "type": "text", "uuid": "d14ff247-8ab6-4a18-b459-59528f43fbb1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860297", "uuid": "aa773e4d-2c89-412d-ad56-2d7f03bde053", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860297", "to_ids": true, "type": "md5", "uuid": "6cd4ade6-d5f8-4ca9-990c-fccf23b85354", "value": "d7a13313778fcda2a9777976de875863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860297", "to_ids": true, "type": "sha1", "uuid": "c39b7199-159d-4cd9-899f-259c8349b718", "value": "29dc457ed85593ce5f774d367c8186c033abbb25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860297", "to_ids": true, "type": "sha256", "uuid": "52ba5437-da37-4403-b437-d40d6a85d353", "value": "5ecbf472da7d3cf6799850e5ac81c4e8e7ffb2704d5d9006962348c1ff63ddb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830003", "to_ids": true, "type": "ssdeep", "uuid": "10e9e8d9-c25f-49e1-bdc5-0e4d6f4d7433", "value": "6144:N1/pg+CuZc20/gWQ2JopqoI1HYpk0lkiIBqIcQboi:NbgMc22gWD+tHpfkiIUItJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830003", "to_ids": false, "type": "size-in-bytes", "uuid": "71abb244-ab70-4e92-aa5f-8c7e53a1feec", "value": "339736" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830003", "to_ids": true, "type": "vhash", "uuid": "4ac99840-9fc4-4649-aade-5989928ed9d5", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830003", "to_ids": false, "type": "text", "uuid": "141e34e9-aa67-4f25-b440-122568f6816a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860298", "uuid": "73966549-3776-4799-ad2d-202c75300755", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860298", "to_ids": true, "type": "md5", "uuid": "f3c8bcdf-c64e-440a-be95-beb2f4af0f82", "value": "b0007d7a4011aa9733df90466f7715a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860298", "to_ids": true, "type": "sha1", "uuid": "c3fc8a14-c72a-440d-902b-da38fcdd548e", "value": "007ce346218a220909f228e694d984799d165b0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860298", "to_ids": true, "type": "sha256", "uuid": "1355ac00-3549-4e06-a10a-83918a0cec91", "value": "be50f29157d1288ec1ba88b2581ec18a14c39ba7bd1f35ebe12b54b599f61e80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830024", "to_ids": true, "type": "ssdeep", "uuid": "31061210-1c97-468e-bf7e-1a18ffeca5d9", "value": "12288:MfBzlIEXAJe6ANXYC3HAA+9xCDlwKduLtF1dTDaavI8MPY5uQ4iG6rNPSlWguENJ:MfqQ60IWxKBtVTDa+/MPFhBwZSlbt0c3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830024", "to_ids": false, "type": "size-in-bytes", "uuid": "e500b187-9ca2-411f-a83e-836e90ddf7e4", "value": "826822" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830024", "to_ids": true, "type": "vhash", "uuid": "e91f1ade-dbed-495a-ab7f-da092dce0af3", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830024", "to_ids": false, "type": "text", "uuid": "9929cc92-77f9-487b-a6d8-c9cc194c8da7", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860299", "uuid": "cbab1903-45ae-4545-9417-6e625a861ec3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860299", "to_ids": true, "type": "md5", "uuid": "565e50bb-6dca-440c-92df-cfcfe6fbc266", "value": "3870d6a438754cceea7813658e6eccf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860299", "to_ids": true, "type": "sha1", "uuid": "33f7a2f9-c45a-4368-bbef-235c5366cf9b", "value": "72491926bd13246a3f8b90e17cc8d5778019c8a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860299", "to_ids": true, "type": "sha256", "uuid": "feb06897-a064-4573-98b0-114aa665104e", "value": "48b43bd828d8b83a4eb99d025bf46e0cb958fe4859e7e90cfd84efdc721c5a1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830046", "to_ids": true, "type": "ssdeep", "uuid": "02ae0406-bb86-4ff9-b38c-895ea306d923", "value": "12288:gfBzlIEXAJe6ANXYC3HAA+9xCDlwKdJLh0YyHLdRc/wZ9/dVsTKSiS4NPVu5HdU/:gfqQ60IWxKShUL70wZ9/dqD4ZVW9UdE2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830046", "to_ids": false, "type": "size-in-bytes", "uuid": "7902e0aa-f3fb-487d-8160-9a1610b24ae2", "value": "826821" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830046", "to_ids": true, "type": "vhash", "uuid": "621b3c95-bcb9-40fc-b882-3127812c4157", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830046", "to_ids": false, "type": "text", "uuid": "2c76b300-c486-4bcb-9f45-d662cd9fbde0", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860300", "uuid": "9e763879-0e02-4b66-aa2c-fdf60a5d9096", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860300", "to_ids": true, "type": "md5", "uuid": "7dfc672c-0d53-43ef-951c-72d52bb7ecac", "value": "a8da6b35d0424575bde3bee942aa5f74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860300", "to_ids": true, "type": "sha1", "uuid": "5d5e9969-1f4d-445a-b56c-e7b83d40f1d1", "value": "024143168cc00e312fd2bff293ab2b33ad72e856", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860300", "to_ids": true, "type": "sha256", "uuid": "e30adf3b-1f07-48c7-adf2-2aea6af5a4ee", "value": "b0a1f92e9cb36f80a27aa09bdca67e031a3f6a73b59320724f5533c9d58b306b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830067", "to_ids": true, "type": "ssdeep", "uuid": "34b2a484-6f84-4cad-b596-8bb79948c9ff", "value": "6144:jE9n9G8qmeclyENV9uK/iOzW5iALqqfhr0LfTSMLAz1XBbM6M:jE9n9G8Wq5lUwM50PXQNe6M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830067", "to_ids": false, "type": "size-in-bytes", "uuid": "9ff9f0a6-dfde-4a13-95ae-b65dae047f37", "value": "253598" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830067", "to_ids": true, "type": "vhash", "uuid": "dd0f5b1c-72e0-496e-bd30-128af292e381", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830067", "to_ids": false, "type": "text", "uuid": "2dc003bf-dbcb-4706-bc90-7c7f452b2d82", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860301", "uuid": "2949cf33-7981-48fe-bf69-b294a10c0bb3", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860301", "to_ids": true, "type": "md5", "uuid": "b9868058-93f6-4f3a-9d06-fa91fc8ad614", "value": "a25e5bfb5ec2d50b150b1bfbf43c7cbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860301", "to_ids": true, "type": "sha1", "uuid": "2f3e68f6-4b4c-4ef0-9e8a-3c1bdae4f2e7", "value": "0e695c82a496397a6e13ff72876be74c4bfa2635", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860301", "to_ids": true, "type": "sha256", "uuid": "a2246988-4746-4f27-80b3-87bdba6bcbd4", "value": "4ccbd6624326cceafdd17f146ea0e29ee0cf48de0a36ad1a7c01fe22a03d8262", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830088", "to_ids": true, "type": "ssdeep", "uuid": "35803a49-4681-46f1-b632-3104374a9476", "value": "12288:IfBzlIEXAJe6ANXYC3HAA+9xCDlwKdjLBy62myDewKRp3klSC+U0aEIjkQZLpr:IfqQ60IWxKcBX2mPNR5tCtVjkQZ9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830088", "to_ids": false, "type": "size-in-bytes", "uuid": "1c884ba3-44c1-41a9-bf84-3cc1ae367e03", "value": "826177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830088", "to_ids": true, "type": "vhash", "uuid": "6c62cbcb-5cb7-484c-92f9-f291b5865d11", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830088", "to_ids": false, "type": "text", "uuid": "84a14bc0-862f-4666-82e5-57a219cdae5a", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860302", "uuid": "992a2faa-8a75-4e8b-91d8-614940339fa1", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860302", "to_ids": true, "type": "md5", "uuid": "3f0a1349-cdc0-4e27-bf30-a5903cf95ee0", "value": "01c7e2fdc104e62e683c39276e63dacd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860302", "to_ids": true, "type": "sha1", "uuid": "2094ab05-c63d-4043-ab24-11d4edd0d418", "value": "2b4ca66400a3cddce57932a72c1f1bb5aa8d7ffb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860302", "to_ids": true, "type": "sha256", "uuid": "fa5d46d9-4fc6-40db-a836-af72a7610a2b", "value": "4adfcc53d4d5b53a21df52cd151418772bb680c4e73657a8394766f0993ddc32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830109", "to_ids": true, "type": "ssdeep", "uuid": "460e5eb0-52ce-4749-922e-195e41c04eb2", "value": "12288:rfBzlIEXAJe6ANXYC3HAA+9xCDlwKdALFn++gdUKaPRB1l7ROotbxIFURe/WL5aS:rfqQ60IWxK3F+/5aPRBAg1IFAYWLNn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830110", "to_ids": false, "type": "size-in-bytes", "uuid": "906d7e46-cb5f-405f-9edb-ab035b9ecb7c", "value": "826165" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830110", "to_ids": true, "type": "vhash", "uuid": "7bd27ae2-93cb-469a-89e5-514fb2570f75", "value": "499672b270a1c79600af8d46abe87694" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830110", "to_ids": false, "type": "text", "uuid": "8b526eaa-e959-4602-b2c5-a02f0df7cc84", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860303", "uuid": "2a40ccd4-e696-40b8-b903-f500cb019a68", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860303", "to_ids": true, "type": "md5", "uuid": "4f736c2e-2a84-4ce6-9bbc-e2956ac412ba", "value": "53c988672b36cd039358d112c9c71d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860303", "to_ids": true, "type": "sha1", "uuid": "3a492e84-a9dd-44ad-93ee-328493db3eba", "value": "56d4402b95bd7d9c3ed32c729f5a610259dfc4a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860303", "to_ids": true, "type": "sha256", "uuid": "0d78b999-ab77-46ec-91cf-79a1577c8a53", "value": "86a864b7c1ff195c8353fa059ba8e155a630d275fe4d26815f3c5807d5cedc90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830131", "to_ids": true, "type": "ssdeep", "uuid": "acf4faf7-64b9-4f4d-af81-ad41d2698160", "value": "6144:McNmuPNtnJO2REUBzVGwlyBqQbOBxWMF9COV0zc+RZgD8E2n/bbcMOFBEkn:McNmuPbB7GwlCL6Pf9COMLRZLhcM6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830131", "to_ids": false, "type": "size-in-bytes", "uuid": "e0b9d495-0a5d-496a-90e8-d9bc1479ef46", "value": "331924" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830131", "to_ids": true, "type": "vhash", "uuid": "5578da4f-84e0-4a66-a398-1598e112dbfb", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/09/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830131", "to_ids": false, "type": "text", "uuid": "e87f114f-3d0e-49ae-96f9-8fc34a93f01d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860305", "uuid": "18b01e7a-2d14-49c6-8b47-50657ecf2f46", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860304", "to_ids": true, "type": "md5", "uuid": "7bad3b01-9237-4932-aee2-e77f80ae7b0f", "value": "b31a5b64aee8d19c6a37eba715e7bae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860304", "to_ids": true, "type": "sha1", "uuid": "9b310ac0-8dc0-4a70-acb4-828e93b3b926", "value": "7ded0d8e5164d84f93f34cf244517b649416f644", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860305", "to_ids": true, "type": "sha256", "uuid": "2d7ed63f-6bad-4b38-888b-279a3c31cec0", "value": "affeee3eec2c761c1dffea8acb66c45530c7060d41d9bd9de51e7d7d6667ad71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830152", "to_ids": true, "type": "ssdeep", "uuid": "29a02175-b382-4680-ae81-304642a258c0", "value": "6144:bAgOMq9X1c9dH910qOjcus5RbJCk7zzuczYn5AZi0nMUeEo1Ofoy/W4Fq4Q:byMq9k10XoDd7fFjZnnMU0Gp/W48" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830152", "to_ids": false, "type": "size-in-bytes", "uuid": "a6308b1e-6e8e-47ed-810b-8b5e518f57b1", "value": "332144" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830152", "to_ids": true, "type": "vhash", "uuid": "00ca1390-ffaf-4627-821a-77f98fefd4e9", "value": "b1b04e76d4357e00e3b7213c69a22bdf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830152", "to_ids": true, "type": "filename", "uuid": "26d86a5d-5e17-4ed6-8260-fad32004ba4e", "value": "b31a5b64aee8d19c6a37eba715e7bae8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830152", "to_ids": false, "type": "text", "uuid": "c4585e69-65e5-496f-ac3b-07e0b7c0464f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860306", "uuid": "bf3f6118-c49d-4ea2-b97b-ab659b7bc0b4", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860305", "to_ids": true, "type": "md5", "uuid": "043c1459-8b41-491b-8288-9b94a5fdd1a7", "value": "10d376ac096e14fa66ed7c79a3b8c1cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860306", "to_ids": true, "type": "sha1", "uuid": "bfe44bf1-1e63-4c70-a8d2-fe37d4ce4cdb", "value": "4af7f4bc0db5e33b03db2f4b5c5b0143e15df8e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860306", "to_ids": true, "type": "sha256", "uuid": "7f22aa96-7b26-41ab-b60d-2f51a93867c9", "value": "85968c16cd2906ceaff6c55ef4a7452b2e640aa58ad5b187599733fbc5772e72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830174", "to_ids": true, "type": "ssdeep", "uuid": "25b52b62-7f55-45d5-a64d-d8fee7cf59a7", "value": "6144:HIS9eMwA1Z/CDRZw/4u8xWP7LLhd9xvfPU3Qsx24UvAb/Xa:HIS9X6DvM4xOLhd91HUgCJbfa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830174", "to_ids": false, "type": "size-in-bytes", "uuid": "ce0f5231-54a8-4ae3-9560-dd24d1bd23bd", "value": "256448" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830174", "to_ids": true, "type": "vhash", "uuid": "e7be4170-c763-4080-8b87-e56b49f34379", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830174", "to_ids": true, "type": "filename", "uuid": "7bab7a56-3a89-4758-8349-cd1974755f31", "value": "10d376ac096e14fa66ed7c79a3b8c1cb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830174", "to_ids": false, "type": "text", "uuid": "13f6a8c7-26fe-46d4-8887-db4849d01fb9", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860307", "uuid": "dbe60372-2b66-4505-96f3-d6a119abdd7d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860306", "to_ids": true, "type": "md5", "uuid": "d4b529d0-6e66-4e92-9574-b8b7f4dc29d0", "value": "790bc32b7d58fc4c34372509eea5a22c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860307", "to_ids": true, "type": "sha1", "uuid": "a4c92ec2-f3c2-4f57-939c-ff6b46a3003f", "value": "e4cedbf102c14776b90ef65d4bcb802fca48c41a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860307", "to_ids": true, "type": "sha256", "uuid": "5ea7e599-5dca-41c7-b05e-fc816e97afd7", "value": "c072049daca64b8d0a66b20e580a643f16e857c91cefb33e82173b74c46ee9e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830195", "to_ids": true, "type": "ssdeep", "uuid": "8dfd9df3-9167-4c38-b4b9-6211eb462805", "value": "6144:jMi6tzYzrY8djDcEZNxOMpGaMHLrlcj+nlWtm/n1vDmHa2ImFbRtEQC+h3FYju:AiGY/Y8pcVuGaMHLr2j+fdWzEfAWju" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830195", "to_ids": false, "type": "size-in-bytes", "uuid": "625fa460-537f-482c-8370-e79af29d9461", "value": "329198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830195", "to_ids": true, "type": "vhash", "uuid": "6d85a2ae-3f09-4276-927e-1b5686f8a571", "value": "6beb89b5a2471246394be9bf0a6c33a9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830195", "to_ids": false, "type": "text", "uuid": "4fd8aea2-7e28-4943-b61f-b83d5979ad42", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860308", "uuid": "fded9ff9-b586-44d4-921d-55e3d29c4a72", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860308", "to_ids": true, "type": "md5", "uuid": "38dfa3f7-7350-4078-a124-b79f7b13d4db", "value": "5ad1cd92d4fc3e3b5e375f7a5119f938", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860308", "to_ids": true, "type": "sha1", "uuid": "cf5102bd-523a-4db3-b099-e274be9876f7", "value": "15199836134aa6d7167ab6e721a569685814ccfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860308", "to_ids": true, "type": "sha256", "uuid": "205b5be3-e367-4a82-a17d-8938c05c405f", "value": "0953b458d15d9cbdcb51dbf64e4083f467d6852f0f90e59c43ec4391d7708784", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830216", "to_ids": true, "type": "ssdeep", "uuid": "b9ee9548-52ad-4c3d-8492-bdc47b552125", "value": "6144:hKHoSxr2BYcL/bXW2DT09Eg6roGTbHs2fMOKvcDJaEiWTz7grh:hKdGbm2T0CBdwc0ERP7g9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830216", "to_ids": false, "type": "size-in-bytes", "uuid": "1ca58c30-59c9-4d6d-8310-2efeddd1ff78", "value": "331507" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830216", "to_ids": true, "type": "vhash", "uuid": "f78fee43-c88a-4eec-92a1-48901ba46498", "value": "1ef1213f0d80872fb77ba2ea89c3297a" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830216", "to_ids": false, "type": "text", "uuid": "a48a8277-5109-428a-89ec-fc9b0e218d25", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860309", "uuid": "0b4cf5d0-6e39-4390-8a7e-4e00269b4564", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860309", "to_ids": true, "type": "md5", "uuid": "cf0eb641-4680-459d-80fe-0dff172d3471", "value": "34e6edaf43fbc7fbd046820650dd7e6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860309", "to_ids": true, "type": "sha1", "uuid": "0d3893d5-af5e-43c1-8230-3ba730df31d3", "value": "8bbc7f5e62a4935753ea37064c2e6186e897fe2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860309", "to_ids": true, "type": "sha256", "uuid": "a7e43176-d203-48ff-a9a8-85570e39536a", "value": "e17151e59ddf42eddd144c76a0c0835d61fb2295159c67b91117bc3974cac30b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830238", "to_ids": true, "type": "ssdeep", "uuid": "8611e027-e850-41eb-a104-f98422c4e30d", "value": "6144:J4xv/os+NqYQz+pqWrg2udYcZgQs+fz6f4wd3zG:J4to0zsEL4EufZzG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830238", "to_ids": false, "type": "size-in-bytes", "uuid": "c5c11a6e-4bce-4982-9166-f08fc821c818", "value": "253487" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830238", "to_ids": true, "type": "vhash", "uuid": "61c7f69e-1927-4d45-9d8a-65707afa2f6f", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830238", "to_ids": false, "type": "text", "uuid": "49c64f2d-6e56-4a6c-862d-70558d077ad8", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860310", "uuid": "b4b0ac6f-5449-4edc-b3fa-ea0704c008ca", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860310", "to_ids": true, "type": "md5", "uuid": "a1e80dee-d952-4c34-a95f-28f8f8786da6", "value": "c099e01259f88ee416b3c55fcd079131", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860310", "to_ids": true, "type": "sha1", "uuid": "b7be76c0-5c92-4d72-aa92-30019661cfb2", "value": "6b19fbfd1a3cf48477d8e04a61097327159a9159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860310", "to_ids": true, "type": "sha256", "uuid": "c61179f6-6741-4c99-8764-eb725ce873c8", "value": "1a37d228b0d36f1ab33ce3112d4fa12a820f7b4c02ffe7e1100359631a77b7e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830259", "to_ids": true, "type": "ssdeep", "uuid": "80b3658b-4de4-479f-b15b-7f4a40b8350d", "value": "6144:9W7Khe1owKv6aRTer3s38uPiws/FIeDvt2Y/gcPe2b0:9W7Khe1oNXCr3mPe/V2r" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830259", "to_ids": false, "type": "size-in-bytes", "uuid": "ae1b24ba-9f3b-4586-a3b7-9b40f6b094bb", "value": "323228" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830259", "to_ids": true, "type": "vhash", "uuid": "05d32356-c749-4765-be11-7eba5ef5d647", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830259", "to_ids": false, "type": "text", "uuid": "647ade9a-bee2-4a8a-9791-360d4f8ac924", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:32/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860311", "uuid": "305ba1be-a515-4752-b7d1-c2c7d057d7ff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860311", "to_ids": true, "type": "md5", "uuid": "de816b7c-2e02-421a-ab57-35a1f855767a", "value": "075a38390cc7eabf12209cd5343456c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860311", "to_ids": true, "type": "sha1", "uuid": "28a03dd6-5a95-4a99-8092-adaa155c595c", "value": "0cbce9656ad397416620e4d16814adf36b54fd02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860311", "to_ids": true, "type": "sha256", "uuid": "39e045ea-fff1-46f7-aa2e-df0a9d2b0cc1", "value": "e45f2d21753887c667dcedcaa84fd28ae8d69295533743a4d27d43882b23af20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830280", "to_ids": true, "type": "ssdeep", "uuid": "7a72cb1c-6e01-4a4a-a7aa-cbf325f90875", "value": "6144:AdRZWLO7MJr4sP4/K/kb/QUy8eyU0K7x465BYwS8Az2O+:tk/Pc0/U8xUXW68wS127" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830280", "to_ids": false, "type": "size-in-bytes", "uuid": "d67a2342-7c81-4662-9007-7c13733f709f", "value": "331169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830280", "to_ids": true, "type": "vhash", "uuid": "1b3d08b3-6c2e-457f-9ab6-551ed67a7a9d", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830280", "to_ids": true, "type": "filename", "uuid": "aae0f71e-27bb-464e-852b-537c0e2459f2", "value": "075a38390cc7eabf12209cd5343456c0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830280", "to_ids": false, "type": "text", "uuid": "7c617b95-a241-4e31-b579-856f19c608f6", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860312", "uuid": "2c543d98-2457-4972-9a1e-8c231d6a9378", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860312", "to_ids": true, "type": "md5", "uuid": "9482ac97-b168-443d-bee9-f7653b458625", "value": "e5accc95f85297e03b44279136b52a62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860312", "to_ids": true, "type": "sha1", "uuid": "54dd2cfc-d3ad-4db6-8664-43aead9461b7", "value": "777da268c76fec768a5979b682923478f575699f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860312", "to_ids": true, "type": "sha256", "uuid": "049ff7f7-fce5-4e43-adef-df4b09a9292d", "value": "2ec293720781da2227da1438fb404890b6fcc3bbd43b524406a599c04e43b03d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830302", "to_ids": true, "type": "ssdeep", "uuid": "472170cb-ba49-4b30-a9f2-35a19af7ea81", "value": "6144:LMnNcgSJ6MQIjUT0mnA4frFoZmpqdSE7g7XUzvamP:LMnNDZMqLAi7qkE7ZvXP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830302", "to_ids": false, "type": "size-in-bytes", "uuid": "fb151ed7-9485-42bf-9f22-31a58f300940", "value": "256390" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830302", "to_ids": true, "type": "vhash", "uuid": "5878c80d-bc9b-4113-958b-fb9708356b44", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830302", "to_ids": false, "type": "text", "uuid": "75680ab4-ecda-44b1-a34d-5759ee86e546", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860314", "uuid": "63c99e8a-9adf-47c0-adba-c0d1c1718786", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860313", "to_ids": true, "type": "md5", "uuid": "50161fbf-0d9c-4ef7-bb65-3b672822f1be", "value": "e326e48dbc16d6970b6df4550da0c3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860313", "to_ids": true, "type": "sha1", "uuid": "9c25dfdf-b734-47e2-ae90-a938f5e7dee0", "value": "357dcb13aa5b700cf21614a07f2b7e358dc25fb1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860314", "to_ids": true, "type": "sha256", "uuid": "8598e591-a928-4361-a02a-cce40ec23368", "value": "76376f57904abd99ded046fba9a35ec291fc8c33230b8a99455e92e9e5142353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830323", "to_ids": true, "type": "ssdeep", "uuid": "4a91fe5b-e484-4b75-ba0e-d8bf7cc55541", "value": "6144:6+BagDrWWUOAbC5tb+ZwsBeuu9hl0CUd9xvy9ouIl71gUf:6+BDfUOAb2tb+usBeuugd91aId1Zf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830323", "to_ids": false, "type": "size-in-bytes", "uuid": "5eae12fb-185b-499a-bcae-79c508b76f22", "value": "256502" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830323", "to_ids": true, "type": "vhash", "uuid": "b9911146-ac1d-41de-99a3-202e054b98c6", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830323", "to_ids": false, "type": "text", "uuid": "68f92303-f8e3-42d9-bd70-8f2b51d4d21e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860315", "uuid": "678b4ec1-77b8-4993-a40f-b15283b105c6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860314", "to_ids": true, "type": "md5", "uuid": "e38dd472-ef03-4d54-b83d-ca0ef9394cdc", "value": "cdfbe4287f9e1347e1e74f783bce8b98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860315", "to_ids": true, "type": "sha1", "uuid": "1315bb77-830a-42dd-a3d2-bab770a581ac", "value": "eb07786d5824200587a4475639708084e1cf1790", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860315", "to_ids": true, "type": "sha256", "uuid": "65f6dde1-fddf-444a-8b45-ef367696deb6", "value": "2c05a4858026d39ba99960372069fbc7e5d1a2b8767a38bac0fe9e25306c5845", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830344", "to_ids": true, "type": "ssdeep", "uuid": "f73d6621-bbfe-45a3-89a1-5c2ec910d51c", "value": "6144:mAbgzVRFlvNXJ4KA0gH6BI0FnldXGVitBwJgeMK+Rbu:mAbGFlvNXqnuVnldjBwJg9bu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830344", "to_ids": false, "type": "size-in-bytes", "uuid": "075d33c0-132b-44d4-a844-2bc80e2b779e", "value": "256466" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830344", "to_ids": true, "type": "vhash", "uuid": "cf52536c-536e-46bf-8fbe-f486cc39afdb", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830344", "to_ids": true, "type": "filename", "uuid": "2339071a-9794-48dd-930f-51b028760e6b", "value": "2c05a4858026d39ba99960372069fbc7e5d1a2b8767a38bac0fe9e25306c5845.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 16/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830344", "to_ids": false, "type": "text", "uuid": "15d8f369-acaf-4158-b775-6d5d9f1e49bc", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860316", "uuid": "fd363457-31b8-43bb-86c1-cd8f66e78f26", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860316", "to_ids": true, "type": "md5", "uuid": "0d541902-cdbc-48d1-9910-0b8a797c7830", "value": "4e03ee9905a4d001054f460d8797d967", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860316", "to_ids": true, "type": "sha1", "uuid": "225f362d-c094-4d2d-9ddf-059fae8a83b7", "value": "acef24a5108112beae12b13d761cc90d312fe8ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860316", "to_ids": true, "type": "sha256", "uuid": "681d94f9-2353-43d1-b55e-e4d8a3d8cccd", "value": "68fc7d61f94da8e775120d3fe0aa112f1db96ce21a54a70a5fc211e8d5dbc6b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830366", "to_ids": true, "type": "ssdeep", "uuid": "d0782e1e-df0d-4fc4-a78d-b3eaae5cbc2d", "value": "6144:KRCFvi+IIXXyWliq3DC23j6wFwRGVhAW26DWNyYmN:KRCFK+PyWH3DN3TdAW1DWYFN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830366", "to_ids": false, "type": "size-in-bytes", "uuid": "d0b331d0-9be9-45eb-a46e-917649b39e60", "value": "256419" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830366", "to_ids": true, "type": "vhash", "uuid": "50b39e1a-7990-428a-9404-0fe549aca612", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830366", "to_ids": true, "type": "filename", "uuid": "e75ef540-577b-4bc5-a18c-91578f43edf8", "value": "68fc7d61f94da8e775120d3fe0aa112f1db96ce21a54a70a5fc211e8d5dbc6b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830366", "to_ids": false, "type": "text", "uuid": "acb8f755-0b71-4005-9da6-2c2e59ea40fa", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860317", "uuid": "58e9ea09-5481-4393-9330-935e2799bdff", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860317", "to_ids": true, "type": "md5", "uuid": "d5d86663-2a18-4afe-bd2a-6eafcaf85a32", "value": "fc0582eb562be1274b146b9e72acf68e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860317", "to_ids": true, "type": "sha1", "uuid": "2fac5711-d68f-4160-8622-19f0b9e890b7", "value": "acbb73d57c5dcd4423905a83b64b04247dac2494", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860317", "to_ids": true, "type": "sha256", "uuid": "15200f54-83a3-48ec-a1da-83fa1bb81ae6", "value": "4ddcd49acbbb84e83cddf6b9a6124a3f6e93950f81f4ebeaf6b5d6ad98c7e0b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830387", "to_ids": true, "type": "ssdeep", "uuid": "dc790cb0-0e21-40e5-af32-63c42a97f5f1", "value": "6144:t6tXVvBp0MZYV7Vompohx99ZJZIFe1cG79ChDfOPDU/mjVqi7dLxIe5vWDO7mUDf:t6tVsnpe9PyG79ChDfYQKn7ddIepWy7f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830387", "to_ids": false, "type": "size-in-bytes", "uuid": "47b9f4fa-7c10-4512-86d2-daa157596d73", "value": "256420" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830387", "to_ids": true, "type": "vhash", "uuid": "22d31258-54d5-468a-99f7-6bfc13323cf2", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830387", "to_ids": false, "type": "text", "uuid": "9cc032f0-cf04-4c21-83dd-f4199f4b0559", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860318", "uuid": "1869127e-ba35-49f7-b806-add0d9a1b6bd", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860318", "to_ids": true, "type": "md5", "uuid": "064dab6d-ffbf-4472-8b66-8c275ea126cb", "value": "b290a42c5202ac591bb4adc8c3d95362", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860318", "to_ids": true, "type": "sha1", "uuid": "d7e38516-e6d9-4bf2-a890-1ca71110da4c", "value": "df1065d17799fce30a64ca05e91512b45af4e58e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860318", "to_ids": true, "type": "sha256", "uuid": "25a23f4a-5d28-481b-9c71-9bfe2978b019", "value": "063fc1561263188ae68aae3de890868cfa720e182e29c2d2ab4af1ee3f2c6161", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830408", "to_ids": true, "type": "ssdeep", "uuid": "d091570e-e44e-4887-a76d-85e0e29484ad", "value": "6144:bYDl282XLgOdM5y3O84M1gD/+9jnwcgFg3oOBQnu4K/LnysK:bYD08KEMO9MNj3leu4mysK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830408", "to_ids": false, "type": "size-in-bytes", "uuid": "b6575bfd-666d-4df0-81c5-692eb567fd36", "value": "256419" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830408", "to_ids": true, "type": "vhash", "uuid": "0cb0143d-ebb6-4bbb-92f1-84214981c9d7", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830408", "to_ids": false, "type": "text", "uuid": "1b17d33e-6424-4144-bc5b-e0dccb9b0b94", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860319", "uuid": "018d314b-18ee-49fb-b053-1962718b0e9f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860319", "to_ids": true, "type": "md5", "uuid": "fae176b8-6d11-4b75-8dfb-489426042e4f", "value": "2239490d2591e00c229618a9f7080ab6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860319", "to_ids": true, "type": "sha1", "uuid": "926b63fe-c307-4b7c-8fd7-60711fbcc564", "value": "56c7e64cda3c557443675505e46508a386007137", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860319", "to_ids": true, "type": "sha256", "uuid": "28e92d4a-71c6-4543-8333-b2b90997b514", "value": "ccbd8ae938a147e909993c587a4e6558e3461d5fc9aa8d734e3eedd4b285931b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830430", "to_ids": true, "type": "ssdeep", "uuid": "9404f225-0ed8-4d90-84be-d9e07058a4e9", "value": "6144:BdHcNVLvuoCTT+S97T32yeLzqI6PN8Qs+fYvU48HLRWTCAiG:3Hc3vtCTdzWLR6FWEYL8H1sSG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830430", "to_ids": false, "type": "size-in-bytes", "uuid": "5b223638-0675-453c-b640-1e59c7cf03e6", "value": "253480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830430", "to_ids": true, "type": "vhash", "uuid": "9adf44d3-80b0-4a10-a6e2-17a3eed980d4", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830430", "to_ids": false, "type": "text", "uuid": "29379cb1-d61f-4121-907c-4d8f16d3a10f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860321", "uuid": "bcd17e10-599e-4ca7-86cb-0e52a9c2f094", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860320", "to_ids": true, "type": "md5", "uuid": "b16ac84c-d466-4b61-8f05-74383dafdbf1", "value": "526a82d7e95c5096434ca26428695bdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860320", "to_ids": true, "type": "sha1", "uuid": "d6844485-474e-408c-9822-ed840d1c6d04", "value": "a43ea877ea9023ee06232df7eb5437d7a4fd44d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860321", "to_ids": true, "type": "sha256", "uuid": "9138abda-5f74-4ba4-8184-18678ac3aecd", "value": "7d05498466c0af259c1141a5005685f91565f14931e4a995d40019c70b152d4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830451", "to_ids": true, "type": "ssdeep", "uuid": "a2483d6c-fc5f-4af8-a046-4258fa830567", "value": "6144:6r0SwNoQDYQzj3gCa1yT12TKiWoxK7ZJp7M0Ah5g:6r0SevB41yTUOxo87Zv79q5g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830451", "to_ids": false, "type": "size-in-bytes", "uuid": "4f6eb03f-ccdc-49e0-b22c-26323f3246b8", "value": "253470" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830451", "to_ids": true, "type": "vhash", "uuid": "41d4fbe5-eb39-4a11-8c56-714804de6783", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830451", "to_ids": false, "type": "text", "uuid": "57374a3c-b953-446c-8b7c-bc9d81680dc3", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860322", "uuid": "c79ee322-87e1-47c7-a24e-be804fa98f73", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860321", "to_ids": true, "type": "md5", "uuid": "dc6c8f09-76c1-4009-b380-5c2d88b6348a", "value": "4b133aa914f41bf0405e7ab590c3d661", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860322", "to_ids": true, "type": "sha1", "uuid": "823e0231-0c66-4d80-a164-53d1edfc75e5", "value": "0bbf816097726fadb83d5ccb9ad38505c4d8ddcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860322", "to_ids": true, "type": "sha256", "uuid": "4e9556f7-468e-4814-b7ba-3f6230927299", "value": "73938a9912f37badf6cfde38e5f6259672a0bf1a353c7def9e50e01202718ea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830472", "to_ids": true, "type": "ssdeep", "uuid": "6c546f51-29ac-4cf3-8658-618a68f4ef9e", "value": "6144:p742TIBlqjDFAqMKK28TdAB3tOX4czvz3R1JRA5J:p74l/qjByd28BO9OXL3RTRA5J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830472", "to_ids": false, "type": "size-in-bytes", "uuid": "64b75a32-2cca-45fe-a87e-106ba57a0bb1", "value": "253476" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830472", "to_ids": true, "type": "vhash", "uuid": "57bdf041-a2a4-4cf6-8113-0f1a258a4e68", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830472", "to_ids": false, "type": "text", "uuid": "a1b22eb2-0a73-48ac-8d4a-4c819c418b4e", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860323", "uuid": "bcbacd60-75bf-4802-ad44-523f1d31702d", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860323", "to_ids": true, "type": "md5", "uuid": "f6d4c671-d90c-43bd-9397-1e7377a4941f", "value": "d5a34a59c16f1d147eb84e5eebf663a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860323", "to_ids": true, "type": "sha1", "uuid": "1af3b6fe-e23a-4f8d-8cc3-73a2a9cff3d0", "value": "f3eff26dec1fb7c1eadd7ff5cd52f51616407abf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860323", "to_ids": true, "type": "sha256", "uuid": "de715b13-81f8-45e1-ac0d-cade22c0c2dd", "value": "e067291af19a8e1b84256aafb27e218901d62598f4937cc59e3e3b468db35912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830494", "to_ids": true, "type": "ssdeep", "uuid": "40a469e0-e35b-4516-b725-6901f52b7b46", "value": "6144:H56RvPZxgq57ItWC91yeGvLGKd9xvfeWZ2sk6w1:H56tZCq57EV91yeAd91rVdw1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830494", "to_ids": false, "type": "size-in-bytes", "uuid": "9c6a7f55-b50d-4cf2-b6dd-8e756d5f5070", "value": "256495" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830494", "to_ids": true, "type": "vhash", "uuid": "3ad78457-eef4-42a5-88c3-526434127a03", "value": "ea1c13beb8f0d27d6d6234526f922680" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830494", "to_ids": false, "type": "text", "uuid": "d0d8ef87-9dcc-4e8e-be8e-67b8cd5316a1", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860324", "uuid": "4a841969-a712-4a30-b9a1-369229b991b6", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860324", "to_ids": true, "type": "md5", "uuid": "ce4385b3-0dd8-4ad8-8011-1ef0d1829e86", "value": "84b5eee4ee81bae68d5f51579ccef64c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860324", "to_ids": true, "type": "sha1", "uuid": "dd194eb7-cd02-47fb-b7c4-0511c098df16", "value": "2a2693509b0eb12436327f3d93b4c0292d301da7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860324", "to_ids": true, "type": "sha256", "uuid": "c4efa65b-5c7f-4b2b-8ece-47764074a2c8", "value": "9a5d9bb84d79f5e7b345445dc6eb2afe4543b4372cf929842942c6158a652ccd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830515", "to_ids": true, "type": "ssdeep", "uuid": "f53fc15a-7335-4f2b-9c32-f9d3e562e7b3", "value": "6144:pDDRD0pDwLkFhfJZ3O6/HS2WHNzaMYP+/YB509R4zYmpsTW:py6EhfO6jMZYP+/g509RtmOTW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830515", "to_ids": false, "type": "size-in-bytes", "uuid": "168e3ed9-df98-4648-9266-79ae98bd998c", "value": "283343" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830515", "to_ids": true, "type": "vhash", "uuid": "7230d4a7-b6fe-47a0-bed3-3210e6beeb28", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830515", "to_ids": true, "type": "filename", "uuid": "0ad8a8d9-0292-41f6-8af4-2b7e8615ea09", "value": "84b5eee4ee81bae68d5f51579ccef64c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830515", "to_ids": false, "type": "text", "uuid": "c1edf3ad-9fdd-4137-a9bc-be8069f4c00d", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860325", "uuid": "4f5cefee-042d-4aad-a19e-074ef807ad6f", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860325", "to_ids": true, "type": "md5", "uuid": "7cb1a194-7ec2-4358-b712-fed74e4ef87f", "value": "ef6fe22a114327a75ee9be73ea3dd1fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860325", "to_ids": true, "type": "sha1", "uuid": "52028f95-ed9c-4d0d-89e3-4ed487c9375f", "value": "824999bf3e1ebfa77aefef1b557072779a6a625e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860325", "to_ids": true, "type": "sha256", "uuid": "b542a432-fb61-4494-86d8-cbc6b19ab73b", "value": "ed3ccf37db6e23ee6a040576f9addff8e7a21d1adf36b9fcbe22896edf5cd71a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830537", "to_ids": true, "type": "ssdeep", "uuid": "3e2f7d09-3508-4235-a4c2-6df598176aa1", "value": "6144:YHDZD45DdHSOYOA5F7aAdes+nVDDioRf7vni8XjlqE2wBufKgTbZ:Yejcv5e5H9f7vn9lXN4fxTbZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830537", "to_ids": false, "type": "size-in-bytes", "uuid": "77b5c4d8-21f3-4213-af65-e8c563d576e2", "value": "283306" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830537", "to_ids": true, "type": "vhash", "uuid": "201666e7-5e20-4d3e-9b91-beda61305bc7", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830537", "to_ids": true, "type": "filename", "uuid": "8e093877-1b9f-4753-a45a-88b2b47fff4b", "value": "ef6fe22a114327a75ee9be73ea3dd1fb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830537", "to_ids": false, "type": "text", "uuid": "44e98632-6446-44ad-89d4-c8df858ef56f", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860326", "uuid": "3b9530b9-561c-4eb2-a7b8-a032ce7307b9", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860326", "to_ids": true, "type": "md5", "uuid": "9c8085d3-779d-4865-ad0e-f350a5350881", "value": "5b6baa6510f3c30ec168c21f2b2203f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860326", "to_ids": true, "type": "sha1", "uuid": "ad58b5ad-4338-48ec-9160-bce15f60efa2", "value": "576204b0c4fd237afe61c208bcb39d95028c92f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860326", "to_ids": true, "type": "sha256", "uuid": "82a480c5-b6d4-4af5-81e7-55e46c998fd6", "value": "3f8d170429fe2534478f2a8221e41dc2f98c64282d74862dad1e57672beab97f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830558", "to_ids": true, "type": "ssdeep", "uuid": "f370162b-fcbc-4acd-af8b-587e183e353a", "value": "6144:9NPfhwHZHtUtbom08m3V2mDfMY13sJcExI8/P2HYAeLETNZJAJ:9NPpwbs0em3EjYV8R/P1AeLETNZqJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830558", "to_ids": false, "type": "size-in-bytes", "uuid": "43c26474-3d18-485a-999c-719228b1c6a3", "value": "320595" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830558", "to_ids": true, "type": "vhash", "uuid": "8c99f6fe-f6d4-44d4-a46b-76cda644cba6", "value": "29eea7c9aabf91e4e862da4b0b58eebe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830558", "to_ids": true, "type": "filename", "uuid": "01272563-d94d-457e-9ad7-89fd63183d1d", "value": "androidmap.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830558", "to_ids": false, "type": "text", "uuid": "552e71c9-c96d-40f6-8813-5862e371d251", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860327", "uuid": "737df579-72dd-4194-8b7c-938da0b26020", "Attribute": [ { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860327", "to_ids": true, "type": "md5", "uuid": "fe43aa09-caaf-4c9e-948e-f673b4332a33", "value": "6491049cf831147e4137195c5e50f4ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860327", "to_ids": true, "type": "sha1", "uuid": "7d1d1f73-4b92-4d04-bbd5-8a4a00d84db0", "value": "31e5548b0c74acbc0f49c8a6984861f0cac9e862", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "CarbonSteal", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860327", "to_ids": true, "type": "sha256", "uuid": "54f5efc4-2292-45f7-bea1-edf1dafd330a", "value": "2a423f65be78b49b33d31197737a67ce51ebde3162013f7636e0abb329231691", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830579", "to_ids": true, "type": "ssdeep", "uuid": "fec659a0-0456-4c5d-9a9b-192da2fc6b9c", "value": "6144:E4DKD86D9ZByGB8kYDB9w+BOe1TZ3s9wKX+/YBHkJAF:EYAByGcN9w6OejoX+/gHkJAF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830579", "to_ids": false, "type": "size-in-bytes", "uuid": "8c8f310b-e379-4086-a9d0-9d0dce8ee565", "value": "283317" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830579", "to_ids": true, "type": "vhash", "uuid": "7333689e-1876-4454-9446-b3048f07868c", "value": "452c8773c05d921bad6495929bdb504f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830579", "to_ids": true, "type": "filename", "uuid": "492ba498-d7b8-4ba7-9b82-5fd351533247", "value": "6491049cf831147e4137195c5e50f4ba.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830579", "to_ids": false, "type": "text", "uuid": "a4dae3ff-4c1d-4d76-a0fa-efbe46132795", "value": "CarbonSteal\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/InfoStealer.B!MTB\nVT Total Detection:34/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860329", "uuid": "141b60eb-eafe-499c-af22-03b5a905c45b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860328", "to_ids": true, "type": "md5", "uuid": "9011f5b6-3540-457f-bac0-ece67c584725", "value": "ed6fe6fe50f8cc45f8e119ba6035a101", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860328", "to_ids": true, "type": "sha1", "uuid": "dc564f8a-d555-494f-85b6-adde1c4c5b2c", "value": "d39eb56dd1e7e374f542fbc6cceca48faac65dbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860329", "to_ids": true, "type": "sha256", "uuid": "fccf941d-31d6-44aa-82a7-ac66a2ccbd76", "value": "606628a20a3c16372483ddba1dd5e47bcf3dcbf922011a2c47385d61143cb6ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830601", "to_ids": true, "type": "ssdeep", "uuid": "397bb263-27ec-4fc3-b1f7-8968f7624f9b", "value": "6144:Jmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vh:gZIRxcGKFcYrs5qrtLAiCitvwh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830601", "to_ids": false, "type": "size-in-bytes", "uuid": "ac6f217e-6453-4c63-ae61-0045935bb06d", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830601", "to_ids": true, "type": "vhash", "uuid": "dc58335d-aca2-4480-be69-9679300404b3", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830601", "to_ids": true, "type": "filename", "uuid": "dd069b55-507a-411a-912d-0ef72e7c8e03", "value": "606628A20A3C16372483DDBA1DD5E47BCF3DCBF922011A2C47385D61143CB6AD.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830601", "to_ids": false, "type": "text", "uuid": "e541d677-2b2d-4ec4-b3d3-9bc80e25bda7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860330", "uuid": "4688d627-9783-4cca-9165-b715d98a58d8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860329", "to_ids": true, "type": "md5", "uuid": "8a62b9c5-152c-4faf-a66f-cb032efdbbad", "value": "403edcf0b316ac318513667e8558240f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860330", "to_ids": true, "type": "sha1", "uuid": "64faba74-3b86-4e62-a2d1-053fc0c468b7", "value": "229a774230216514185388ed3855cafc63facdd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860330", "to_ids": true, "type": "sha256", "uuid": "66bc023d-86b5-44ad-bd0e-f9f547f5cfa1", "value": "a4826a178e8a96db7ec50f6f87f22cdad549cefbaabd9fd9f0190a40f7ff270d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830622", "to_ids": true, "type": "ssdeep", "uuid": "bcd1865c-96cd-44c1-9723-4d9d2e5ebf44", "value": "6144:Hmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vf:qZIRxcGKFcYrs5qrtLAiCitvwf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830622", "to_ids": false, "type": "size-in-bytes", "uuid": "5458e479-72bb-47e1-b974-e51c6a398b80", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830622", "to_ids": true, "type": "vhash", "uuid": "ae2a9d7b-2234-4a14-96fc-5d5e45dec3e7", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830622", "to_ids": true, "type": "filename", "uuid": "3e390ad5-8f91-41e5-a35c-138a98c8ed71", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830622", "to_ids": false, "type": "text", "uuid": "8d7d54a4-07cf-4fa7-9272-96d43dc7d912", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860331", "uuid": "398e74dd-57b7-4ef7-92b2-2af26d51805b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860331", "to_ids": true, "type": "md5", "uuid": "ba79bdcd-057d-41fd-9d36-ea184f9ea18c", "value": "750ea11f9f88f652a5d9f35af06f50b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860331", "to_ids": true, "type": "sha1", "uuid": "a9b6acf0-07d4-41fd-8a94-6038b4a29ed3", "value": "eb9b518bff0e5b215ca77f9bb63f575035099286", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860331", "to_ids": true, "type": "sha256", "uuid": "27aa3b15-ff7e-4ac3-8338-89f90e23c8d2", "value": "b395c4c0512c8aefe2a7a83a90f98b47912ade62369cf8ebe83854daa885d407", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830643", "to_ids": true, "type": "ssdeep", "uuid": "7c64aead-3f6c-4b0a-966e-b5fe85c689dc", "value": "6144:wmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32v6:FZIRxcGKFcYrs5qrtLAiCitvw6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830643", "to_ids": false, "type": "size-in-bytes", "uuid": "9f2b60fe-a67f-4310-8787-d4db289b8d16", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830643", "to_ids": true, "type": "vhash", "uuid": "4908904f-c9a2-4122-8302-12bd5c3a7256", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830643", "to_ids": true, "type": "filename", "uuid": "042c4d74-089e-4466-8617-b32a99e89911", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830643", "to_ids": false, "type": "text", "uuid": "487e0aa5-9120-45f4-b4b2-ad2b991138f6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860332", "uuid": "06769c8a-2651-4c60-90a8-83104feb6d58", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860332", "to_ids": true, "type": "md5", "uuid": "e0ec42ad-f0d2-42cd-8abe-b0aed7fb01f7", "value": "be7114db6b239e85a0eabcadbb85ab3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860332", "to_ids": true, "type": "sha1", "uuid": "19709b12-f35b-4c43-8ac9-c34ebf525e61", "value": "17d98e02304015b066f613c9bf697a372019e0bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860332", "to_ids": true, "type": "sha256", "uuid": "58429c27-546b-4437-af02-6308e8a6be4a", "value": "169e07cd6056e8dff85c87275aae891de74f264adafa112d0a836a1a3852565f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830665", "to_ids": true, "type": "ssdeep", "uuid": "a4bb38b9-d861-4e2a-9a3f-0b88107d95cb", "value": "6144:Emn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vC:5ZIRxcGKFcYrs5qrtLAiCitvwC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830665", "to_ids": false, "type": "size-in-bytes", "uuid": "71ed1609-e026-406f-ba60-6fe66c8bf318", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830665", "to_ids": true, "type": "vhash", "uuid": "332665d7-2f98-4e43-b22b-49548d420fa5", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830665", "to_ids": true, "type": "filename", "uuid": "17a5e3e0-ff7b-476d-9410-1e399370222b", "value": "169E07CD6056E8DFF85C87275AAE891DE74F264ADAFA112D0A836A1A3852565F.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830665", "to_ids": false, "type": "text", "uuid": "416430c2-b385-4f85-85db-03538babeb57", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860333", "uuid": "16b60009-482b-48bf-8168-3314bf098adf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860333", "to_ids": true, "type": "md5", "uuid": "60069f31-9cb9-49ac-80a4-0297be0dcc7e", "value": "2184192508b87f5cae1f48098e809014", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860333", "to_ids": true, "type": "sha1", "uuid": "c537b315-c431-4c9d-96c0-04294cd38516", "value": "198b7853a0aa0516a4d3e243772812fc17347681", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860333", "to_ids": true, "type": "sha256", "uuid": "001d2003-81b5-4ffc-bcc1-8b1148ba6992", "value": "ffb6e726b59900f51d92a6cdd39ce7de09438beea2599b669cbd7a6c33833f7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830686", "to_ids": true, "type": "ssdeep", "uuid": "4fc235ea-6bcf-4f15-8263-e6f0e7af9480", "value": "6144:xmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vh:YZIRxcGKFcYrs5qrtLAiCitvwh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830686", "to_ids": false, "type": "size-in-bytes", "uuid": "bcb1c442-668f-402a-88b9-6b661e8eefbe", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830686", "to_ids": true, "type": "vhash", "uuid": "3de9111d-dffc-4d3e-9ac6-fdce6916ed12", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830686", "to_ids": true, "type": "filename", "uuid": "ea2df3e0-7404-4c02-82de-0cc385411c84", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830686", "to_ids": false, "type": "text", "uuid": "2113fcec-23ee-4ede-a2dc-5d4a5da2c295", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860335", "uuid": "61b8db18-674f-4b2d-b601-239d88b79141", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860334", "to_ids": true, "type": "md5", "uuid": "8b6a4fe2-16e5-457d-ad61-945bccc61694", "value": "33501dda79cb001a9eda8094fabaa794", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860334", "to_ids": true, "type": "sha1", "uuid": "db43bef0-fdd3-4429-98d4-4c2abada1df1", "value": "e8fdb2ed0c9bebb60cf2e7411adbccb40490b5a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860335", "to_ids": true, "type": "sha256", "uuid": "e1a2d551-aec1-4682-b8e6-0e68d4bbe335", "value": "e15e8c2cd55bbf736fd31b0be5485457ca53f287b4bbdad4ccad020bf69ee083", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830707", "to_ids": true, "type": "ssdeep", "uuid": "40791312-0329-478a-89a9-3338bf033a78", "value": "6144:cmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32v6:hZIRxcGKFcYrs5qrtLAiCitvw6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830707", "to_ids": false, "type": "size-in-bytes", "uuid": "63d49dc4-039a-4321-95c2-5cb454454e23", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830707", "to_ids": true, "type": "vhash", "uuid": "b2f99fe5-6da2-4255-8f0d-eb88931168e9", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830707", "to_ids": true, "type": "filename", "uuid": "933ef61d-7e36-4369-a9c7-4a3ea7fefbe0", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830707", "to_ids": false, "type": "text", "uuid": "4e51000d-7de2-4e38-b324-20a8b5509a47", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860336", "uuid": "b228d826-6b47-4940-901d-2d18a3c1b23b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860335", "to_ids": true, "type": "md5", "uuid": "f9ef2bf5-647d-45af-9804-ce6163793317", "value": "011e519c0c825710749844d966ba77a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860336", "to_ids": true, "type": "sha1", "uuid": "3cda1127-6855-4eed-b8bd-2b03d216f51a", "value": "e8b7649ccf05323712661b80e44b7cd10cb0cbeb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860336", "to_ids": true, "type": "sha256", "uuid": "7fcd5db8-5fd3-4f36-992c-f8952ebe66ca", "value": "159b658538a0c0f0cc718f61f981f51d53b6718a3f57d0f66adb6c6951f52983", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830729", "to_ids": true, "type": "ssdeep", "uuid": "0a288b22-0f48-4dab-8065-2ec603b3def8", "value": "6144:Rmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32v9:4ZIRxcGKFcYrs5qrtLAiCitvw9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830729", "to_ids": false, "type": "size-in-bytes", "uuid": "6ae8a799-1e1f-4d78-b86d-ff744d02b614", "value": "292268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830729", "to_ids": true, "type": "vhash", "uuid": "fa0762fe-5c69-4bd3-a9b9-1bd222a96553", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830729", "to_ids": true, "type": "filename", "uuid": "7ef854b9-5c9e-4112-a709-db3b60ad9a16", "value": "159B658538A0C0F0CC718F61F981F51D53B6718A3F57D0F66ADB6C6951F52983.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830729", "to_ids": false, "type": "text", "uuid": "dfa1283f-a4be-4aa6-acb6-ebb1607baa52", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860337", "uuid": "228de2b9-33a4-4aa0-924a-8c2ba93b77dd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860337", "to_ids": true, "type": "md5", "uuid": "321b5144-90fb-464d-b97e-a86c5caeff27", "value": "344b760d8b6ae6edce14dedff7376a4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860337", "to_ids": true, "type": "sha1", "uuid": "2b868bea-112b-4a69-bfbe-6b9fc85b7ac4", "value": "fe1bafaa0608c3f1d188394e9c0140f1a0714f3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860337", "to_ids": true, "type": "sha256", "uuid": "b64644c3-a74b-43c3-8b27-0f2d099db9bf", "value": "d661929c050b6b0605116b42a5daac1d165f8261549931b2b20123301866a461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830750", "to_ids": true, "type": "ssdeep", "uuid": "06bc4bd4-66d3-4d82-becd-8dd4ffccf104", "value": "49152:K7if7OAR9bxwuIdsHhSa7VZfkqf4qjQJtTUP/6ykHJd07bPEkBX6ySnuJYsXQ:Zf7OAnxwPdUhNkqfd8tTC6NUPEkgySnR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830750", "to_ids": false, "type": "size-in-bytes", "uuid": "edf14d0a-61c3-4140-b7c5-299b6f9b6d46", "value": "2558672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830750", "to_ids": true, "type": "vhash", "uuid": "397501af-21b2-4a04-a2c2-b07bf964816a", "value": "d8de343ca4f619fc6b39045b546a2774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830750", "to_ids": true, "type": "filename", "uuid": "79304330-f186-4299-92d4-58c117a79287", "value": "ucsvc.exe" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830750", "to_ids": false, "type": "text", "uuid": "a83a58a4-e4d1-4899-a7bf-8c35cc902a3b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860338", "uuid": "de601e9a-1f9e-4f78-b97a-a0a303120414", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860338", "to_ids": true, "type": "md5", "uuid": "5c6d008a-5cd2-4ab1-9950-0c5c57d8a30e", "value": "46ba80162c2635e81fd9aeb49bf9cbdc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860338", "to_ids": true, "type": "sha1", "uuid": "75f4a3a6-2da2-4969-88f4-1968a52ae569", "value": "67b4833325bb9d45c4c44c81cec1d00fb9a43c6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860338", "to_ids": true, "type": "sha256", "uuid": "8e3b8f9f-e6af-4d8e-b8cd-43dfc587cb5e", "value": "e630dee86b8f7438e43faa2417b890396760a531026ce98d187832f53bf884ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830771", "to_ids": true, "type": "ssdeep", "uuid": "7300b950-5dc5-4679-afe2-7e645d9b6d57", "value": "98304:8mlr2XrDXgzGDe2dPIwqX2fCSUuxd6ZKENXYsTCK7hA85vbNuF+H:8mZ27jCEIwqX2fCSUQvENXYsuYAcD8E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830771", "to_ids": false, "type": "size-in-bytes", "uuid": "ca665401-d394-4098-abdc-6140faf3e45f", "value": "5592049" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830771", "to_ids": true, "type": "vhash", "uuid": "20a883cf-6b32-4bb9-882a-472585a59d5a", "value": "81d687e73eb0757d17abc1fbd79aa48a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830771", "to_ids": true, "type": "filename", "uuid": "dd332cbc-3ec6-4289-9a96-09fd866f430f", "value": "dab5f81d89379e7ab9faaf75af6b8be75de21bc8dc32bc64081565d8a3725917_3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830771", "to_ids": false, "type": "text", "uuid": "cc804251-8581-41b2-96d8-5c9129b53481", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860339", "uuid": "56e9ca32-c478-4cd2-a975-b53b2a446622", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860339", "to_ids": true, "type": "md5", "uuid": "001e912c-2fdb-437e-9a2c-8fb5f2ba447f", "value": "1897d3447177fb9ff8a5414cd0866c10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860339", "to_ids": true, "type": "sha1", "uuid": "25a9b242-eff3-43d4-b41d-86b0a88c732f", "value": "dce7baa3f526468af18ac2d8edb262c1edcfa32e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860339", "to_ids": true, "type": "sha256", "uuid": "f5d50191-b066-4f5c-a64d-aff1775da912", "value": "2cba9508af8fae7c5ed06515bc363873265bac72f2358fddf5ba14e80a8e3d7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830793", "to_ids": true, "type": "ssdeep", "uuid": "b86692de-393f-4bf4-bd4e-c149e24d55ce", "value": "6144:1eOM72X+yoM9a/5XiN1cOBeR4ljs1IDi9pTUFmJaY/a4Hgb2:1Qdu60bBoqsW+/UFmJY462" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830793", "to_ids": false, "type": "size-in-bytes", "uuid": "1189ca31-b599-4d53-9bc3-8e06516cc92b", "value": "326880" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830793", "to_ids": true, "type": "vhash", "uuid": "944d75fe-f33c-4ea1-9be0-1a5e2fe50dec", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830793", "to_ids": true, "type": "filename", "uuid": "7c92c08a-c450-4d9f-8c0b-9d591c0a6f2c", "value": "2CBA9508AF8FAE7C5ED06515BC363873265BAC72F2358FDDF5BA14E80A8E3D7F.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830793", "to_ids": false, "type": "text", "uuid": "0d785024-9e4d-452d-a6cd-a477eb1bc59a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860340", "uuid": "0bfea8c0-721e-41e6-b6b7-09b840091a83", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860340", "to_ids": true, "type": "md5", "uuid": "836b2076-6d68-4b51-8c05-7f9bf609e188", "value": "cd80b56ef87f1cea5fb529a11dcb389a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860340", "to_ids": true, "type": "sha1", "uuid": "9f5f8b2f-b248-4712-8e49-70143b992ef2", "value": "8c944305cf372f06ce0d7f306967f7891acab8b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860340", "to_ids": true, "type": "sha256", "uuid": "4ef8722f-e341-401f-84b5-08f8ae7b5a61", "value": "c204c8cd98cdde64c3029ee7e88bc267182bebf627dbf7c3e0dc4effb7485ec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830814", "to_ids": true, "type": "ssdeep", "uuid": "68792b4b-e09f-4dce-9439-239cbd61b0cc", "value": "24576:WpXEGbhZRdU1fUnf7MnmRYalUvu5Ij7XIrwP+C:W9E2hdU1K7MnmRYalUvu5Ij7XIrwP+C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830814", "to_ids": false, "type": "size-in-bytes", "uuid": "8b28b163-2007-44ed-a65c-01b302997481", "value": "817452" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830814", "to_ids": true, "type": "vhash", "uuid": "4de59d0f-15bf-4f97-8a65-04cf2e8f08d0", "value": "8626db66c4a11d53be9a566c72f7b25a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830814", "to_ids": true, "type": "filename", "uuid": "3af2d42d-73f3-4ea1-9f44-9427110c4b36", "value": "d54e5aafaba50170c9fc3c65358ccb3d77e995931d263d13e2bb9d013339b4db_3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830814", "to_ids": false, "type": "text", "uuid": "7c076f6c-48ef-4c48-a7a7-2a344e132d94", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860341", "uuid": "2584575a-2135-4f03-9574-d4ed1f7c92a4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860341", "to_ids": true, "type": "md5", "uuid": "641b4356-d8ad-4b74-8834-7f406bc754c9", "value": "da966747aa9c88cfc9c983ddefe23fb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860341", "to_ids": true, "type": "sha1", "uuid": "e2cf43ba-fab5-4893-98db-3be8df40f540", "value": "ad13ec3a6761e5f31b7b4726068ed6b4ca268086", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860341", "to_ids": true, "type": "sha256", "uuid": "2370d024-b8e2-4746-b8fc-6b110ffcdad3", "value": "58ca5bb256b7e4a68a3d45323a2ea1f4bc0b04abb2c670fdb4614b5ee38e7d7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830835", "to_ids": true, "type": "ssdeep", "uuid": "4004849e-3da5-46db-ab33-23ce6d41517c", "value": "12288:flksqHNfJoVoCUJFnfnhKzfIRu9JMunjUGFAl5cDWV3v:NWtJoVojJFozQRu4YfFAlHV3v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830835", "to_ids": false, "type": "size-in-bytes", "uuid": "5675dcb6-c81d-4e1c-b5de-c1f64e0ddeaf", "value": "422407" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830835", "to_ids": true, "type": "vhash", "uuid": "08e4bb61-f0b6-4051-bc1f-d599aa1d57a1", "value": "b6421121f042a9af2bc6b7d0f7f1d13b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830835", "to_ids": true, "type": "filename", "uuid": "64827593-f258-430d-8401-e7ebb6abfb85", "value": "58CA5BB256B7E4A68A3D45323A2EA1F4BC0B04ABB2C670FDB4614B5EE38E7D7C.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830835", "to_ids": false, "type": "text", "uuid": "dffd286b-fb2e-4894-ba25-ec58bd4b277d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/DDLight.B\nVT Total Detection:38/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860343", "uuid": "cb7cac7a-ca26-4720-b6a5-f37c70acbf8b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860342", "to_ids": true, "type": "md5", "uuid": "92c0b362-0440-4b62-84fa-4c44a39616c9", "value": "410565be023b57f72bfb077dcab3af75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860342", "to_ids": true, "type": "sha1", "uuid": "ec6a9703-cd3d-4290-88e3-886e43b7688f", "value": "f30594053f73be9823130a1fb4048efbae17a116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860343", "to_ids": true, "type": "sha256", "uuid": "a090915b-5e69-4888-a27f-8dbb3b536621", "value": "2e0a11223c3f7e82ee83fc0be0538e1ead431fd873c376b6e86d83a6e590eacf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830857", "to_ids": true, "type": "ssdeep", "uuid": "768928e0-d9b4-480c-8900-be7ea066b85b", "value": "24576:v61UvDkSTDcgdoyULl1SfTYfD0/gejUCfINp00NZfaD:R0UUJ1SfMfD0/gnCwH0eZfaD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830857", "to_ids": false, "type": "size-in-bytes", "uuid": "08f3358d-c301-437b-9397-f59b1914c8b4", "value": "989210" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830857", "to_ids": true, "type": "vhash", "uuid": "debc775c-1481-4f83-af57-daeecca8c038", "value": "5024088993719112f4c483d6a39b9052" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830857", "to_ids": true, "type": "filename", "uuid": "948114f4-167c-4ac5-8ba8-958e111e6475", "value": "2E0A11223C3F7E82EE83FC0BE0538E1EAD431FD873C376B6E86D83A6E590EACF.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830857", "to_ids": false, "type": "text", "uuid": "e572c311-a535-42db-bff6-ae7e36a3ea4a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:37/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860344", "uuid": "a4a88e6d-eb48-40c3-a05e-36ce5f57eb3e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860344", "to_ids": true, "type": "md5", "uuid": "afd6e55c-b469-431d-921f-3d8d9021a092", "value": "83db146dc900258acea6c7e36f112559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860344", "to_ids": true, "type": "sha1", "uuid": "98505db7-96ce-4645-b9ee-7ad66a528f8a", "value": "85cace9b025ffdb2ce7430a305ba2177cee83d20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860344", "to_ids": true, "type": "sha256", "uuid": "1b8b8714-8acc-44c6-bb4a-021b20f91a01", "value": "78338b5b9c6381c7f356aaa4082ee5b86ecf3522080fa1b43b6402279782284f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830879", "to_ids": true, "type": "ssdeep", "uuid": "d5eb252c-1267-4c05-9a7e-360c8e90d9e2", "value": "6144:amn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vX:rZIRxcGKFcYrs5qrtLAiCitvwX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830879", "to_ids": false, "type": "size-in-bytes", "uuid": "5b02c7da-e087-4de4-bc03-66bc1d4a3b23", "value": "292267" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830879", "to_ids": true, "type": "vhash", "uuid": "6e6ea267-d893-4d45-b414-a25d9939cb47", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830879", "to_ids": true, "type": "filename", "uuid": "6c7d2038-7ee6-4618-8939-ac18f00d367f", "value": "78338B5B9C6381C7F356AAA4082EE5B86ECF3522080FA1B43B6402279782284F.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830879", "to_ids": false, "type": "text", "uuid": "014fb694-7d2d-4459-a6a8-b5c96ec0a4e6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860345", "uuid": "ef28563b-da7a-498a-9bd1-f34da65b57b6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860345", "to_ids": true, "type": "md5", "uuid": "a53e6dc0-b7c5-4a2e-ad68-90a1f2c2cc7e", "value": "0fc5dc58b5df2d98da841100b268c851", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860345", "to_ids": true, "type": "sha1", "uuid": "d56cd7dc-4cab-453f-8973-a370fb1e0955", "value": "98f6476f081bf2acc555c87661fb3c3eb8c1864d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860345", "to_ids": true, "type": "sha256", "uuid": "ce823902-7e3b-4259-8585-61a1435f9d4e", "value": "c75690eb4dfe864fae346cd6162463bf312ae8d18f84c38f0381e27822757e76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830900", "to_ids": true, "type": "ssdeep", "uuid": "7e364310-265b-4f3e-bfe4-8f5ca45c8711", "value": "6144:wmn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vO:FZIRxcGKFcYrs5qrtLAiCitvwO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830900", "to_ids": false, "type": "size-in-bytes", "uuid": "3b94ffb2-1eb8-4c4c-8ba5-8744bc87c441", "value": "292258" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830900", "to_ids": true, "type": "vhash", "uuid": "e2ff9862-93a5-48b9-98df-e360de03030d", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830900", "to_ids": true, "type": "filename", "uuid": "a4c79e94-bf96-4f55-8eea-c6509c28dd16", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_unsign.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830900", "to_ids": false, "type": "text", "uuid": "ed3c8cd7-54c6-46f3-b1a7-e8cc37f4a0b2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860346", "uuid": "9b8d8958-52df-4013-bfa0-f559fdf77ebd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860346", "to_ids": true, "type": "md5", "uuid": "565b17db-6ba7-4804-90c9-c2b34ca1c0e3", "value": "76f15fea67d634e28ce5699fef8a7bc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860346", "to_ids": true, "type": "sha1", "uuid": "3ac9ba58-d93f-4ace-8def-3d00300efd7a", "value": "c49d8f5d971b8523f16773ea246256c18f2f0ac1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860346", "to_ids": true, "type": "sha256", "uuid": "057ddaeb-78be-48d4-9125-1f1da96e07f2", "value": "8b0c533b6c373ed6c20e75796d5b877d2aa8c9b4b09b0aad688dd367d69c304d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830921", "to_ids": true, "type": "ssdeep", "uuid": "fe2a5388-a8f6-45af-ab79-43cd7d4585ad", "value": "6144:fkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5n:VRIKiDQM6tQ30fTviiXn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830921", "to_ids": false, "type": "size-in-bytes", "uuid": "ea44283b-d54c-463c-8b4e-b20505dfc7a4", "value": "247719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830921", "to_ids": true, "type": "vhash", "uuid": "1d7dc494-8c53-4cd3-ba55-29feb48be9dd", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830921", "to_ids": true, "type": "filename", "uuid": "568dba89-be91-474f-aa71-501bedd7c3be", "value": "76f15fea67d634e28ce5699fef8a7bc2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830921", "to_ids": false, "type": "text", "uuid": "8d11241a-078c-40ec-a7c6-b5fef19dde91", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860347", "uuid": "1f6f62fc-ee9f-41f0-b85a-93b0713fcbae", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860347", "to_ids": true, "type": "md5", "uuid": "ca9199d0-4e48-4d58-acdb-e25e09635c20", "value": "0e489e4df4c49e228566ad1e0d0b5f35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860347", "to_ids": true, "type": "sha1", "uuid": "32c8ed5c-aa00-4283-a3cf-72faa32ff9fd", "value": "23a7ab67cbb622eff3fb6de6c6a5ab10225a3e03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860347", "to_ids": true, "type": "sha256", "uuid": "56445706-8eeb-4b40-b005-65729d05ef65", "value": "95a53d6fea95434944cc5f87ea86cb822e136b6055b548d016835618eadfe4cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830943", "to_ids": true, "type": "ssdeep", "uuid": "2598aef1-bb6a-4fbe-b753-e5c53001586f", "value": "6144:fkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5I:VRIKiDQM6tQ30fTviiXI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830943", "to_ids": false, "type": "size-in-bytes", "uuid": "b9f78b6e-3433-4788-ad53-e2a69b81799a", "value": "247719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830943", "to_ids": true, "type": "vhash", "uuid": "d6aff9dc-27af-466a-98dc-f602d5ef4cd4", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830943", "to_ids": true, "type": "filename", "uuid": "d26218b5-7022-4244-9db6-77ec20d561ea", "value": "0e489e4df4c49e228566ad1e0d0b5f35.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830943", "to_ids": false, "type": "text", "uuid": "793894b0-5403-4613-b3f7-c817f36a10ff", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860349", "uuid": "0478af30-facd-4d66-8944-077dd1ee3eb7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860348", "to_ids": true, "type": "md5", "uuid": "955dc5f6-4376-44cc-aecf-67de67e1b08d", "value": "0f5cfe4d179fc8594d4b3e4563ad3e0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860348", "to_ids": true, "type": "sha1", "uuid": "55235c8f-9f7a-4020-afd0-916208241db8", "value": "aac796671e1b25d7de3ddcf2546b3c05d91f3f7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860349", "to_ids": true, "type": "sha256", "uuid": "708acf0e-46dc-4d49-8d94-bd097e56711b", "value": "98ee73fe9fc19652693f8b183e16ed5227c127aecfa97842469f1eb4e975df06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830964", "to_ids": true, "type": "ssdeep", "uuid": "0c751305-7508-4944-a23e-2ed067e257de", "value": "6144:ZYcT5D1rfwdBVJ9TTvGoIruuf/iT5vtrenjgQkelYgJrFcWvAPTCN:ZY65D1bw93TTvFefUptFfelbyW22" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830964", "to_ids": false, "type": "size-in-bytes", "uuid": "e27b2f21-a201-4e27-a750-4d59c3477bd7", "value": "291860" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830964", "to_ids": true, "type": "vhash", "uuid": "d329807c-f08f-432c-8bb8-cd2e588f311d", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830964", "to_ids": true, "type": "filename", "uuid": "8a251d76-2373-4e49-972a-cee76d8f1244", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_unsign_resign.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830964", "to_ids": false, "type": "text", "uuid": "afeecd04-d6ce-495d-87d8-bbfec4fd0e8f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860350", "uuid": "38bf2341-51de-4cfa-bfe3-157e23231285", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860349", "to_ids": true, "type": "md5", "uuid": "8fd810be-acf2-4798-8faf-dd5800ef1a1a", "value": "84a8565cbdcf2f9ac3623034236f0331", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860350", "to_ids": true, "type": "sha1", "uuid": "f2ff1cd5-2aa1-48e9-8cbe-e58ba7eab238", "value": "a2815ac0b5e188d4102ae54c19e7ccfd1b2c1ebf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860350", "to_ids": true, "type": "sha256", "uuid": "1ba39aef-9848-4d1e-9e98-ca66a3fc7bc7", "value": "7b44d0ebb9f4d71beab22ba758cbee330b585c7709489ebc0b8fbd0656e1119d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740830985", "to_ids": true, "type": "ssdeep", "uuid": "ae5f01b2-d6d1-4dad-af2d-574b38712f47", "value": "6144:4usU8zGtMckoRAclRzNnGO8aieibq4FRxAi5tit/HFnYM85xdR:yTctR9HnQad4TxAi3itx657R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740830985", "to_ids": false, "type": "size-in-bytes", "uuid": "1efde3f0-4caa-4fa8-b616-48dedce9ec72", "value": "292139" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740830985", "to_ids": true, "type": "vhash", "uuid": "5e365dcf-eb31-4970-8470-fec0a3eb340a", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740830985", "to_ids": true, "type": "filename", "uuid": "145016b8-d53a-49fb-a086-2fb60483a729", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_prune_xml.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740830985", "to_ids": false, "type": "text", "uuid": "96520546-f880-4a27-8e02-b8a86158867c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860351", "uuid": "7874fe61-c047-4981-9ee6-62d3bb9680bc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860351", "to_ids": true, "type": "md5", "uuid": "6ac46743-5484-4441-90df-014ecaeb5638", "value": "4cd5637d0ed842dc4996ddfc38ef8f01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860351", "to_ids": true, "type": "sha1", "uuid": "9eaac420-fefc-483e-a1b0-45c77047c7c9", "value": "65704f75653fe579ac5878eadb16a3ec66a18b3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860351", "to_ids": true, "type": "sha256", "uuid": "821a17ac-9704-4abe-96d7-c09e0ec69a2a", "value": "9db6e593e9800612300715af3820a17ada995181b34b27f95028763cc04afb6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831007", "to_ids": true, "type": "ssdeep", "uuid": "7c276072-7af7-4031-8a63-04f5c5f515a5", "value": "6144:PafR9QTgLVVlRP8aiBwNtx/jdueFnYM3Zx1B:ifMOlRUae07HtZDB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831007", "to_ids": false, "type": "size-in-bytes", "uuid": "7f9a15e4-4ff9-4237-a637-24d530a3de94", "value": "292269" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831007", "to_ids": true, "type": "vhash", "uuid": "b63aaf10-3188-466b-ab28-44cf0d5f27ba", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831007", "to_ids": true, "type": "filename", "uuid": "d7abde6a-bc18-4447-86b0-a5958f306761", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_prune_native.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831007", "to_ids": false, "type": "text", "uuid": "341ec75a-7894-48ad-9fbf-e8a3ffebfb46", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860352", "uuid": "c0717ce3-8ada-4b6c-be9a-b6d33147999d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860352", "to_ids": true, "type": "md5", "uuid": "eb9bd4ba-8aec-4244-b47a-314e5692555b", "value": "1b54c3e6f196e057e176a1ec1314c360", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860352", "to_ids": true, "type": "sha1", "uuid": "61e1e8ce-d934-4deb-af70-f54cf9354e6a", "value": "10b50cb86c0914c7493a359bf74ff230d47239c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860352", "to_ids": true, "type": "sha256", "uuid": "3ecf492f-3e28-40d6-b806-5a979a79c740", "value": "e19e1438b5bf64476262a847770d4aef56fdf81667c5b586a011cf6d0609cff7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831028", "to_ids": true, "type": "ssdeep", "uuid": "27285ead-ab58-4bed-a293-b3b04d1d8006", "value": "1536:iAuqLqd6Qq15amB7/EOqh8gRDncXOmfAYlkmoVidJ6OxyZt:iATLqd+nDBgNhLPmfA42wnrQZt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831028", "to_ids": false, "type": "size-in-bytes", "uuid": "450e7a42-f6b2-45ba-8236-ad696c189c38", "value": "92958" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831028", "to_ids": true, "type": "vhash", "uuid": "77b49b20-7a95-465a-86ad-4729e1aa4e23", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831028", "to_ids": true, "type": "filename", "uuid": "8a5b3e4c-1631-44dd-a9c7-37f32898e963", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_prune_smali.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831028", "to_ids": false, "type": "text", "uuid": "2545987d-147a-497c-a777-7509fd81fbb5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860353", "uuid": "ff6648e6-6679-4c32-99ad-2085621e8e57", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860353", "to_ids": true, "type": "md5", "uuid": "dde5d3c5-e8e8-42c7-8502-fa820336a1c2", "value": "59847cbbe00ea3f29989e8adb5b2cf85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860353", "to_ids": true, "type": "sha1", "uuid": "ce976663-6a5a-4002-add1-11b451a4e319", "value": "b72d8827a6897136d1aed8f3c5fab3e6fd855f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860353", "to_ids": true, "type": "sha256", "uuid": "3c2ee7e2-ed1e-41be-bf67-ad002eb860ad", "value": "eb5043ea89d1112977945b710fbc725f7ccdf23fa8996e9084780a67282e47b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831050", "to_ids": true, "type": "ssdeep", "uuid": "8a77b968-85c7-4c2e-837b-d3b5cc58e0bc", "value": "6144:+mn3GxqzcRKYcGKX1c92rs5mFGiXtLAi5sit/32vh:fZIRxcGKFcYrs5qrtLAiCitvwh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831050", "to_ids": false, "type": "size-in-bytes", "uuid": "999388d2-3bac-47fa-ad02-73116f171f45", "value": "289176" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831050", "to_ids": true, "type": "vhash", "uuid": "98321030-201d-46e8-a50f-c8d770b79bd3", "value": "a07160827266a34333bb334ebdb79023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831050", "to_ids": true, "type": "filename", "uuid": "e16e3232-8a33-4005-b03d-a9ca2de513a3", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5_unsign.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831050", "to_ids": false, "type": "text", "uuid": "3bad670a-669c-4d1c-b2ff-db58857367cc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:34/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860354", "uuid": "c31e1969-fc5d-4b4a-940a-a56a5da1b5a1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860354", "to_ids": true, "type": "md5", "uuid": "582d69d0-0008-4402-92cb-8c57e4f30906", "value": "3dc52001291646102777ea8e15527ed8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860354", "to_ids": true, "type": "sha1", "uuid": "a5f34fcb-8510-472c-947d-ba97206d3dca", "value": "5d1659bd3fd3e3b343d23831ff95390f21166e24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860354", "to_ids": true, "type": "sha256", "uuid": "83c8c8ff-7e57-4af5-813e-681b039a7401", "value": "f28a05e17a7f77c165ca7477e2a6780ec938bcb45c4cfdf73e00665d57b610d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831071", "to_ids": true, "type": "ssdeep", "uuid": "b0e6b1b7-4780-4d36-aa26-214975a4a082", "value": "12288:vwwQbJgI1SPt5cthfT5R3CErVPAMFXlslGd6SIuxK/MCa720sMAUcg0wqh/:v/Qt1QtCDr/3CEFvlsla/LI/4CFMFWh/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831071", "to_ids": false, "type": "size-in-bytes", "uuid": "6223fdea-37f8-4caf-a859-2ab6d387641b", "value": "772534" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831071", "to_ids": true, "type": "vhash", "uuid": "e7629057-45f1-4a4b-a802-5f80e9f5e597", "value": "3348a92f763a745bd65e76c7adec0a67" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831071", "to_ids": false, "type": "text", "uuid": "07ffdbe0-2ed4-4007-8790-852a3a1be3ee", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860356", "uuid": "69ad4c14-f3da-4fd1-9ffe-82e580a19072", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860355", "to_ids": true, "type": "md5", "uuid": "ff2f30eb-350e-4222-a0f4-a97444b5d6fa", "value": "7746bdd2d4a18c77041efbf4eb1e93a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860355", "to_ids": true, "type": "sha1", "uuid": "f7202f5c-688c-466f-b08e-cb12d58b7ab5", "value": "bf4cf901d4fe09de459e94a9959637f07ceb61d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860356", "to_ids": true, "type": "sha256", "uuid": "2271685f-afb4-4381-83d8-4d6c2e5663e1", "value": "ec48e16bf4a80c2f27b221e85ad81e47a7a85243210fc1845a3efd5d4bcf228d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831092", "to_ids": true, "type": "ssdeep", "uuid": "3b36f44e-e5a9-470c-94d1-cd7e3f71744a", "value": "6144:BE6Vl8cJXlu4pYcBAJv7d6/1v9ykcqtyieaCe/QhpV4:P1ukBAhCFFDeaCe/Qhb4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831092", "to_ids": false, "type": "size-in-bytes", "uuid": "326e2e4c-ab18-45c5-970b-8d7254e8c44e", "value": "295951" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831092", "to_ids": true, "type": "vhash", "uuid": "548ef163-ca86-46d8-ba4f-240b1b22cb3a", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831092", "to_ids": false, "type": "text", "uuid": "b119cd02-b9c5-4b2d-8a98-dea27b24bffd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860357", "uuid": "ed80d623-2c89-4227-8575-2079981bc9be", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860356", "to_ids": true, "type": "md5", "uuid": "7f191eed-54f3-4121-9afc-0d42929eade6", "value": "dbec8daf294bf1831076231b4ed2f064", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860357", "to_ids": true, "type": "sha1", "uuid": "8e585e53-3874-4ef1-8688-86a229dc856d", "value": "8df2cadd69154e76b61850d6be45cea0ea383530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860357", "to_ids": true, "type": "sha256", "uuid": "6800cdec-d7ea-416b-b687-d6dcc7a56f66", "value": "74345f91f0172da7165534e21c061a5f2b8a7960cbe90f529389fb8d503f21aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831114", "to_ids": true, "type": "ssdeep", "uuid": "c9836995-c97d-4399-8f74-55e0d8fac559", "value": "6144:j5En7LfUrhs5rwaWqg1v+otZ/TXeUPMi+Uwc7dfkCjuRNP:9g/UBkGXvCk2c+CjurP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831114", "to_ids": false, "type": "size-in-bytes", "uuid": "547b838f-a0fb-448f-a2bd-a70429f365d0", "value": "296135" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831114", "to_ids": true, "type": "vhash", "uuid": "a7a277c4-425e-4d49-bac4-a2db0f592cd7", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831114", "to_ids": true, "type": "filename", "uuid": "675ff005-2b63-4be3-862b-e2e43a9ff37f", "value": "74345F91F0172DA7165534E21C061A5F2B8A7960CBE90F529389FB8D503F21AA.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831114", "to_ids": false, "type": "text", "uuid": "99fed8c4-3efd-4340-8b95-629901535f44", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860358", "uuid": "6004ded0-7fb1-4d02-b485-8be696a15e54", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860358", "to_ids": true, "type": "md5", "uuid": "d6f43b85-1b7f-47d4-a631-001bea9b0fa7", "value": "0eea655910ccbfba34531f0bc8fc391f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860358", "to_ids": true, "type": "sha1", "uuid": "08625286-2903-43d1-a7a3-e8f6b2014307", "value": "e844ecf71deda475609220672a78b1080513adc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860358", "to_ids": true, "type": "sha256", "uuid": "d0f857fb-872d-4728-93fd-8048014c9b4d", "value": "7631375c130b5a0bebd2a5a6a16da17dcffaa4530cfb4258d61b60436d0652b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831135", "to_ids": true, "type": "ssdeep", "uuid": "81109d01-6eff-4820-8599-a7b22cadb758", "value": "6144:44KG9ULb8WBRKYcAl9DXoxFRfw+R+Z95kRPjKHw/nKbgu3jePbV:47Lb8WBRxcAl9DI78lk1SwuzezV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831135", "to_ids": false, "type": "size-in-bytes", "uuid": "1c0aa070-d8f6-4493-98c3-d56aac570f2c", "value": "295955" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831135", "to_ids": true, "type": "vhash", "uuid": "ff30db4b-6c89-4efc-8438-98168a1d89c4", "value": "a504618ff384597e2e3943106257b28a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831135", "to_ids": true, "type": "filename", "uuid": "dcd1be80-4f1c-4cc8-915b-1184ab824052", "value": "7631375C130B5A0BEBD2A5A6A16DA17DCFFAA4530CFB4258D61B60436D0652B7.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831135", "to_ids": false, "type": "text", "uuid": "cab65fda-55f2-48fe-bf96-85f21cf72987", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740860359", "uuid": "4e54de24-3f71-48a3-b018-d76a43f6edf3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740860359", "to_ids": true, "type": "md5", "uuid": "7a56cb66-2a2d-4002-8de0-40dcc092a985", "value": "8812151d78647a4a647484e96cb79f93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740860359", "to_ids": true, "type": "sha1", "uuid": "0a1ede45-e6d3-4029-9ccb-43eb9e5c304c", "value": "7456d2f83d25a935e221c141817b25c48c5995c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740860359", "to_ids": true, "type": "sha256", "uuid": "c1c59bd2-2e62-4544-9669-e37a9e4a4230", "value": "0336bfbfad7bb687841e36ff5621ad205876d370e8e7e4dd0e0e8f2e46d4d9a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831156", "to_ids": true, "type": "ssdeep", "uuid": "1fc47e10-2555-4870-8ccb-3cc2c2f0dee9", "value": "6144:ckSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5N:WRIKiDQM6tQ30fTviiXN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831156", "to_ids": false, "type": "size-in-bytes", "uuid": "d53f27be-74a6-434a-a4a9-502ed58f4a54", "value": "247708" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831156", "to_ids": true, "type": "vhash", "uuid": "74076a7c-4979-4bfd-a71b-ee8de3987b0c", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831156", "to_ids": true, "type": "filename", "uuid": "3cc95928-1ecc-48c6-9c02-21f70a185cab", "value": "8812151d78647a4a647484e96cb79f93.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831156", "to_ids": false, "type": "text", "uuid": "c84a0da2-00b5-4ef6-9eee-28dde52f6ea7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831178", "uuid": "db54abfa-a11f-4a9c-9b04-5a5b4c851c26", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831178", "to_ids": true, "type": "md5", "uuid": "a955c247-de37-4569-82b4-920641d81656", "value": "866eb41679d2113e59653289d44505b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831178", "to_ids": true, "type": "sha1", "uuid": "b00261e5-7f0f-418e-b924-ef5a49767988", "value": "75f99e7de3083e56757c293333efdae9acbd3ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831178", "to_ids": true, "type": "sha256", "uuid": "bcde3ab3-2a08-4253-94f5-572b5b31e6f6", "value": "e24c9a5f3d5d1b0178703004db2c55b152f2ae2f5758bcfa0c1f503d0a7b2e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831178", "to_ids": true, "type": "ssdeep", "uuid": "123868a1-d8e0-45f7-9dcb-52fc584cd648", "value": "6144:fkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5P:VRIKiDQM6tQ30fTviiXP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831178", "to_ids": false, "type": "size-in-bytes", "uuid": "aa8d1c93-9f07-4e8a-8577-07967dc6afa8", "value": "247714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831178", "to_ids": true, "type": "vhash", "uuid": "64c00ae3-c878-4a00-98cc-485032ce5d0a", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831178", "to_ids": true, "type": "filename", "uuid": "8a3967bd-232e-46b8-97a8-0a68587b91e4", "value": "866eb41679d2113e59653289d44505b0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831178", "to_ids": false, "type": "text", "uuid": "c4cf82fe-d0fd-43ba-8d64-ae16518edb50", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831200", "uuid": "37ec473a-2bd8-4b8c-8182-0fd6025ff9a1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831199", "to_ids": true, "type": "md5", "uuid": "7d7642d9-1e34-4a5c-89ac-83b73ae3a3ba", "value": "fb1011cc3fc2ac2ec89947472b338edf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831199", "to_ids": true, "type": "sha1", "uuid": "b04d982a-47a5-485e-a0cd-b23616739e49", "value": "26479bc69b61ff5e79f6f51c4fbb0584cf6c9b8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831200", "to_ids": true, "type": "sha256", "uuid": "fd125ea9-ad80-4d68-be48-40e8008bb125", "value": "a546e4bf0fb7f5b5e315dad55a6af886a3ac7584f31901386ede481c187ea958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831199", "to_ids": true, "type": "ssdeep", "uuid": "f48bfe7b-0d5f-412f-802c-af2f3a64968e", "value": "6144:3kSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5g:9RIKiDQM6tQ30fTviiXg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831199", "to_ids": false, "type": "size-in-bytes", "uuid": "2d9fc860-cd9f-4bbe-95da-1429657defb6", "value": "247722" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831199", "to_ids": true, "type": "vhash", "uuid": "79a42b4a-af36-4b84-959c-569266a16b66", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831199", "to_ids": true, "type": "filename", "uuid": "7208e685-d342-4253-9b2b-b7a5ee9e8163", "value": "fb1011cc3fc2ac2ec89947472b338edf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831199", "to_ids": false, "type": "text", "uuid": "fe7475d6-f273-4ce8-b10b-ea00731e859b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831221", "uuid": "4f574009-c181-4c20-90c8-8f1ce32281a5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831221", "to_ids": true, "type": "md5", "uuid": "06c79b71-1e2a-48b9-8f27-e17f790813a9", "value": "50c8ac1acbd50b7f0745b3809d54de53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831221", "to_ids": true, "type": "sha1", "uuid": "6498c930-c142-4446-b022-41ec323748e6", "value": "3b4bb768df50fbc77a4cdd2fe2b14984d69376dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831221", "to_ids": true, "type": "sha256", "uuid": "9b7349c5-94bf-452e-95b2-28801933fe57", "value": "bb615d100631c3f1897e11df1971e1fbb366861193b91ade3f220f7706487375", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831220", "to_ids": true, "type": "ssdeep", "uuid": "2bdd556b-68a1-48a9-954a-9861d5a3d70b", "value": "6144:YkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5K:KRIKiDQM6tQ30fTviiXK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831220", "to_ids": false, "type": "size-in-bytes", "uuid": "3ae77245-445e-4b0d-aeb6-fac4fd45e64b", "value": "247715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831220", "to_ids": true, "type": "vhash", "uuid": "de4781f7-5614-4fef-bfe0-ce9ad3c335b4", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831220", "to_ids": true, "type": "filename", "uuid": "fd525abc-86fd-48fa-b122-c4d67071bb49", "value": "50c8ac1acbd50b7f0745b3809d54de53.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831220", "to_ids": false, "type": "text", "uuid": "79dbddae-6193-4359-bc0c-b3254ce93ef9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831242", "uuid": "a3888c8d-5cf8-4be4-9a70-815bc0261c84", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831242", "to_ids": true, "type": "md5", "uuid": "6b18dd81-9ea3-48a0-9feb-42e40846fb06", "value": "41d3257b9c08c5e05b242389bea1ca01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831242", "to_ids": true, "type": "sha1", "uuid": "6276bece-c441-4380-baa7-4cffd0ce13dd", "value": "a9cc262587833e97b0f496250426b099f01d27d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831242", "to_ids": true, "type": "sha256", "uuid": "1de9c253-99da-4aed-b7ca-a2d8d8ff89c1", "value": "4c64c21b30d26201e74fd4a5bcbf1b950c7d0dda475e53766133b28fb751dc72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831242", "to_ids": true, "type": "ssdeep", "uuid": "3e8251bd-3877-4db9-bb7a-c3de203242fd", "value": "6144:4kSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs55:qRIKiDQM6tQ30fTviiX5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831242", "to_ids": false, "type": "size-in-bytes", "uuid": "e3d70c8c-efeb-47b3-869b-9408a2ee02de", "value": "247717" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831242", "to_ids": true, "type": "vhash", "uuid": "67b6f40a-ed66-42bd-80d2-8b6c558fc83c", "value": "e9cc32eedf1771bdd92b539c512a8f53" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831242", "to_ids": false, "type": "text", "uuid": "c401f722-4124-4d4b-842e-ebc7f4b51703", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831264", "uuid": "6464022f-2cf6-45f4-a3d1-ef7db4df030c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831263", "to_ids": true, "type": "md5", "uuid": "ea1a5dc6-4604-465a-aaa6-242fbbdd79dc", "value": "a4b14870e6a4c75fe0a9a265e0e17730", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831263", "to_ids": true, "type": "sha1", "uuid": "513acfa4-55d3-4682-b9ef-36325858f613", "value": "74d9c117fbe8a45457a6f3aca907a226cbf9a66d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831264", "to_ids": true, "type": "sha256", "uuid": "c360a92c-9a53-4abe-85b0-0f41c49bbf1c", "value": "8a8c22dd4ac48b7a7eb3e1ec64cfeb1e9dccaee252ed6dbf816a8567bc27c1d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831263", "to_ids": true, "type": "ssdeep", "uuid": "95452e3a-e5e2-4b0c-ba96-1bc5a84d5d6d", "value": "24576:en0Zs0EmgNntabWbwRfZ8Am0/4eMCqHqFmEHCNHs:eQsJ7abWs8h0gTB+3Hqs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831263", "to_ids": false, "type": "size-in-bytes", "uuid": "82244c7f-b6a9-402f-b3aa-3812a9fa31a2", "value": "1184147" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831263", "to_ids": true, "type": "vhash", "uuid": "3dfa8c05-a2f2-4070-ba12-a98c902b551e", "value": "9bb70afb079edcb97e116e345fadc0a3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831263", "to_ids": true, "type": "filename", "uuid": "73eccd26-b7a3-453d-a6f5-662092c6fe15", "value": "111_resigned_obfus.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831263", "to_ids": false, "type": "text", "uuid": "09eca1ce-f6a0-41c9-bf5d-03c02fecad0e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:22/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831285", "uuid": "ed04abd4-1a4d-4778-853d-954dd7f89000", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831285", "to_ids": true, "type": "md5", "uuid": "dd5cc490-dc37-47a4-ad62-84e1448fa7e2", "value": "6a5a059e78fc13544698132e105a8640", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831285", "to_ids": true, "type": "sha1", "uuid": "1f17da0b-e91b-4403-826c-f0030209226c", "value": "d26ae361f80639fb9a9684821b191e688796f191", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831285", "to_ids": true, "type": "sha256", "uuid": "2145b935-22d8-426b-8147-12c055dd75b4", "value": "fee2bc46d545f82a6aba358822cca642d8ffc6154b8ffbef227e3bfcce751945", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831284", "to_ids": true, "type": "ssdeep", "uuid": "5bf5791b-f644-4e9c-b852-0f98ceb6bb02", "value": "24576:7fbupM265zWsQDSIa/rwCiDf5I4vlhkBlAyNPUyOV2AGmdGf6qxNvb:7fbKM2UzzwCMI4tGlNpIGFZpb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831284", "to_ids": false, "type": "size-in-bytes", "uuid": "6cee4497-552a-4209-9ae1-99be59236d3b", "value": "1183966" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831284", "to_ids": true, "type": "vhash", "uuid": "37b5e0ed-1682-4f48-a167-40572da64115", "value": "9bb70afb079edcb97e116e345fadc0a3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831284", "to_ids": true, "type": "filename", "uuid": "32583e64-d2d0-4e6f-9c82-30a9766ca512", "value": "111_obfus.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831284", "to_ids": false, "type": "text", "uuid": "072fb709-799a-47ea-ae02-0e86fafa267c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831307", "uuid": "f94fe295-f945-4b33-a042-09c60c7bc758", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831306", "to_ids": true, "type": "md5", "uuid": "b61ea096-8106-4d3b-aeb1-cbc9159383d4", "value": "ac37821cf160745cabdc03b8c12a05a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831306", "to_ids": true, "type": "sha1", "uuid": "8e3277bc-ed96-4f9c-995b-398db2ff9fc6", "value": "e7fd8270bc43187b91d7a8a64c9de21dca39795c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831307", "to_ids": true, "type": "sha256", "uuid": "84a593b5-1aec-43d2-8f76-53d75bd5714d", "value": "84116ec9d28b7776e581d3de722db0b053135b12d09b23c07a7805e47ba15c58", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831306", "to_ids": true, "type": "ssdeep", "uuid": "e6393884-22b1-46f7-81ac-f294556fd0a9", "value": "6144:Ufg35Q8MD5+fJ8AiLjvZcl1O31jlfPq+WFPV/891LdEndVj8t89nho:9LM9+BnsWl1SVxq5PB891LeXAtaho" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831306", "to_ids": false, "type": "size-in-bytes", "uuid": "0a902b76-b6a4-4fc2-9c60-62c5403be0de", "value": "298746" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831306", "to_ids": true, "type": "vhash", "uuid": "3ab01a78-59a0-4049-aa94-588fbaed414f", "value": "79028cc2495cdbd62008d7f8858200c4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831306", "to_ids": true, "type": "filename", "uuid": "9d044ff8-f6e0-4cae-8c33-c3ba360ff338", "value": "111_resigned.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831306", "to_ids": false, "type": "text", "uuid": "f3b44a4f-4fc4-4757-a6b5-4c99ce741c9a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831328", "uuid": "e471b3a4-10af-4d68-b72d-df3d933cd6e1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831328", "to_ids": true, "type": "md5", "uuid": "bd5f7b51-b5e4-45dd-a206-5ae5d18c57de", "value": "13a04af18f5aa1b2f18611df60470904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831328", "to_ids": true, "type": "sha1", "uuid": "d96adff0-5dd7-45fe-8e56-c413e3962716", "value": "0ca4ab718bf285fe08bc0b94e4b29fe9155b56fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831328", "to_ids": true, "type": "sha256", "uuid": "610fcb68-8c16-4f08-bc4e-fda92e2d10b4", "value": "eee913ff7f1225c0ac75531c3a57a0a2e3e6117d2558a79d41289e3913cb121f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831327", "to_ids": true, "type": "ssdeep", "uuid": "21e18c48-346b-4f1a-9ae5-f8867732322f", "value": "6144:akSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5A:4RIKiDQM6tQ30fTviiXA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831327", "to_ids": false, "type": "size-in-bytes", "uuid": "751fc69e-3923-4405-8cf3-a5ef0668e851", "value": "247718" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831327", "to_ids": true, "type": "vhash", "uuid": "fdb0aee5-898f-48f0-949c-4d5a5240a5c5", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831327", "to_ids": true, "type": "filename", "uuid": "79330bde-48aa-45c9-b59b-6dc9fe9884e8", "value": "13a04af18f5aa1b2f18611df60470904.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831327", "to_ids": false, "type": "text", "uuid": "4b578664-7670-412e-a8b1-7096b92bc9e7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831349", "uuid": "a066b10e-45b7-47f7-9751-da0a3a11c639", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831349", "to_ids": true, "type": "md5", "uuid": "6b31d142-dafa-40ad-b5ff-00ac7ad4f922", "value": "e98efdfe453fb0e7093a9de704ba217c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831349", "to_ids": true, "type": "sha1", "uuid": "b5f16846-2e27-4903-a81d-9a861b85feca", "value": "c879dbc37eb905d2974c0d0abb3e7fbd2d221c29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831349", "to_ids": true, "type": "sha256", "uuid": "a04b419b-7d1c-4497-a0bc-2245f757cb55", "value": "3615acbfa81d36d50b203dd778674c467b16144712f0855f122902e427f20c36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831349", "to_ids": true, "type": "ssdeep", "uuid": "acc6b661-c462-4f78-acbb-05df36a70952", "value": "393216:VVcQCqMdP3Clh2mI9BQ30wMdUVGFmIBOJ:VVx7MdegR9B8vMdUMMIUJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831349", "to_ids": false, "type": "size-in-bytes", "uuid": "0964e2f5-15f2-43c8-89a7-e3c77fd79ed1", "value": "14830912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831349", "to_ids": true, "type": "vhash", "uuid": "11e7cf43-3811-4765-838f-441a92636bdd", "value": "22d85952be483a0bde18ca7de6f3edad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831349", "to_ids": true, "type": "filename", "uuid": "4b47974b-1fba-4181-b9c1-04b5ba94ed4b", "value": "com.guidedways.iQuran.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831349", "to_ids": false, "type": "text", "uuid": "27f0fbb7-8994-4b8b-9864-847f4ccf5d1d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831371", "uuid": "c2914bcd-42b8-48e0-a126-73d9dcca0a49", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831370", "to_ids": true, "type": "md5", "uuid": "17daf74e-4d61-452e-b7f2-d0277e4b85a9", "value": "d31a244b80ea298b98304454244b3ebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831370", "to_ids": true, "type": "sha1", "uuid": "d1934dc6-1b30-4928-bec8-b20114ac0689", "value": "823b7997a386a109fb48a81820eabec922c751bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831371", "to_ids": true, "type": "sha256", "uuid": "0c737534-ca15-4b21-8cc1-c4731b9f5480", "value": "e0441811fac88817da3712ed2a0718c969bf3c0b65fc8cf08150751f1f50a564", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831370", "to_ids": true, "type": "ssdeep", "uuid": "cfdfa320-45c3-4487-8cad-36368d3d7424", "value": "98304:ytu8NP5Zm4pG3/VW1OjjzWYM0Qc/LlFF9S82L:Ou8NDmOG3/8Qj1NQczLD2L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831370", "to_ids": false, "type": "size-in-bytes", "uuid": "0e3b3f8f-1e8f-4679-a283-e108b1f49538", "value": "3223335" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831370", "to_ids": true, "type": "vhash", "uuid": "89480793-1658-4d2f-b323-9d76d9a23872", "value": "2afccb83b25a21419bf3d2b60589ce6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831370", "to_ids": true, "type": "filename", "uuid": "71925a7e-3d58-4699-aee6-526b78035533", "value": "d31a244b80ea298b98304454244b3ebe.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831370", "to_ids": false, "type": "text", "uuid": "b6b3c169-2460-4178-81ef-dadfdc7459fc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAFD\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831392", "uuid": "9ab7310a-6c06-4438-bcc5-432dde6ed58d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831392", "to_ids": true, "type": "md5", "uuid": "411a09c5-d747-4ef3-8685-37d56c02a1c0", "value": "7f1fbaec21c8389ac7ee622368476997", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831392", "to_ids": true, "type": "sha1", "uuid": "1c97d860-fa66-42d3-bffb-f9658b700174", "value": "d866c6e42abd4e63c8293866f2f664ed2f4d156b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831392", "to_ids": true, "type": "sha256", "uuid": "7d8bf6cf-076a-4b0a-bcc4-b2efd7fb2b16", "value": "cfe2baaf9f1b202e815cbb74aca7ed85f9fd87aeb862419ac105d6c148ef030b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831391", "to_ids": true, "type": "ssdeep", "uuid": "8f45a070-22bd-4060-adc0-65e54ed50149", "value": "49152:5xgpR/KZZmnwfrul7de6hdYDz4U8uhs2As9+38Cu2bAaimqfCg91W4EaCAbTdSME:5x3Tff6Sz4U3hsbsc3tlsPmYCY1W4/CT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831391", "to_ids": false, "type": "size-in-bytes", "uuid": "1678e83d-b5e6-489a-94ba-5bd7656aa990", "value": "3102832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831391", "to_ids": true, "type": "vhash", "uuid": "7d4ff24d-3764-4d39-9f9c-ffad75edd27b", "value": "e3c518fbe4f7fc1f3c8349c5500fe174" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831391", "to_ids": true, "type": "filename", "uuid": "880747f1-f312-4d54-abc5-9d4ddb46ac42", "value": "pcmw9nCcsrb7X7JGVTyKE3gGundmI5jEW7L5GOx5" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831391", "to_ids": false, "type": "text", "uuid": "6f1a73f2-ea59-45ee-88af-821c72ed9b2f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831413", "uuid": "04226221-4477-4765-bc56-f1bf196d92f1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831413", "to_ids": true, "type": "md5", "uuid": "02979f81-f986-4be7-849e-e92edc67b85e", "value": "003c79c0374e752177279a7698f6a9d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831413", "to_ids": true, "type": "sha1", "uuid": "8806add5-ce43-44fd-b043-776780a9e0e4", "value": "5414ec1fa516046cdadbd4dc3ef93218a1eb92b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831413", "to_ids": true, "type": "sha256", "uuid": "42c43eb8-ce52-4d37-96d9-a2bf6a2bfb77", "value": "e72c1697b54ce5158b3fed43ec3e0eee3cbd662defa4e8137839bc4a882a1c3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831413", "to_ids": true, "type": "ssdeep", "uuid": "ba06af93-0975-4dd1-9fa8-0a1a874ac7d3", "value": "98304:UzNohDRi4ztL8hgw1GyLcIHiQcVAUhAsnwbcPGRO2LAM7UfvpkOcz0Yx:UWRik8bLcOi9VAUhA464WLt7gvqXx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831413", "to_ids": false, "type": "size-in-bytes", "uuid": "1189b032-8b53-412f-a477-56dc8ee4847b", "value": "7111177" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831413", "to_ids": true, "type": "vhash", "uuid": "65a69995-7565-41a0-949c-1dbbe550eb73", "value": "1ee37f559c830903eedaf84510704a47" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831413", "to_ids": true, "type": "filename", "uuid": "472e9ca2-10d1-4d66-9c87-b3780f1b69b6", "value": "5414ec1fa516046cdadbd4dc3ef93218a1eb92b8.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831413", "to_ids": false, "type": "text", "uuid": "e4aa2fe7-6c84-4e9b-bd1b-3a82ea53a91c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:25/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831435", "uuid": "983c5d6f-18c1-4124-96a9-e7f60ec8374e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831434", "to_ids": true, "type": "md5", "uuid": "f4fb0bab-010e-4cf8-93c3-831e10a67a13", "value": "2c8a380e6680c41539a327d69fb16504", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831434", "to_ids": true, "type": "sha1", "uuid": "bede9e32-ceba-4f1f-8949-f7debea7f448", "value": "9976433a3d48fce45cbbcbe773194926bc38a3dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831435", "to_ids": true, "type": "sha256", "uuid": "651f2112-ce98-42d8-ba40-4167e5d6231c", "value": "dfb460b8842b620b3ee005845441e58d1be99cb78141984398ef3c63d416d185", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831434", "to_ids": true, "type": "ssdeep", "uuid": "ed17e526-aac1-4b25-9130-bd9d0598d860", "value": "12288:fySIuxK/MCa720sMAUcghwqhNRx+5QJjnwtATJ/r17U92p5fVhOVAPR9XUiUNtu:fHLI/4CFMFphNX4KJDp9JYGp9mu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831434", "to_ids": false, "type": "size-in-bytes", "uuid": "511b7ba0-0a27-4bc2-8cfe-b6ed7889a618", "value": "773797" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831434", "to_ids": true, "type": "vhash", "uuid": "a3b3c0e9-33de-4763-83c5-ab6625b21d67", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831434", "to_ids": true, "type": "filename", "uuid": "36366697-1eb7-412d-8144-36450e0e2466", "value": "2c8a380e6680c41539a327d69fb16504.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831434", "to_ids": false, "type": "text", "uuid": "d75c276a-9869-45c3-9143-3d3678c7e341", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAE2\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831456", "uuid": "479678e9-7c31-4cf9-8bd2-bef56fcdef5e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831456", "to_ids": true, "type": "md5", "uuid": "17003e30-9292-4b03-86de-69b5b26e6a9a", "value": "93690a394d342f521df747e6c19b4c08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831456", "to_ids": true, "type": "sha1", "uuid": "7466ace9-0672-44ea-8f52-b30774d1fad3", "value": "219ee1ef5fcfe33735d90e00e512548c923dad0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831456", "to_ids": true, "type": "sha256", "uuid": "b4983a20-ac1e-4ef2-acf7-6a1d4018ef0e", "value": "adb1a6eded0ff60603e0c9d15a01c2546b365e0d6272c65771644175c5845ebb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831455", "to_ids": true, "type": "ssdeep", "uuid": "c680696d-e304-4a59-bc22-69cf813b1cc9", "value": "24576:lF5WaKXYRVnV3MR9ZXFwGzXmiNRbYL1NY:XUaKXYRxRQVwGqo21NY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831455", "to_ids": false, "type": "size-in-bytes", "uuid": "c8194bb7-475b-4ff1-8a19-48fa06daf0ad", "value": "833830" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831455", "to_ids": true, "type": "vhash", "uuid": "4c77b7d9-0e63-4aca-995a-9e5dd71ae587", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831455", "to_ids": true, "type": "filename", "uuid": "3c9cd2b5-5432-4747-a12a-266e367d001e", "value": "93690a394d342f521df747e6c19b4c08.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831455", "to_ids": false, "type": "text", "uuid": "acda85f7-ed8c-4d47-a2a3-d497301c6f53", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAA6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831477", "uuid": "de723944-56c6-430b-a377-8e656518c8ae", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831477", "to_ids": true, "type": "md5", "uuid": "63f7f590-583e-4429-9ea3-991222fa9ecd", "value": "22a76e99a7e875cce7b08bef1ef75a79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831477", "to_ids": true, "type": "sha1", "uuid": "c88cc7d6-f9d6-494a-bdd9-3d618799228b", "value": "e43f3c510830ab5484cba49c45b99b0ec43988fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831477", "to_ids": true, "type": "sha256", "uuid": "eabe038b-77f9-462c-b53d-249d73b9b04a", "value": "10877147555ee905d3dc96e7b28b0178d72d8c53bc321026ff8be237cc84c223", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831477", "to_ids": true, "type": "ssdeep", "uuid": "d26e2945-40f2-4cf8-859c-2915eaa855f4", "value": "12288:gsObkDhw7ovRMG6KINdRx+5QJspEieuEyTksniYf+3E2+5H2XsX2AZooz:BAktl2G6KIPXCpEQnFf+3E2qWXsmAZzz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831477", "to_ids": false, "type": "size-in-bytes", "uuid": "7a16205a-487f-439f-b1a4-3b649b3b5f1a", "value": "763771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831477", "to_ids": true, "type": "vhash", "uuid": "e7dd4aca-b4f3-4436-9fc4-4f0cbd1f8a15", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831477", "to_ids": true, "type": "filename", "uuid": "a0ff3065-a68d-487f-a81c-8e9bf2a63163", "value": "22a76e99a7e875cce7b08bef1ef75a79.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831477", "to_ids": false, "type": "text", "uuid": "05aa73d1-fcb5-48a3-910c-0dd5677de5be", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA20\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831499", "uuid": "6a35bab4-b3b2-4953-a858-bfea3fa896b6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831498", "to_ids": true, "type": "md5", "uuid": "36f1d9f7-8054-48f9-a866-2568b8b85794", "value": "771f5bf2ca7f5e38549784fc2222f80c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831499", "to_ids": true, "type": "sha1", "uuid": "dee0d602-b8e1-4cd5-859a-ecb78a4598aa", "value": "091d492fe28854bda0559aadd41a427d2fe19267", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831499", "to_ids": true, "type": "sha256", "uuid": "5dabfd59-dbcf-4836-8ae6-27b740d3062a", "value": "60a900f87ce1a4078f1145c0b2218f1875fcbb92d1d6f044b067ab8d7f19698d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831498", "to_ids": true, "type": "ssdeep", "uuid": "091dbce2-5ac0-4240-883e-2eb446aad64f", "value": "24576:VXYBwfgOFDVNdnziHLhvPrwnVgE2mEcdt2aQWiQAAnXB1PTx1utd8knRGgM4/eEg:VIGfgAxriHdvPsnVp52giwnR1bKdtnRI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831498", "to_ids": false, "type": "size-in-bytes", "uuid": "c084aa25-bb5c-49c8-90b3-168d2620d796", "value": "1539193" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831498", "to_ids": true, "type": "vhash", "uuid": "b923d1a1-ea02-4afa-b15a-fee23444462c", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831498", "to_ids": true, "type": "filename", "uuid": "94882198-25a0-47d6-9f8c-eba9baed31d1", "value": "www.tordax.com.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831498", "to_ids": false, "type": "text", "uuid": "2ddead08-6be1-469a-9271-0301a3b65239", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831520", "uuid": "2e203f9f-93d6-4e0a-85d9-0d860d20ef03", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831520", "to_ids": true, "type": "md5", "uuid": "7539c27a-620a-4df3-9566-aa09d5887f13", "value": "544b96138ebcb09b79ba218cd6387e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831520", "to_ids": true, "type": "sha1", "uuid": "2acb8537-94a3-4f7b-b895-c31ec5f6a522", "value": "e4b5d5943a596e614c8c27f11d91da5630489e85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831520", "to_ids": true, "type": "sha256", "uuid": "eacb01e9-a6bf-4ea9-b733-2ff8b2831948", "value": "820b604593ab309b83264a6811498d28aec7259b605b7bf95542c06b44f0ed9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831519", "to_ids": true, "type": "ssdeep", "uuid": "94ccfe6e-7a61-4ee0-8b73-c9b891753c2f", "value": "98304:A/C8qRN9o4pG3/VW1OjjzWYM0Qc/LlFF9S822:KC8qRoOG3/8Qj1NQczLD22" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831519", "to_ids": false, "type": "size-in-bytes", "uuid": "809fd3e4-1579-474c-922a-c32103e053ea", "value": "3223281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831519", "to_ids": true, "type": "vhash", "uuid": "88314c0d-118e-40fc-a642-1490fb942bab", "value": "2afccb83b25a21419bf3d2b60589ce6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831519", "to_ids": true, "type": "filename", "uuid": "9f0f7799-7822-40f6-8fb7-5e83cbf5c7be", "value": "544b96138ebcb09b79ba218cd6387e00.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831519", "to_ids": false, "type": "text", "uuid": "7513ca2e-9aa3-409a-9193-54fdae971b63", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831541", "uuid": "4d05df1e-ca0b-433b-bf5e-c05c03f066a6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831541", "to_ids": true, "type": "md5", "uuid": "82c0fcb8-be4d-4a93-9e7c-d1ea41275811", "value": "8a2fe29e0c8dd347273b53d7521b36b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831541", "to_ids": true, "type": "sha1", "uuid": "1b2682ee-0ff2-40a5-ac20-b452a66fa331", "value": "d2690c4b8b4415bf798829ba5d0eb910fd7cf124", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831541", "to_ids": true, "type": "sha256", "uuid": "7bf6104f-f8e5-4019-a0dc-952f959fc30c", "value": "72c1a64c0835f8ab38670e63c5660fa008b5f2dfad1e755f30ca58bd3a006ddd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831541", "to_ids": true, "type": "ssdeep", "uuid": "efdcb048-4f04-4902-8572-99cd204e3685", "value": "12288:JSIuxK/MCa720sMAUcgPwqh7Rx+5QJUnwtATJ/r17U92p5fVhOVAPR9XUiUNp:wLI/4CFMFnh7XlKJDp9JYGp9u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831541", "to_ids": false, "type": "size-in-bytes", "uuid": "29d79875-2d10-4f66-8826-9815ba3994ab", "value": "773773" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831541", "to_ids": true, "type": "vhash", "uuid": "4afc5465-98b6-46f5-870e-26ce9d70c614", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831541", "to_ids": true, "type": "filename", "uuid": "e588a04e-39e4-4a53-bd66-0f954aeb870d", "value": "8a2fe29e0c8dd347273b53d7521b36b7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831541", "to_ids": false, "type": "text", "uuid": "81f0f36f-7854-4b57-b94b-c3546d2a7b6b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAE2\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831563", "uuid": "4834b19e-7b29-4b59-8428-011c8353698c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831563", "to_ids": true, "type": "md5", "uuid": "b6c2f200-adc8-4709-88e9-3c6c90ce49ca", "value": "741e23df3f80f5ecb2d3fff08463ded9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831563", "to_ids": true, "type": "sha1", "uuid": "bdea09a8-11bd-4cfb-946b-0820b28e53d9", "value": "ae9c31a8acda9b9e69a49e9afddebcc2513df490", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831563", "to_ids": true, "type": "sha256", "uuid": "9fa3036f-955b-44d1-ba70-223148a1669d", "value": "5b496e8a01bff0931b5d771d7a94f65233c0537face037eb44d1e7fb53069b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831562", "to_ids": true, "type": "ssdeep", "uuid": "e222219d-3816-46d6-b74e-3ca50aa4f35e", "value": "12288:WwwQ2JgI1SPt5cthfT5R3CErVPAMFXlsHGdFSIuxK/MCa720sMAUcgtwqhX:W/Qe1QtCDr/3CEFvlsHaULI/4CFMF1hX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831563", "to_ids": false, "type": "size-in-bytes", "uuid": "028667cb-0393-44fd-923f-1b391ffc7b5e", "value": "772558" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831563", "to_ids": true, "type": "vhash", "uuid": "317aa37c-f20c-4aef-99ad-6f26858dcc9f", "value": "4b7fe1d41dfaf45521eab9560a6f8f61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831563", "to_ids": true, "type": "filename", "uuid": "1610c69e-5f63-424f-b495-c02122a1174d", "value": "com.til.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831563", "to_ids": false, "type": "text", "uuid": "066b3041-ab8e-4242-a386-8ddfd58e363b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831584", "uuid": "191376a8-7e3f-492f-a012-da0bcad8d3f3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831584", "to_ids": true, "type": "md5", "uuid": "fdd74ed1-1c72-4776-a499-0240976bfe0d", "value": "388d7a433cf579916b0e015c693a6fbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831584", "to_ids": true, "type": "sha1", "uuid": "e31f20e9-5706-4fdf-9a77-c3e24189969a", "value": "d8ad9ba493a96dd6db68232034c6fe7ad1682d91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831584", "to_ids": true, "type": "sha256", "uuid": "685cfa8a-e3d2-45d0-9ba2-967c8bae28e2", "value": "89de565536fbf9e2bac223a2ba49afc49f6784afe7de1592c4cf6a7c8bf42e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831584", "to_ids": true, "type": "ssdeep", "uuid": "051e405c-1034-4eea-bc30-9e2a83880920", "value": "24576:aLI/4CFMFqhXXAYWUkgSPSljSVM1zymQ8m/TpxVZkjvGtSxgOdVkFgSzrPgzR:a84CFMFqhXZjJVwMtyF8IpXZkbGtSxgo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831584", "to_ids": false, "type": "size-in-bytes", "uuid": "1225c77e-f993-4200-a70b-39f228dea08b", "value": "1467352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831584", "to_ids": true, "type": "vhash", "uuid": "89904b78-c85c-410c-94d0-4e07472c9d36", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831584", "to_ids": true, "type": "filename", "uuid": "d68d085c-3d44-4aae-96f4-edc794e8bd83", "value": "tlmB3R0pc6Au92R" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831584", "to_ids": false, "type": "text", "uuid": "50cddede-2934-417e-bac8-54d10e3ad632", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831606", "uuid": "1706e5d4-16cb-4e3b-be4b-d8b454f502cc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831605", "to_ids": true, "type": "md5", "uuid": "9eafaa5d-89f7-4048-8ff9-f975af65427c", "value": "74f5a0adb0e5567b92457627cbba8cb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831606", "to_ids": true, "type": "sha1", "uuid": "72d88162-4eed-4855-a2f4-48b23e35673f", "value": "40e1cf2aa4633d8bb7448672f917422b1b6e65f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831606", "to_ids": true, "type": "sha256", "uuid": "86a15a59-9acd-4e90-af26-422cd8e25d1a", "value": "7bff9560e367c0a0693a943aa0e8c518650aebdc83825a87381e6f1e62b04d69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831605", "to_ids": true, "type": "ssdeep", "uuid": "93846d67-dc58-46b7-bcea-a0d2cfb3335b", "value": "196608:SuwKTXgCq1wZXdwpc3Clh2mI9mUQ30wMdOVUTqFNPIO+l5405vCEQSfl:BQCqMdP3Clh2mI9BQ30wMdUUm6h5a+t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831605", "to_ids": false, "type": "size-in-bytes", "uuid": "e605fd3e-bdfb-4359-991c-c493eed509ea", "value": "14831221" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831605", "to_ids": true, "type": "vhash", "uuid": "668714d9-cb53-4389-a83b-ccf335e1c128", "value": "22d85952be483a0bde18ca7de6f3edad" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831605", "to_ids": true, "type": "filename", "uuid": "ce0b1d0e-af7e-4229-89bb-d2f4cab3a219", "value": "74f5a0adb0e5567b92457627cbba8cb4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831605", "to_ids": false, "type": "text", "uuid": "da7fe91e-99c8-4a70-8891-75212b469d4f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831627", "uuid": "47039776-fc90-4552-8e38-fceb6e8f4fa4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831627", "to_ids": true, "type": "md5", "uuid": "df4452c4-0787-4e1e-95db-ceef01cef876", "value": "7a5c57ac9f72a3c6e6a31391bec2c174", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831627", "to_ids": true, "type": "sha1", "uuid": "2a5c212f-26c7-4ac4-aeea-5e65e2178a7a", "value": "d8efbfbe499b3d42542fd3444325a417df23759c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831627", "to_ids": true, "type": "sha256", "uuid": "b1ff2656-d9f3-450e-a420-d999c9ea9bcc", "value": "8d5c1a3ff59b67d6f50d94f284d55f52ac253a5d4c404852d6d7ed45255fca53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831627", "to_ids": true, "type": "ssdeep", "uuid": "f7e4e76a-2fdf-41cc-89f9-a7747b9d8654", "value": "98304:3E3829dLu4pG3/VW1OjjzWYM0Qc/LlFF9S82u:0382DuOG3/8Qj1NQczLD2u" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831627", "to_ids": false, "type": "size-in-bytes", "uuid": "aa7a78d3-fcbd-4073-a56d-d339c526e1ca", "value": "3223287" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831627", "to_ids": true, "type": "vhash", "uuid": "b8c3543a-2062-44ac-ae35-8d2754770ff3", "value": "2afccb83b25a21419bf3d2b60589ce6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831627", "to_ids": true, "type": "filename", "uuid": "7c70f657-1175-4ab1-bd28-ccdc19248e30", "value": "7a5c57ac9f72a3c6e6a31391bec2c174.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831627", "to_ids": false, "type": "text", "uuid": "e446bda8-4512-458b-a70d-68e67c0f25be", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAFD\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831648", "uuid": "088890a5-fb6f-4faa-a27a-1755384b54f4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831648", "to_ids": true, "type": "md5", "uuid": "57f315bc-39bf-47c4-90d3-63d9981554a8", "value": "8affe047cc4cc2b54f2b661658a3b524", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831648", "to_ids": true, "type": "sha1", "uuid": "c87a943e-c801-40e7-80cc-cff4c768d55b", "value": "e29dc44d25e24cdd6024032b9457e8a22b58eb53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831648", "to_ids": true, "type": "sha256", "uuid": "cb4b6d90-232b-4bc2-88bc-467907a94349", "value": "51ac89c71004c652bab2c7eed7f47046bd05f4de0e5756c19b5de7d2dc7425e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831648", "to_ids": true, "type": "ssdeep", "uuid": "ece11564-8633-416a-bd16-34e2251d52b3", "value": "24576:4/QBGOfNEmg8D/iyQRuaCF5WaKXYRVnVtMR9I:wQBGOWG6mUaKXYRx/7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831648", "to_ids": false, "type": "size-in-bytes", "uuid": "27fa493e-d9f9-4fc4-8985-5211c9542c8c", "value": "832632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831648", "to_ids": true, "type": "vhash", "uuid": "836bb850-7b98-4d5f-88e5-8ffea98f1af6", "value": "4b7fe1d41dfaf45521eab9560a6f8f61" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831648", "to_ids": false, "type": "text", "uuid": "9194c649-6f9d-4125-b53d-cb854c3547e8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831670", "uuid": "43cd0980-85b1-4417-8ea1-313589c04cb3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831669", "to_ids": true, "type": "md5", "uuid": "a33b7011-91d1-480d-a435-862016c51cef", "value": "450fd5e40414db6320f189d402e3925f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831670", "to_ids": true, "type": "sha1", "uuid": "270a6596-c991-4039-88cb-8d1707fd9b23", "value": "64831fd7011f0857c3eb292017eba237f3b72dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831670", "to_ids": true, "type": "sha256", "uuid": "0b1280bb-c981-418c-9db4-804f0ccba9b2", "value": "f6b39c5bc61e6858b3c0dfe76f4cad760f9e8a53bd8a855bc37a62760c3af2cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831669", "to_ids": true, "type": "ssdeep", "uuid": "79eaf0d2-d62e-41d9-bd8e-f4875eb44c4f", "value": "12288:YwwQXArpnlFlAgVhsZlSj5frpQvP0NV+e4bMiP0WErtwQoKGdrNesObkDhw7ovRn:Y/QQppAgAZlSjTQPrMQXErtwQoKar9AG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831669", "to_ids": false, "type": "size-in-bytes", "uuid": "897f2347-4b69-4f27-8e9c-eeb2fa14d1bc", "value": "762295" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831669", "to_ids": true, "type": "vhash", "uuid": "8e7920b7-563f-4e53-b4ee-2434961be603", "value": "2470ba3abc2a542ed01c1866822ff43d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831669", "to_ids": true, "type": "filename", "uuid": "e7936728-8064-46fd-ba27-981520c83952", "value": "450fd5e40414db6320f189d402e3925f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831669", "to_ids": false, "type": "text", "uuid": "25cb71be-e73c-4326-b437-b99603a214aa", "value": "GoldenEagle\r\nType Description: ZIP\n\nMicrosoft: None\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831691", "uuid": "1149f0b4-dd59-46da-91c6-754f9e71b3fc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831691", "to_ids": true, "type": "md5", "uuid": "18ceed44-515d-44c7-a5d8-4b07ba9dacd2", "value": "ccfae7653da3b4f0d8adbcc7628dddd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831691", "to_ids": true, "type": "sha1", "uuid": "240b8a99-e348-4789-8b5c-a276da62753b", "value": "c31b4b5302635133170c60391f316fa9f7b194ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831691", "to_ids": true, "type": "sha256", "uuid": "f8a7a062-5f8c-4b94-81c8-96e8cd8e5aa7", "value": "e5445b7ca8ebf6e4a500566134176ed37d3e2765438dd549d6a627bcb1238bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831690", "to_ids": true, "type": "ssdeep", "uuid": "1b622342-558e-485e-8dfa-707b3c8e6adc", "value": "24576:U/Q0YWpRpMcPbfpLrAB5KVTrC+nxfe3WqYzlFZG8UbvUi6cscL0KfzYatLI/4CFo:sQNoR3LdUwRrC+nxCWqYzlFmbvUQfp8o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831690", "to_ids": false, "type": "size-in-bytes", "uuid": "df5e6fd9-a33b-4123-9221-2d4ebda54462", "value": "1466169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831690", "to_ids": true, "type": "vhash", "uuid": "02e083ba-e08d-4e50-8fe9-1e7e05912eea", "value": "4b7fe1d41dfaf45521eab9560a6f8f61" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831691", "to_ids": true, "type": "filename", "uuid": "5ce28dec-ff66-4e2f-94ad-a5f76d8cda46", "value": "ccfae7653da3b4f0d8adbcc7628dddd8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831691", "to_ids": false, "type": "text", "uuid": "280fb2c8-f1f2-4835-ab3d-5e16727e8334", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831712", "uuid": "044da7a1-6756-433e-a925-c4852c58079d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831712", "to_ids": true, "type": "md5", "uuid": "27e5222a-9d9c-4fae-89b0-cb0eae2f3229", "value": "cc008ee432156688f81dc86da1e24c57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831712", "to_ids": true, "type": "sha1", "uuid": "cbc36ff5-4f4c-4487-96a3-52d09e849097", "value": "34068c7e54d13f079fe4a6391207107fc15012ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831712", "to_ids": true, "type": "sha256", "uuid": "2a911507-184c-4700-a1cb-91befa425edb", "value": "b6593859fa1d686ba3900f534d1798ff2b1107fa4f9581dc04a008c7abf13005", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831712", "to_ids": true, "type": "ssdeep", "uuid": "306c2b3d-c34a-4fb1-a7c0-2884a02b4b38", "value": "24576:7/Qe8EeohSiXM5y/dC8KOXobRV837Ca8uMfTxo2M/y6FqQ0arBwfgOFDVNdf/:DQeNe87VrzXov83ua8uQTxbwy6MkGfgY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831712", "to_ids": false, "type": "size-in-bytes", "uuid": "df3e5e87-6019-41d7-9fad-fb9bde1f8b26", "value": "1537419" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831712", "to_ids": true, "type": "vhash", "uuid": "9a4e3909-06ed-4528-899f-88e249f6c080", "value": "2470ba3abc2a542ed01c1866822ff43d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831712", "to_ids": false, "type": "text", "uuid": "73a64ec5-1439-49e7-9b72-c6b021e41919", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831734", "uuid": "554eef2f-f742-43c2-aaf3-1d8e3ebd7bc2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831734", "to_ids": true, "type": "md5", "uuid": "793d1347-1c04-4bbb-9729-2d9538dd75c8", "value": "678bb6bcb756849bd086d27461f55f1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831734", "to_ids": true, "type": "sha1", "uuid": "06a61e6b-ed38-4662-917e-d6c65f8921cb", "value": "b179d1d1ec51fd1f1280429df8f6be498cc2b6a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831734", "to_ids": true, "type": "sha256", "uuid": "3bfe657a-ba5b-4500-b32d-74978fe282b4", "value": "2101bdb51326c817db93ad3280aad4a3d097b39473771718aaaf35e690054135", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831733", "to_ids": true, "type": "ssdeep", "uuid": "0b3b5818-1602-4393-88dd-b46f5d5c11b4", "value": "24576:z/QGn7/iceOBn3OOqETvkpkM7oWZN6WZlTOgrfc7YMh5iURbTcO4wtZ6yAuO9daj:7QGn7/YOfq3kM7pJigihnbLOSSkH22Uq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831733", "to_ids": false, "type": "size-in-bytes", "uuid": "981dac34-a00e-4baf-85c7-dfe8ce8cc68d", "value": "1455096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831733", "to_ids": true, "type": "vhash", "uuid": "59cfed9f-e2b9-4fbf-b2ec-fb5ad9182b44", "value": "2470ba3abc2a542ed01c1866822ff43d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831733", "to_ids": false, "type": "text", "uuid": "b4dba6fa-d41e-4984-b65e-20a0a9524e98", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:36/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831755", "uuid": "90b289b2-4c27-4bbc-83a6-708a155fe638", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831755", "to_ids": true, "type": "md5", "uuid": "bc0c681b-6a3b-4d47-b566-317ce681c75f", "value": "e208efea8c2d513cd534e335c862d44d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831755", "to_ids": true, "type": "sha1", "uuid": "f0b39392-0f84-4dae-85cd-2eaa0bf0a17f", "value": "91a830fca66e695ce7fe05fe909ce21eaa874c2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831755", "to_ids": true, "type": "sha256", "uuid": "7eb3075a-e52e-45a0-9bc2-e5c0dae8ef84", "value": "8f703731a98ed08598b14c4f2ff9a6e6380c3d6b7ad540706d9917a175d2df56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831755", "to_ids": true, "type": "ssdeep", "uuid": "24c8c1df-1f4d-40b0-be5c-98135d947cb9", "value": "24576:I/QPBft3IoiTNeKekvIi4iJOapvZgiDe9tq3zm2YhJ6Gsdya9wNa+BwfgOFDVNd0:AQPBtn4jekvIiZZvNaO0AUGfgAxM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831755", "to_ids": false, "type": "size-in-bytes", "uuid": "d300a188-bd8a-4f1f-ab81-bd2839cec917", "value": "1537489" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831755", "to_ids": true, "type": "vhash", "uuid": "7c8973c5-7db0-41f6-acac-80d5c1a80815", "value": "2470ba3abc2a542ed01c1866822ff43d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831755", "to_ids": false, "type": "text", "uuid": "6ac6a267-29de-46aa-b04d-f18331832e6e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831776", "uuid": "be539ff4-d156-4f3e-bcea-181e30dd0e82", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831776", "to_ids": true, "type": "md5", "uuid": "44ff29f6-4ac4-4786-9632-4616324259c1", "value": "dc8f56ebbccd83d41c2ef68cb0a6287b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831776", "to_ids": true, "type": "sha1", "uuid": "22df08fb-e4f3-4685-bb5f-1389f85510d5", "value": "1fc1ee870ce89e5d7a3e510547895b1be30de6d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831776", "to_ids": true, "type": "sha256", "uuid": "33706fee-f646-4c8d-98bf-d51bc81e1ad7", "value": "3309b9fb83416dbe16ef67299aa32b7c8159efed28f488ddf0a92784b18e7f95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831776", "to_ids": true, "type": "ssdeep", "uuid": "2b59e811-38d1-4846-b6df-fec803747398", "value": "24576:GAktl2G6KrcXnYDeo2YKMAlNZlNTXXHyH/D3JrLmTai/pi1jpr:zkH22rc02TVXXHyf9vmO1jd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831776", "to_ids": false, "type": "size-in-bytes", "uuid": "b7ae347b-29d5-4aed-835a-59337dbe32f4", "value": "1456780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831776", "to_ids": true, "type": "vhash", "uuid": "5d2355fe-2f47-4804-b98f-6c118ffc1c72", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831776", "to_ids": false, "type": "text", "uuid": "d11fac2d-2723-48ab-afde-5fdca522e283", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831798", "uuid": "53168237-6860-4498-89b4-71cfb7ca6d42", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831797", "to_ids": true, "type": "md5", "uuid": "54cac2c7-d2ec-4705-99e6-556e13cd58f0", "value": "97ca811a2160236378d0426d666a4981", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831798", "to_ids": true, "type": "sha1", "uuid": "97c36095-5dea-4afe-8532-bc9ad9aac9f0", "value": "e1b390284b6fefeeae2242d29e5b68531931777c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831798", "to_ids": true, "type": "sha256", "uuid": "07f3d6d1-62b9-44d0-af5a-123a31f90e2a", "value": "a628ab7bef93fca63d686ae18ed401b9b451e2052481963c74a9d18aca595783", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831797", "to_ids": true, "type": "ssdeep", "uuid": "b799fd35-2f2d-415b-a030-c04a35a4892b", "value": "24576:x/QD24x8mNNsR0An6lIhFAuvBuOR2ugu4ibmBGn+aFF5WaKXYRVnV6MR9t:RQDPx+j6lsBvBuOAug9GmB8UaKXYRxEW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831797", "to_ids": false, "type": "size-in-bytes", "uuid": "fd349b4f-ba8e-4b20-9ed1-0cab03505a09", "value": "1526225" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831797", "to_ids": true, "type": "vhash", "uuid": "888f9f9f-bc8e-441d-a6a9-786181273d3a", "value": "4b7fe1d41dfaf45521eab9560a6f8f61" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831797", "to_ids": false, "type": "text", "uuid": "33dd8b76-e547-4f22-90c3-5873fff02027", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831819", "uuid": "58f74b4d-8d21-4452-92da-5c443b5346d9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831819", "to_ids": true, "type": "md5", "uuid": "424fc65c-72b4-4cb4-a808-1db762f49d7c", "value": "52229b25fe6c10e0687c4bdd65aa4dfc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831819", "to_ids": true, "type": "sha1", "uuid": "6bf40cd0-990d-4c76-b16a-ed1d02879196", "value": "04a6b54e850e6f5d3369dc13fd461e5539b61f30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831819", "to_ids": true, "type": "sha256", "uuid": "00461d2f-a787-4e1a-8bfe-1cbd8de486d7", "value": "ea74a4f6fb3a862c93e4fbd4f880c9d45292f927fddf841d0d8f9df169c66bd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831819", "to_ids": true, "type": "ssdeep", "uuid": "7fe5de7f-22d1-45dd-812e-323157738494", "value": "24576:kX/BwfgOFDVNdKKBr75872YGxBGKOhURtzH2XMQRzfR2fYxtINnwIh6m6G:kvGfgAxTBH5872YGPOO/OZsYzINwIh5l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831819", "to_ids": false, "type": "size-in-bytes", "uuid": "e5ef6bf5-f0c0-48e8-8f8d-402f15ea2a4d", "value": "1539255" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831819", "to_ids": true, "type": "vhash", "uuid": "e3f7a920-3be7-4232-ba0a-e3386c88df95", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831819", "to_ids": false, "type": "text", "uuid": "80589814-1e14-42da-aab0-6f9e5d3e0055", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831840", "uuid": "17536532-4840-45f7-bbb1-1e2f99513aea", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831840", "to_ids": true, "type": "md5", "uuid": "43935f9f-18f9-4522-8b76-5b61f0dfeebd", "value": "7418b175261f6c3a12a20ab69e535894", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831840", "to_ids": true, "type": "sha1", "uuid": "2b9efff2-cbca-42d0-b8ec-c528a434207a", "value": "ff6b5e212d64bf919580c3d82f397b3a0dfd1857", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831840", "to_ids": true, "type": "sha256", "uuid": "db34c152-7020-454e-a007-4a95a2c09b04", "value": "1021c9a429bba7d3ca332e974ebb1fc7a5e6bdc0c7ccf3e209264ff3a50e9180", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831840", "to_ids": true, "type": "ssdeep", "uuid": "093d881a-5ec2-496d-99bd-4c391cfbd94f", "value": "98304:RKZonqjqH9BneQAKCnIQG3fuLCZGA8bdzX:Rgdjqd58P4WDA8hzX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831840", "to_ids": false, "type": "size-in-bytes", "uuid": "b6e66119-3405-42fa-bb3f-8b41a35abf59", "value": "3220384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831840", "to_ids": true, "type": "vhash", "uuid": "38052857-f664-4047-8b68-e3ead88f92c5", "value": "80c1955e8c8914d93a96245615f105ea" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831840", "to_ids": false, "type": "text", "uuid": "4b6b2565-5e33-4b75-aafd-68703f7e825f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAFD\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831862", "uuid": "64ff4e78-491e-4530-9e33-ee62d80db604", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831861", "to_ids": true, "type": "md5", "uuid": "f073e802-f349-43a8-91ea-86c743a3bdb6", "value": "1b5aa8e220c38dfce160c48140281b53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831861", "to_ids": true, "type": "sha1", "uuid": "5ffa8421-0fd9-43f0-bd98-283e69e58b88", "value": "da77d13413576f45ddce673eb6b7f29b4093873f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831862", "to_ids": true, "type": "sha256", "uuid": "391f01fd-d244-48e2-8046-cfa63b3b9a55", "value": "5890e5f10f9ba6de0851347d1183d90eb84f273998ec6451f3c2b4861c4f9d03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831861", "to_ids": true, "type": "ssdeep", "uuid": "4c3ffc44-e2a4-4e6f-9782-4d6a7b7399ee", "value": "98304:+ab8fgVH04pG3/VW1OjjzWYM0Qc/LlFF9S82E:Nb8fw0OG3/8Qj1NQczLD2E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831861", "to_ids": false, "type": "size-in-bytes", "uuid": "04599bb2-5b41-4be1-a2e7-bf940b4c2b34", "value": "3223281" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831861", "to_ids": true, "type": "vhash", "uuid": "d3fe3d41-82a4-4bcc-b93b-e5b6c6e81431", "value": "2afccb83b25a21419bf3d2b60589ce6c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831861", "to_ids": true, "type": "filename", "uuid": "1ce939d3-7132-40b0-ba7f-6a36d9f2f66f", "value": "com.trelang.wallpaper.hotgirls.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831861", "to_ids": false, "type": "text", "uuid": "77fae05a-ab5c-4d22-a8e7-62d9adf39c35", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831883", "uuid": "cd46b41b-5bb6-4d3d-8616-283ca9f0a38a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831883", "to_ids": true, "type": "md5", "uuid": "7fbbbf86-d944-4b91-a650-82f6812e3566", "value": "c0b0d4fdd0dfd6e1125bf38aeed528c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831883", "to_ids": true, "type": "sha1", "uuid": "a95d4cf5-fd20-4378-bb9d-624cfae8b126", "value": "2078746fbd38cad3e1189aa6007089619d626bca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831883", "to_ids": true, "type": "sha256", "uuid": "69d26afa-f732-4d37-8663-7cea9afb7ced", "value": "655a3d508c519f9632e88e748e048f1495636a4a6676909dbed823cd4d3d40a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831882", "to_ids": true, "type": "ssdeep", "uuid": "5c1698bb-8303-4e60-9add-9dbc0bf46427", "value": "24576:6/QbGOfNEmg8D/iyQRparF5WaKXYRVnVAMR9F:6QbGOWG6KUaKXYRxeq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831882", "to_ids": false, "type": "size-in-bytes", "uuid": "07832789-a936-4bcf-a4af-648992f2cad2", "value": "832606" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831882", "to_ids": true, "type": "vhash", "uuid": "8bcc46e2-afe9-486b-b46c-210a9ae6060f", "value": "4b7fe1d41dfaf45521eab9560a6f8f61" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831882", "to_ids": false, "type": "text", "uuid": "8f48d22c-eeaa-4ac8-ac08-e867b87d6794", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAA6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831904", "uuid": "0b2cad4c-df61-4e29-abd8-a9a039be16e8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831904", "to_ids": true, "type": "md5", "uuid": "3820a97b-26a4-414c-880d-683386a938f1", "value": "98621b0ea3194eca759f975e5cd58138", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831904", "to_ids": true, "type": "sha1", "uuid": "07f52c99-0091-4fc5-9a77-795d15970222", "value": "69120120969e387fe92af6103970491be4a2111b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831904", "to_ids": true, "type": "sha256", "uuid": "0647c2f5-f8c5-44d1-9e7e-5950121b01b8", "value": "9293533663f203b90c6c9b9b3c7f0190b9280834c7f734ac959e099e31914c4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831904", "to_ids": true, "type": "ssdeep", "uuid": "16f3a4fa-ffc5-4c17-9851-a71a7a75815f", "value": "12288:2Rx+5QJeqsBZifgOFM0VuUBgw1+j3IdA5KbrzvKJn6NSDF7agGt7XIRsg3fBCpQH:2XSBwfgOFDVNdbA5urzvn0W6Zo9a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831904", "to_ids": false, "type": "size-in-bytes", "uuid": "93c60088-fe11-47ed-a8c0-7dd03b8dee91", "value": "846396" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831904", "to_ids": true, "type": "vhash", "uuid": "5d07214a-c3f3-45ce-8d51-ae7161210f61", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831904", "to_ids": false, "type": "text", "uuid": "e3f28c2a-c74b-4dbf-99ee-308b429c3766", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD2\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831926", "uuid": "f3d16972-03b3-4cba-8c07-0cafc3c016ea", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831925", "to_ids": true, "type": "md5", "uuid": "b36533ec-2122-45ea-9112-53929ca2782b", "value": "6ea4076d30c8400f08485c774348f7fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831925", "to_ids": true, "type": "sha1", "uuid": "1ebe96c5-a74f-4a34-9e3f-285cb44328b5", "value": "e3c73b80834db812ee5bebf271305fcfcf040a00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831926", "to_ids": true, "type": "sha256", "uuid": "dc440ed0-4c81-4c91-b79d-a51a479e095c", "value": "435964144b037a7fff63fc544abc8ef6a37f7214abcc59ce4ab6a7017763cc1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831925", "to_ids": true, "type": "ssdeep", "uuid": "2409b625-32c5-4749-9421-34f07a464ce6", "value": "24576:yF5WaKXYRVnVgMR9xXBwGzXmiNRbYL1No:QUaKXYRxGQRwGqo21No" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831925", "to_ids": false, "type": "size-in-bytes", "uuid": "356981f7-0733-4324-8067-7c53f1eb5d89", "value": "833801" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831925", "to_ids": true, "type": "vhash", "uuid": "072dd11c-dfe0-4624-ae0b-d17c511e5072", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831925", "to_ids": false, "type": "text", "uuid": "6a2eb97c-bfe6-4f83-bda2-37539e26a6ae", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAA6\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831947", "uuid": "c9a4aea6-b40e-461b-a2dd-216cda7f39d8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831947", "to_ids": true, "type": "md5", "uuid": "1deaf562-0c45-4279-93bf-b67c6e1c65b7", "value": "f9f5457027001d27161a3b4493450a52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831947", "to_ids": true, "type": "sha1", "uuid": "f85457fc-d0ec-41cf-96ae-7454a81bf143", "value": "54f30f879fe04c50d287656a2764976671743ce0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831947", "to_ids": true, "type": "sha256", "uuid": "582fd350-b28e-4b56-8a88-efd051fdd942", "value": "8cfec72e17c3dafc4cb39a1c2723e791ba711f309cf7738e97d86fddb85b16da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831946", "to_ids": true, "type": "ssdeep", "uuid": "9e31e7e8-e815-49e6-81ff-23390bbaf67b", "value": "24576:nF5WaKXYRVnVJMR9FXswGzXmiNRbYL1Nx:FUaKXYRxfecwGqo21Nx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831946", "to_ids": false, "type": "size-in-bytes", "uuid": "67fbc63a-cef1-4c03-b86f-19f4d276ca43", "value": "833808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831946", "to_ids": true, "type": "vhash", "uuid": "284a9536-3182-4dc4-9d76-bdbcc6654fc3", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831946", "to_ids": true, "type": "filename", "uuid": "f7b9bf35-e82f-470a-b2d6-56d535157c9e", "value": "f9f5457027001d27161a3b4493450a52.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831946", "to_ids": false, "type": "text", "uuid": "2775f34b-e57f-407e-b99c-d93c3d050989", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAA6\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831968", "uuid": "7895adba-98b8-48df-9cd8-7e2a5384657b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831968", "to_ids": true, "type": "md5", "uuid": "d0b88028-4615-477a-b4f8-115c04b01849", "value": "c4142a408b197fbcc664e56d8202fb29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831968", "to_ids": true, "type": "sha1", "uuid": "ff930181-b455-429d-be4f-e3b5460441ff", "value": "d75e0c9922cd6c5800709c022660e24908293452", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831968", "to_ids": true, "type": "sha256", "uuid": "8b28e657-b73e-482d-9ae6-43fe0aea112f", "value": "d39510caddff9360c22e2af2ca4168dffa33967a6e2b8ab931a07165a7b5e41b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831968", "to_ids": true, "type": "ssdeep", "uuid": "18a92efc-2ec1-4e7e-9e09-3b9893393ecf", "value": "24576:FXFBwfgOFDVNdW7Ot4G+ZnUy8l/JsBZGW:F1GfgAxcOt4VZnUyWRij" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831968", "to_ids": false, "type": "size-in-bytes", "uuid": "77e22eb1-8714-4052-bc98-2af69eeb74d3", "value": "846455" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831968", "to_ids": true, "type": "vhash", "uuid": "2130303b-fc81-450c-9d9d-e942f1f0ec1b", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831968", "to_ids": false, "type": "text", "uuid": "35b99ce5-5d8b-4fcb-aa43-9e107a238af6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA37\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740831989", "uuid": "6102e0b6-2361-4c63-a4ca-cae578bf0d0a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740831989", "to_ids": true, "type": "md5", "uuid": "f5ccb5e3-eb28-425a-b04a-d3fd8a923d6d", "value": "60736e54e2adbf06e6178d5d43a26dc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740831989", "to_ids": true, "type": "sha1", "uuid": "14907c10-7eb9-4dd9-9ac8-a710e84a0186", "value": "de234de134d2801e37992df6c627e65d021f1733", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740831989", "to_ids": true, "type": "sha256", "uuid": "0b3e8664-11df-46dc-a14e-ad72f468b42a", "value": "371bfc04511687b0c87a46ab26ce9b4102863fee2066f8836bb1615cb9dd7783", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740831989", "to_ids": true, "type": "ssdeep", "uuid": "90f149ea-477e-404a-9c1d-937af4eccf3a", "value": "12288:lsObkDhw7ovRMG6KoN5Rx+5QJyxS8b5p76UzxYJprbs6stSMfi:2Aktl2G6KoDXEpb5l6UVUUfK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740831989", "to_ids": false, "type": "size-in-bytes", "uuid": "e89c41cf-53ff-4447-b008-6da2b6839140", "value": "763781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740831989", "to_ids": true, "type": "vhash", "uuid": "0c4ee2d1-dfeb-4dd5-b16b-c554006e9bf9", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740831989", "to_ids": true, "type": "filename", "uuid": "18a3f210-1a89-4ff0-abe6-1d48dd246096", "value": "60736e54e2adbf06e6178d5d43a26dc8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740831989", "to_ids": false, "type": "text", "uuid": "9b896867-4aca-4266-822f-af5f7dc0242e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD4\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832011", "uuid": "7b472842-8923-4eb3-9fd6-2063f0b1db48", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832011", "to_ids": true, "type": "md5", "uuid": "d5d6eb45-5a77-44f9-934f-c0999f8615fc", "value": "ff23015554122d1127e5afd2cdf77104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832011", "to_ids": true, "type": "sha1", "uuid": "11c31065-1abc-4ea2-9a9b-77c55207245f", "value": "d11c1e822242f589e394000d46fd53b86f2c700e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832011", "to_ids": true, "type": "sha256", "uuid": "169edc05-5ae0-44b0-8477-d2578f7f2a7c", "value": "e189b725940dc94041311e0ba8f1aa2c401be6dace9ee20f98152e971954ce5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832010", "to_ids": true, "type": "ssdeep", "uuid": "1f5afa33-19f3-4a29-8e67-dcf4516688d2", "value": "12288:qRx+5QJN6sBZifgOFM0VuUBgw1+jmPdA5KbrzvKJn6NSDF7agGt7XIRsg3fBCpQD:qXRBwfgOFDVNdZA5urzvn0W6Zo9K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832010", "to_ids": false, "type": "size-in-bytes", "uuid": "666bc6a2-075a-43c9-bf80-9bab139cc646", "value": "846417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832010", "to_ids": true, "type": "vhash", "uuid": "86e5c33a-783b-4fbe-822a-e401d116ca9c", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832010", "to_ids": false, "type": "text", "uuid": "35df1ec9-49b5-407d-8631-0a3cae5f6129", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD2\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832032", "uuid": "0de5f3f8-fb01-4b82-a81e-7a9833d7893e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832032", "to_ids": true, "type": "md5", "uuid": "fce1b074-1698-4dc6-98ff-9ecef9ee9a7c", "value": "f837a62d50db7bbe6b2b804b459c5637", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832032", "to_ids": true, "type": "sha1", "uuid": "46685a49-b74c-43e8-a079-bbf272f042cb", "value": "72693496c6db07ee745423157067cc4bbf1bf972", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832032", "to_ids": true, "type": "sha256", "uuid": "21ecf120-0530-48c0-8c76-3183924de293", "value": "284a6bf4ea63f8967983d077e47c21a319a9a42ad65197e32cf86504e5be4e55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832032", "to_ids": true, "type": "ssdeep", "uuid": "43e0cc6b-fd2d-46aa-aded-1d074d9bca72", "value": "98304:p3q2bNs2Rdd7x8ODDOb4d7NrhnQuuEsU1XuVSSX3Su3QT8CHFPZlQ3/2:p62H5xcejntu3zzCuiplQv2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832032", "to_ids": false, "type": "size-in-bytes", "uuid": "b8d5e84a-a292-493d-a569-229f5b314a76", "value": "4501276" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832032", "to_ids": true, "type": "vhash", "uuid": "2e2dd907-fb31-42c5-895b-be4b3bdd9ace", "value": "29e606ca680398a4f68edce5fa50d1ba" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832032", "to_ids": false, "type": "text", "uuid": "d5c98017-8b53-4f6b-abec-71514aa9de7e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832053", "uuid": "56751e5e-a27c-4cdc-8747-9c139d051d39", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832053", "to_ids": true, "type": "md5", "uuid": "02fd5ca5-5001-44ef-8a21-fa923f330dd1", "value": "868d14cbb5e1ad28109437739a53576a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832053", "to_ids": true, "type": "sha1", "uuid": "76e87f1e-fce1-4a82-9d69-3a6665a4aa17", "value": "84239dc90d3d3d31a7f4cd6b4e0629f753323279", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832053", "to_ids": true, "type": "sha256", "uuid": "18044e30-a790-4bef-8898-a65a4629e5eb", "value": "d47572604d2db4c43ad16a6f02508977bcf353b9bdc588fb5c7d771f09149270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832053", "to_ids": true, "type": "ssdeep", "uuid": "bb42671e-ebb7-4c0b-af99-aef3999f0bd9", "value": "6144:MkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs51:GRIKiDQM6tQ30fTviiX1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832053", "to_ids": false, "type": "size-in-bytes", "uuid": "3fbcc0de-ec8f-457d-969d-a2e6c2269bfa", "value": "247717" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832053", "to_ids": true, "type": "vhash", "uuid": "b1f3a918-0fee-4e05-9c55-ebbeb10cb781", "value": "53a8686a39e89b385cb30d739b3cfb78" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832053", "to_ids": false, "type": "text", "uuid": "2e344949-d6ef-4d03-825d-3538d01bc225", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832075", "uuid": "ebc2cb48-8c24-41b3-8174-1fc29eddc520", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832075", "to_ids": true, "type": "md5", "uuid": "83008814-55c7-4b64-b114-eadd85fdf826", "value": "65fbf18b60517511fcec4b440b87700c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832075", "to_ids": true, "type": "sha1", "uuid": "e65754b8-bb1c-4278-ac8c-fa0ea0ba53f0", "value": "481d5bf7e28d423b5a3c2a2a55e66134fa1b5edf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832075", "to_ids": true, "type": "sha256", "uuid": "9ad9b73f-60a2-4403-abc4-fe80a27e58a0", "value": "64013f02b4276c9d399c7ce31efb55cd06729eee4dc1f1b359cf8d1b87b047dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832074", "to_ids": true, "type": "ssdeep", "uuid": "ab9788e5-7f3d-4da1-883a-2fd27e3aa945", "value": "3072:zMXOMXyg+61988vK2kQ584AdsLekFFrdFR6zcmPhSVllVBolh:z4O4yg+61X7CdWekFPFR6/P4Vl9a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832074", "to_ids": false, "type": "size-in-bytes", "uuid": "d4606052-3e72-4e3a-a845-dd08e4ba5c57", "value": "139169" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832074", "to_ids": true, "type": "vhash", "uuid": "d27919e1-6cf1-46e6-87bb-972970c4b617", "value": "ee4a8fc6fec0b69fa914c0033da4e895" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832074", "to_ids": true, "type": "filename", "uuid": "49e028f3-af80-47e1-9fa6-f33f080f6c8c", "value": "65fbf18b60517511fcec4b440b87700c.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832074", "to_ids": false, "type": "text", "uuid": "9bd380c8-e2e6-4203-9db5-7d0d4785d1aa", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832096", "uuid": "9c70c8f1-4918-426c-9db0-07d4fdb415fe", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832096", "to_ids": true, "type": "md5", "uuid": "108cb8b1-84a9-4df9-816c-bd848dd337f1", "value": "ff76c59762a3b4f566f89cb7c5ef7188", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832096", "to_ids": true, "type": "sha1", "uuid": "a25e3e47-8698-4569-9e6a-ee757da64736", "value": "c9168234320ebbbfa832f9942fdb9f022563905f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832096", "to_ids": true, "type": "sha256", "uuid": "a8786dcb-1a26-4e42-a393-186970e842f1", "value": "1f478bbb9fdb6edeb6c6b30ad232349744ba479d1d2d2ee8bf5172a286a22a98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832096", "to_ids": true, "type": "ssdeep", "uuid": "05cc60e3-1e45-4fa4-9e4c-f98eed6aa8c1", "value": "6144:OkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5u:ERIKiDQM6tQ30fTviiXu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832096", "to_ids": false, "type": "size-in-bytes", "uuid": "5d8acd0b-ccc9-4bff-a39f-5b857008ba2f", "value": "247713" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832096", "to_ids": true, "type": "vhash", "uuid": "bd5b5828-f492-4273-907a-92302a34cd90", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832096", "to_ids": true, "type": "filename", "uuid": "9c294621-6c00-440f-b33c-f225bf203bac", "value": "ff76c59762a3b4f566f89cb7c5ef7188.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832096", "to_ids": false, "type": "text", "uuid": "7ece3739-ebcc-416c-a2be-4004acc6b56b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832138", "uuid": "836b6600-5a5f-464a-83fc-78f2be02ee1f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832138", "to_ids": true, "type": "md5", "uuid": "56c9b6d9-56b4-49fb-990d-26bf90d8f461", "value": "48fedb305b717d5a91828b82bb0fdec3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832138", "to_ids": true, "type": "sha1", "uuid": "252d34d0-8475-4de9-ade5-293fa7fd11e1", "value": "0705220d3126268b1c064b73b40f6df82b7d3147", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832138", "to_ids": true, "type": "sha256", "uuid": "c17c5c48-c87d-41df-96b3-351b82740e9a", "value": "f88245ddfc004a285522109d4fd213d3589845275c230bf2883035a963d6505a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832138", "to_ids": true, "type": "ssdeep", "uuid": "37cb5c5c-6f26-48be-8311-55e3b99ca1b2", "value": "49152:iDeBtwZT/SDwJluoEKKQC0Ya39hUJNPdf7eZZxgbb+JdQzkkb5pFOQ:iDeBtsT/SDGatQXphUJNPksbQdQzkCFj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832138", "to_ids": false, "type": "size-in-bytes", "uuid": "d876f487-23c9-4c1b-9bd1-28ff1e6f7294", "value": "2414898" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832138", "to_ids": true, "type": "vhash", "uuid": "d74c7c5f-2834-4e8f-a7c6-24d120e3e73e", "value": "26d6bb06e8d9abfe6d3ce310d9866a03" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832138", "to_ids": true, "type": "filename", "uuid": "8cd5c1a3-8820-48d9-9891-bb4524a7b0b8", "value": "48fedb305b717d5a91828b82bb0fdec3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832138", "to_ids": false, "type": "text", "uuid": "377cdf81-339c-4c25-9606-fad682aa3a06", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Ymacco\nVT Total Detection:35/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832159", "uuid": "55d3face-5d8a-468b-9f20-ed711fc243a3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832159", "to_ids": true, "type": "md5", "uuid": "f74b58fd-4a02-43db-8b29-995f22b38c9e", "value": "3b092b4afc36a5db22f582236f506e69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832159", "to_ids": true, "type": "sha1", "uuid": "66d80d62-b0f0-4a1b-8d4e-abe1d9d1ebe0", "value": "d79bb5d6a0a0e3210b2481d55e465678407451fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832159", "to_ids": true, "type": "sha256", "uuid": "23208f06-bde9-4161-be46-f6ceb5dda090", "value": "2959c440cccf043dea4d7afc5762faf2abb4fd8501b65cf80a322a559daecaf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832159", "to_ids": true, "type": "ssdeep", "uuid": "efdf43f0-da26-48bf-ae08-a3b34310c058", "value": "6144:/07o0lTneJ665f8KZIqRFI+3OKqGNPny7ey8YnWaGpFxOb4hT++zxt05RWAtOv95:/0M0lLPGkKjTI0E983DvJh42IOvui" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832159", "to_ids": false, "type": "size-in-bytes", "uuid": "0b07e03e-898d-4492-afb3-7fcd106103f7", "value": "442038" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832159", "to_ids": true, "type": "vhash", "uuid": "57821c1c-d07c-47fe-9d0c-1f68373e2d5a", "value": "04c21dcae91065ef250a299224b766b5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832159", "to_ids": true, "type": "filename", "uuid": "017c1c45-8470-4b46-a679-6e602f057d1b", "value": "3b092b4afc36a5db22f582236f506e69.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832159", "to_ids": false, "type": "text", "uuid": "f0a17ae8-d66f-48f7-b2c6-e89cf70d1794", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832181", "uuid": "943dca4d-02a1-452b-8972-1958854a4c22", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832180", "to_ids": true, "type": "md5", "uuid": "7d72395f-3a7d-4161-90fd-795a0d2ebc71", "value": "31efa881dbcae953bbfa68e91c3df95c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832181", "to_ids": true, "type": "sha1", "uuid": "7d058ac9-f268-47e0-bab8-2f80ab1e3be4", "value": "ffaf565119fdaa51d82846dd9b79d87d16e22e25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832181", "to_ids": true, "type": "sha256", "uuid": "9402046a-3ed4-47a9-9222-1633ab50dbfb", "value": "e0d2f806635052885ee3fb3affd295f41215d3460b867d29887eb5aec0757551", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832180", "to_ids": true, "type": "ssdeep", "uuid": "59e2780e-e843-47ec-8283-14f5e11312f2", "value": "49152:nUaKXYRxTsg+TfSK40HXoDTgSP1dQyKTNHduV:UaKax5+TfO03o9dQyK5O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832180", "to_ids": false, "type": "size-in-bytes", "uuid": "bf9f7d2b-7d47-4d92-96eb-8bf234d95d26", "value": "1815784" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832180", "to_ids": true, "type": "vhash", "uuid": "6cb479fb-d7be-403d-8399-a99ee760bddb", "value": "9995ae53abc180e3b0a6d3bb88f10cc8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832180", "to_ids": true, "type": "filename", "uuid": "f615565f-361c-4b70-adb4-74d837103f33", "value": "C3LRaCNjSzU8jwiLo9_A20180604-31088-j58yc4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832180", "to_ids": false, "type": "text", "uuid": "c61bcd71-2c83-441c-8726-d8450f4b831c", "value": "GoldenEagle\r\nType Description: Android\nNone\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832202", "uuid": "a33ef5bd-c7a7-405b-b3cd-c9872a874268", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832202", "to_ids": true, "type": "md5", "uuid": "0be6c927-52f8-408c-a485-92ad2f9e110b", "value": "4991bae42f845cba24a797dc59898b16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832202", "to_ids": true, "type": "sha1", "uuid": "9fe1d1c5-1cc9-4702-8808-5709de73db3b", "value": "e95dec5e15e6b8847a9b299791d1344ca8c866f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832202", "to_ids": true, "type": "sha256", "uuid": "125968bb-5b8f-40e0-8ac8-78882aaea715", "value": "1d6e53b5388b8c41545815e7454adb357ac0256d7c8354f1212cda6b2a935edc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832202", "to_ids": true, "type": "ssdeep", "uuid": "bfb3e5ed-fcf3-4027-8674-c15fcd49d7d0", "value": "98304:b1Iqvu5WWYsK7/OnAOK1d3RB1ehnJ5cFU+Mk2lQsp4HJTJS4haokCGAYkcX:u5rY1pVzRzetv+mQ9Ne" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832202", "to_ids": false, "type": "size-in-bytes", "uuid": "14df2827-daab-4f41-92a6-4633fbac0b56", "value": "5440087" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832202", "to_ids": true, "type": "vhash", "uuid": "b3813eb2-3fd3-48b3-90dc-ad610f21baca", "value": "da86fc749e4393ba68ea838c7564c7fb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832202", "to_ids": true, "type": "filename", "uuid": "bd9372eb-d7fe-459b-a0e0-3ee471ba23c4", "value": "4991bae42f845cba24a797dc59898b16.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832202", "to_ids": false, "type": "text", "uuid": "6c383f31-8b1d-4315-a4cb-377b98f0587b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA37\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832224", "uuid": "23df758d-a69f-45ef-8bdf-6007b762de6a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832223", "to_ids": true, "type": "md5", "uuid": "e29762df-1527-421c-bb56-c67085300b33", "value": "9e0fd3e2486efbaf44eb6eda0845af67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832224", "to_ids": true, "type": "sha1", "uuid": "63b48be7-6ac5-4273-8c2c-9c08282f7bbf", "value": "6a3f009af163391f3aa420d12ae30891654d78dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832224", "to_ids": true, "type": "sha256", "uuid": "08a77bb6-7523-4df1-9abb-573928040fe4", "value": "38d582a82a90828df21ab0c961d55624ba46d535f3ccd16ba367b626996deed6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832223", "to_ids": true, "type": "ssdeep", "uuid": "bda41e96-6d92-4623-b7b6-1a71de05150b", "value": "98304:daaxvO4XiEJjxl0nV94Z9vqZY8ZmA8BYn:daODxiLotTHk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832223", "to_ids": false, "type": "size-in-bytes", "uuid": "87aa9dc0-4262-489c-8ef8-67a0b5c5013b", "value": "3250422" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832223", "to_ids": true, "type": "vhash", "uuid": "7918a530-edec-48c9-b70c-f9d3a7657d99", "value": "b7f11aa9cd9710dfba586fed7e0f2001" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832223", "to_ids": true, "type": "filename", "uuid": "4351676a-201a-4b9e-a2f5-64d57f7c8548", "value": "9e0fd3e2486efbaf44eb6eda0845af67.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832223", "to_ids": false, "type": "text", "uuid": "e6c3ffe2-2052-4cf2-b49d-f84ce75d61ee", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832266", "uuid": "4af7f0ae-15c8-42b9-be29-b5a861a35566", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832266", "to_ids": true, "type": "md5", "uuid": "1e39dbb7-9874-4526-aa23-97f548371fb9", "value": "fed0adc9017594aa26efeee44e76eb4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832266", "to_ids": true, "type": "sha1", "uuid": "23c2f669-f970-4ea5-98de-404eb223152e", "value": "ec98d978d14d58938b30169f1e82987b85afc9c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832266", "to_ids": true, "type": "sha256", "uuid": "0d3e346d-4c9d-4d4a-8200-f22d088d8004", "value": "e635e892680bc9b39c2037b6a4644e5f84f490f3052e8487f3de59dd8c0e4bc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832266", "to_ids": true, "type": "ssdeep", "uuid": "bf197964-a35f-4a60-b649-b3324cd23693", "value": "98304:SJfXiYa76TbrwBWKgixHcsHqNdXodaqgAc0ZdjSZes7QXDOqYk7QXDOqYfFF/gZX:UO6kdHcsK2UNS1e7wDOqP7wDOqcLV45" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832266", "to_ids": false, "type": "size-in-bytes", "uuid": "6110c494-6c35-4911-bf4a-9c8802b07149", "value": "14122015" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832266", "to_ids": true, "type": "vhash", "uuid": "a84d6db9-47ef-42f0-8d7b-997add18e730", "value": "4ee35e96debc9908194c10c68971bb67" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832266", "to_ids": true, "type": "filename", "uuid": "0a6bcb0b-2e6e-4d01-ae48-b96fee99b3dd", "value": "fed0adc9017594aa26efeee44e76eb4e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832266", "to_ids": false, "type": "text", "uuid": "ae5f3df6-e817-4a31-893f-114598496ad5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832287", "uuid": "a1b379be-704d-4c5b-834d-17ebcf02d987", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832287", "to_ids": true, "type": "md5", "uuid": "0fc0b71b-6687-4e6b-bf71-eb0febd3405a", "value": "06c5bbcc2f99a15ff49783c12f0a2ea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832287", "to_ids": true, "type": "sha1", "uuid": "9a877820-f302-4b9d-ae05-eb5113973100", "value": "871a3be47c66dbb715c5cb05bf247a9a1e112f89", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832287", "to_ids": true, "type": "sha256", "uuid": "233a5bdd-d64e-4a23-a0ba-d7cf56a315c5", "value": "18153e61e7bd9411db9af965141912901fb13aa093bc5ff46e92d49583e315cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832287", "to_ids": true, "type": "ssdeep", "uuid": "d4365005-1e04-49fc-9bef-c632e32be022", "value": "24576:oF5WaKXYRVnVqMR9IX6s3mxDmFpVZ+hE3:yUaKXYRxEtqs3mxDUZp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832287", "to_ids": false, "type": "size-in-bytes", "uuid": "d156dec3-d061-4d2d-962d-e2b317e7a915", "value": "807728" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832287", "to_ids": true, "type": "vhash", "uuid": "884fd790-ef36-48a8-9efb-48311b946f25", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832287", "to_ids": true, "type": "filename", "uuid": "2ace3980-a444-49d4-8bf7-80784476ca2d", "value": "Tupv_ALXr_7itjhwQTn520180530-15745-19ppt1c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832287", "to_ids": false, "type": "text", "uuid": "94439d2f-88bb-4e91-abf8-53e2436d0cd9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AABA\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832309", "uuid": "5c54c33a-6a00-4f40-a6fb-cfae03db69f2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832309", "to_ids": true, "type": "md5", "uuid": "e249828b-d358-49e8-a133-443c36df0e0f", "value": "1559e91b3b14b5f3d92645e7e516314c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832309", "to_ids": true, "type": "sha1", "uuid": "12d4069a-8004-4583-add6-59e95e202f40", "value": "a8c7b7cccb99d52cc3de9b97c6c5367dff451ebd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832309", "to_ids": true, "type": "sha256", "uuid": "1be88d20-2a0a-4418-a7b9-914b7756c60f", "value": "0fd9535d9466d6a8b36268198b96b1ad62c810ed84a76ffca205bde43822dad0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832308", "to_ids": true, "type": "ssdeep", "uuid": "0128b033-052f-42de-9c35-c02fb45354da", "value": "3072:hZMXbMX6wqt6Qd4njjf54WdE54dCXwTbvK1OLwVyHuQ5xNZ:hZ4b46wugnnRjdEaywDLwc1bZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832308", "to_ids": false, "type": "size-in-bytes", "uuid": "cd83225b-5446-4e29-b97d-0ed9262e8c30", "value": "121333" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832308", "to_ids": true, "type": "vhash", "uuid": "1f3d4fef-4f20-4b34-ab9c-d1b4197921b5", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832308", "to_ids": true, "type": "filename", "uuid": "d6c4535e-8038-46a1-9e62-cfbb1c405573", "value": "1024-a8c7b7cccb99d52cc3de9b97c6c5367dff451ebd" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832308", "to_ids": false, "type": "text", "uuid": "dfc1bf0a-243f-4199-812f-c7c1759ef03c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832330", "uuid": "fc980885-3aed-4a95-844f-2b3050fc5121", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832330", "to_ids": true, "type": "md5", "uuid": "acbd2b37-ae62-4841-a53e-5c124486c47c", "value": "52681c5729b5b25879baebde81eef530", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832330", "to_ids": true, "type": "sha1", "uuid": "ea9704ee-1cb7-42af-afab-1d1abe9ebc83", "value": "bb46a77fc40ac9fe114ba13a7cbe9d30f5981250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832330", "to_ids": true, "type": "sha256", "uuid": "56eebd8b-c9fc-4509-9725-47a852a9a4f3", "value": "bcc134d8483708bb8994685f38f5b8a3663a698f7fea6918918a201c9db8f0f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832330", "to_ids": true, "type": "ssdeep", "uuid": "cecad522-554f-4d1e-9fdb-78791137241a", "value": "196608:iNee0h/VCwobYNv5ekvB4DoLj+heoaEXPhbctDM/70rmAyhVPnO+VGpR/bpunYAm:iN6h90b6eVofQeKXurYhVmJzbmk2P+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832330", "to_ids": false, "type": "size-in-bytes", "uuid": "5b63f7d8-5f11-431b-b7a7-d0566a9f8208", "value": "21265137" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832330", "to_ids": true, "type": "vhash", "uuid": "012c98c5-37a8-468f-b7b2-adec08755d5f", "value": "8f87c78ce6c470f0d967fcef908e69d7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832330", "to_ids": true, "type": "filename", "uuid": "81f6f6bc-4756-4115-a5eb-27a614b1c32c", "value": "52681c5729b5b25879baebde81eef530.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832330", "to_ids": false, "type": "text", "uuid": "56e63cc6-a6f5-4371-8fe5-7a8440763b6c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832352", "uuid": "7388efee-c751-4123-a8e4-69c2dc285bd0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832351", "to_ids": true, "type": "md5", "uuid": "a745ae63-c84d-4aab-9aa4-771889b76789", "value": "50029ac4ace31ba6e8157e3e42ffd94e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832352", "to_ids": true, "type": "sha1", "uuid": "3eabfe29-efcd-4de6-a331-dff4d30ce8a3", "value": "b239c5ada30bd8bfa65610a21e2f99caad80dcd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832352", "to_ids": true, "type": "sha256", "uuid": "29be0fa9-f0cd-442a-8367-315ab6fb7daf", "value": "850bd271d13b2dd47c5a862929f779e3384c5309820db48b3fd3e44bf171aefe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832351", "to_ids": true, "type": "ssdeep", "uuid": "4d006708-e0db-4ff4-b972-4d9d1f59710b", "value": "196608:qLPEWdLdNZds+4kREbtVgKzrqsGzAn2RceyaGueYqPeQNF3u4undm:qLPd93ZbNREbtCKzrIAn2Rr6vYs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832351", "to_ids": false, "type": "size-in-bytes", "uuid": "c30c42fd-a790-496e-b5c6-014274734b0c", "value": "10398881" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832351", "to_ids": true, "type": "vhash", "uuid": "3f891a8d-673b-4799-a9be-96796bdf72ee", "value": "15d6cf38d695d4e13a72570fd0008c7c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832351", "to_ids": true, "type": "filename", "uuid": "d92ee985-be46-480f-afb1-89de43df495f", "value": "50029ac4ace31ba6e8157e3e42ffd94e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832351", "to_ids": false, "type": "text", "uuid": "ad3d11bf-77c2-4d56-baf0-c460e45c8c5e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832373", "uuid": "79890c91-3e05-40b5-a253-226e6778597f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832373", "to_ids": true, "type": "md5", "uuid": "24392168-6401-470c-87e7-83f26ef91a0c", "value": "eb233f841a08a653d0a97f0fea9e8d1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832373", "to_ids": true, "type": "sha1", "uuid": "ed550757-c817-4e0b-a4e6-5692768f6b10", "value": "d48f3a9a892d77a2229688748af7cc3b6c225c7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832373", "to_ids": true, "type": "sha256", "uuid": "8b2b5eaf-a169-4cc5-a792-fd901b26e2a8", "value": "f3419f43891fa20d072c7c99f0fc7508f0b7046ab3dbc6ead6b5561d21abbbd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832372", "to_ids": true, "type": "ssdeep", "uuid": "acad6f9a-77ab-4491-9b8a-28ab9f224fba", "value": "393216:xSBslXreK5j8s+gicI3klwCFMydbz/xbXY:xQsliKt+RcaiXY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832372", "to_ids": false, "type": "size-in-bytes", "uuid": "400ae07f-1e3e-4217-b7d2-fe9bd6b39015", "value": "13572627" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832372", "to_ids": true, "type": "vhash", "uuid": "534a5bc8-2eac-4772-913e-391bc70640f3", "value": "e96de6349f9d725189c0a3db93992f55" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832372", "to_ids": true, "type": "filename", "uuid": "c921d78b-7ad5-4f40-9dcb-5aa7cef47e1f", "value": "eb233f841a08a653d0a97f0fea9e8d1f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832372", "to_ids": false, "type": "text", "uuid": "54d15bc4-5ca5-4201-aad4-5005e8801d63", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832394", "uuid": "8eedc64c-0912-4bac-a8ba-fdf66dd585e7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832394", "to_ids": true, "type": "md5", "uuid": "a9ee3bc2-9577-4bff-afb4-65cb6f30b64c", "value": "2d027eb9ed8df7b8567e1dfbdf590653", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832394", "to_ids": true, "type": "sha1", "uuid": "da79de10-703a-48df-927a-ff2b6c41c237", "value": "d5f492a29ad5b1afa832430bd3304c1c88a04e13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832394", "to_ids": true, "type": "sha256", "uuid": "5b33006d-e747-46e1-8302-e2b2a3d25010", "value": "5e5f3bd021f47466c27683bd66b0a04a69f09ca772cae20e4ddc3fd2b8bb611c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832394", "to_ids": true, "type": "ssdeep", "uuid": "87da32b1-77a2-4087-a986-5384f654a115", "value": "196608:LpkLg2EZPRRgqyDJnDalQ8xDv1+5sgdcyDJnpd15t:LpkS9IRDalQUklGIRpBt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832394", "to_ids": false, "type": "size-in-bytes", "uuid": "e0db0fc2-6ee8-43ac-b3e0-00d3bfd82c07", "value": "6724969" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832394", "to_ids": true, "type": "vhash", "uuid": "b00049e7-3339-4b15-9dfb-54d1be59d98a", "value": "785c5be935f84817166a846a40ce4b10" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832394", "to_ids": true, "type": "filename", "uuid": "0b2f574f-4c02-4617-b1ff-3909f6c1f770", "value": "2d027eb9ed8df7b8567e1dfbdf590653.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832394", "to_ids": false, "type": "text", "uuid": "9c115d10-0611-4d05-9148-637856d1a849", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832416", "uuid": "169fe945-fade-46d4-9a8b-ac61508e964a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832415", "to_ids": true, "type": "md5", "uuid": "5cded309-6cbd-4095-ab6c-ea836f40ca01", "value": "697cb6d761bfb71add72519ebd3277e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832415", "to_ids": true, "type": "sha1", "uuid": "c3a35acd-ea62-4ec2-9b40-be2142b2a614", "value": "a4ecdb38ea10a55901785f6470e343748bbff5c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832416", "to_ids": true, "type": "sha256", "uuid": "97a35b43-8a01-44bf-97a9-cfcf6d1a3ff3", "value": "cb401468e9b0b98ba7757854949cebdbddaf084996e5828a36e860dbbf5d0ed5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832415", "to_ids": true, "type": "ssdeep", "uuid": "656df477-d303-466d-8357-1e1fb06bfbf2", "value": "98304:UT3YUbNs2w5m/O/O/vnhVuWEU0GD/1ey3hu:UTe2gmDvnWWP0e/z3c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832415", "to_ids": false, "type": "size-in-bytes", "uuid": "8b474798-a76c-479f-a7da-3acbdb79caa0", "value": "3535664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832415", "to_ids": true, "type": "vhash", "uuid": "7cc3f121-1b14-4fbb-bd83-6241c7385cb9", "value": "0caafd0c8e87f95bca68e0fc7c93c0a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832415", "to_ids": true, "type": "filename", "uuid": "e1cbe162-5063-4393-a55e-88e7ef342d38", "value": "697cb6d761bfb71add72519ebd3277e8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832415", "to_ids": false, "type": "text", "uuid": "78f542f0-169e-4c4e-9bd5-d3c4a23f162b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832437", "uuid": "de34eb09-f894-480c-8203-eecd5fdcb5ab", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832437", "to_ids": true, "type": "md5", "uuid": "d93026f6-e2f9-44ba-863d-b25296655028", "value": "474ce528f85e607be58af17597dfa15e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832437", "to_ids": true, "type": "sha1", "uuid": "4d416c0b-8571-4707-b10c-eeae51275b9d", "value": "074eb796609c3d010e74146b1fba58c4d590901c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832437", "to_ids": true, "type": "sha256", "uuid": "21582552-3500-4b76-b9b8-8c4013e86557", "value": "adb82497f66b4f9b6bab34fc6f99101dbc8af448772a1d1066509d578cf29f2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832436", "to_ids": true, "type": "ssdeep", "uuid": "8a104be4-d238-4c27-b392-5b0c6d0cc383", "value": "98304:Mcv8bQFjO4pG3/VW1OjjzWYM0Qc/LlFF9S82+:pv8bEOOG3/8Qj1NQczLD2+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832436", "to_ids": false, "type": "size-in-bytes", "uuid": "6bbb6d8e-970c-41d9-be0b-bb348200d91b", "value": "3223275" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832436", "to_ids": true, "type": "vhash", "uuid": "aec0a98d-b351-4792-b1b9-f7a578085f23", "value": "423367587a70b9fa67dd9f581e2d114b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832436", "to_ids": true, "type": "filename", "uuid": "227829b0-af86-4a23-8f27-51bd503ff2e7", "value": "474ce528f85e607be58af17597dfa15e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832436", "to_ids": false, "type": "text", "uuid": "aeeefdf3-10bb-42e2-8422-4312f2b42c63", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832458", "uuid": "339db265-a140-4850-a52c-adfa3811517f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832458", "to_ids": true, "type": "md5", "uuid": "9a3dd5fa-4410-41ec-b1ed-2a1f989261d0", "value": "69e46867dfb88996be2c24dbe1d5d721", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832458", "to_ids": true, "type": "sha1", "uuid": "4e655a31-1e91-42f0-841f-456a4de947ff", "value": "aa1a2783b430432bab9af9d9b9c3aff35acc1475", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832458", "to_ids": true, "type": "sha256", "uuid": "5318fe69-d415-4069-9bb1-73cf6d4ba057", "value": "5c2bdac5a09807ad5c9f8ed1429fb0ac53b14ec2a0cb4982a9c4a4192e156c2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832458", "to_ids": true, "type": "ssdeep", "uuid": "2810e253-e6fc-4973-90a5-0923f12cd153", "value": "24576:LF5WaKXYRVnV3MR9pXy4E78EbS7jnJu12fKrv22:pUaKXYRxlQC4a8EbS3YcGO2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832458", "to_ids": false, "type": "size-in-bytes", "uuid": "35300e03-4518-42fc-93e6-e3d7fa2808b6", "value": "833994" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832458", "to_ids": true, "type": "vhash", "uuid": "983e1b8d-5f46-401f-9793-b3f2ea65920f", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832458", "to_ids": true, "type": "filename", "uuid": "fffd9f10-ccf5-4ecc-842a-f521671469a8", "value": "69e46867dfb88996be2c24dbe1d5d721.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832458", "to_ids": false, "type": "text", "uuid": "f926a5f3-d3a0-40bd-a6aa-459740ac3723", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832480", "uuid": "77808a46-1506-4c7b-8554-9b7fb72ade38", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832479", "to_ids": true, "type": "md5", "uuid": "1b7a1c50-bee1-4818-9369-1dbc8d622c7b", "value": "00e6a0e4b1a1492681f9f21b419caedc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832479", "to_ids": true, "type": "sha1", "uuid": "21db76f5-8a49-42c6-9116-949d4aa1f2dd", "value": "26f1b6b3611cac105a8dd89ce87470a452d0fde4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832480", "to_ids": true, "type": "sha256", "uuid": "ed10c3b6-476b-4dad-8160-a02f208714da", "value": "ab2b083ed62002babb19d595eb36cce37e80257578d1107f789c3c30541d151f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832479", "to_ids": true, "type": "ssdeep", "uuid": "2ef53d3b-ce37-466a-9853-b4c6abb153d0", "value": "12288:OSIuxK/MCa720sMAUcgOwqhzRx+5QJ6iHdYyIxb5vHHj2fI9p+S8RJ3hTPOHF:bLI/4CFMF4hzXsiHd/I7Kfe8hGl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832479", "to_ids": false, "type": "size-in-bytes", "uuid": "36befdb6-81f0-4f4c-8d7b-a8c7393a64bb", "value": "773820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832479", "to_ids": true, "type": "vhash", "uuid": "7c5025e2-8f3b-4661-b86f-06e0860d5f1e", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832479", "to_ids": true, "type": "filename", "uuid": "5418e5e2-5e33-445d-bfa8-54af5ff739df", "value": "00e6a0e4b1a1492681f9f21b419caedc.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832479", "to_ids": false, "type": "text", "uuid": "6e1eef3a-6022-4c7d-aac1-37dedc5e04de", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:WinNT/Knockex!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832501", "uuid": "c7ea4f3e-7252-4c10-b013-37829f817089", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832501", "to_ids": true, "type": "md5", "uuid": "2d9d63a9-0819-4474-a4f0-ece3d15bcd58", "value": "eb7bb3b1ef5df96538021523da2b8536", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832501", "to_ids": true, "type": "sha1", "uuid": "886eb8ad-3580-46db-ba27-1a12ac1b1586", "value": "e25d3b8f75f6430f6ef62f9d98ac9147032d6559", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832501", "to_ids": true, "type": "sha256", "uuid": "3caa0d45-c1e7-4342-82f7-4fcb45db2037", "value": "8a2c4abfe42bf9fde9b2889f0a683b3658dfa1f48e9abe5297fc48b47324fad1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832500", "to_ids": true, "type": "ssdeep", "uuid": "c7e2d4d4-245c-4328-87ed-511959facb8e", "value": "98304:hJ+PemxhLNIDeMNUx9yFpjXFt+x5w+91oJ5h+xKGSBgHGhSSBvuctWq8t30snNI1:OPemnN6eMqQ7jXv+xkJ5c4hv98l0CKx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832500", "to_ids": false, "type": "size-in-bytes", "uuid": "789a12d1-95d9-43bf-8df6-5ba261aea323", "value": "6786037" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832500", "to_ids": true, "type": "vhash", "uuid": "f738815c-2d8c-48ea-8cbb-b2491cb7df28", "value": "2f6e8af86d71f1952063bb95ab7bf28e" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832500", "to_ids": false, "type": "text", "uuid": "7592f0ca-186c-4093-a22d-08369d22eb11", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832522", "uuid": "64956766-493c-4985-a9fc-5f8d13062b77", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832522", "to_ids": true, "type": "md5", "uuid": "796e2721-b976-4a81-ada7-77272874a794", "value": "8f7c649787c97c7e2faa1608e79f9cff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832522", "to_ids": true, "type": "sha1", "uuid": "fde8318d-26a3-4bfc-b389-de8625a40792", "value": "7f092bb6e6aade89976a9820474a9e990848914e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832522", "to_ids": true, "type": "sha256", "uuid": "c6befdf7-8384-45bc-bd67-1e32d4451384", "value": "a82e27cbb19759a9b43c39dfbc23f9c19104c98f1039582c4d80729d6541fbbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832522", "to_ids": true, "type": "ssdeep", "uuid": "9dc34e5d-4a9d-4c5f-b8d2-b5a491143e6c", "value": "98304:WxmZRI7wJoGnmP8jybBDNu4/81dsd3t+gN6PTa3p:um/Bq1Nt81mlt+gN6+Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832522", "to_ids": false, "type": "size-in-bytes", "uuid": "e0cf1593-d399-4d54-ad77-8b9ccec3242c", "value": "3390326" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832522", "to_ids": true, "type": "vhash", "uuid": "3d4583fc-8eef-4a9d-bc2c-baa082e68b8e", "value": "974d5026b6843a9dca974189b95127f4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832522", "to_ids": false, "type": "text", "uuid": "2a8d649b-a173-449b-837b-6d8cd6be1841", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832544", "uuid": "33c21995-07dc-46f1-8dac-fd6bfad7541d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832544", "to_ids": true, "type": "md5", "uuid": "9107ce3d-9ea8-4d0d-bf34-52152bb7b2b9", "value": "9a2c10c77d67b93e704e46be3830141c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832544", "to_ids": true, "type": "sha1", "uuid": "d8426f5a-b401-4e5b-af5b-2dfb0de3973e", "value": "d53908a5ccd4caf308973d546df95165f5c262b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832544", "to_ids": true, "type": "sha256", "uuid": "3b0853fd-d15d-49fb-94ce-a9ae65074933", "value": "58d18c2b7da78cb9a617a47dda7b7e95d69b60ca27bb448de1e8ad75a89ad146", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832543", "to_ids": true, "type": "ssdeep", "uuid": "eed34b33-0461-4583-ba9c-2d8cd915dd2b", "value": "49152:A53xEQ9kJR8/ZRmqJUQNLoypRYJ5CpOpY+OpYWqd1pG9n4nbzjWGGYut0z/bAIcD:Cq38RbNs2w5CpOdOfYnSgutEsp2LFGBz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832543", "to_ids": false, "type": "size-in-bytes", "uuid": "8d9f195c-dd2a-4de2-9025-8709e205923f", "value": "3509425" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832543", "to_ids": true, "type": "vhash", "uuid": "4fcc2a58-1a3e-4959-8d6f-8481653412e2", "value": "0caafd0c8e87f95bca68e0fc7c93c0a0" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832543", "to_ids": false, "type": "text", "uuid": "cb7f8fb6-0590-466f-90e7-a6867b53f83b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832565", "uuid": "4990d787-f973-4afb-8b50-56d318692adf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832565", "to_ids": true, "type": "md5", "uuid": "4ed193a1-1b2c-4431-b3dc-f2793c6755b1", "value": "e61cc34fc43d4393fa10be3f787d0cd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832565", "to_ids": true, "type": "sha1", "uuid": "18d930cd-afd2-46f8-987f-ab6e411d2725", "value": "deff4085cd22c9f2fc03a6bf91f4ea3a2660dc81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832565", "to_ids": true, "type": "sha256", "uuid": "8472d482-2040-4761-8fdf-0c2eca8897ae", "value": "58ac99efc61721053aa7a6b292468555eb6d9ea422e9955f66389266f360f7ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832565", "to_ids": true, "type": "ssdeep", "uuid": "26c9d718-8a1a-4deb-9f82-b7e17d6878a0", "value": "24576:6F5WaKXYRVnVbMR9qXOwGzXmiNRbYL1Nu:IUaKXYRxB7+wGqo21Nu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832565", "to_ids": false, "type": "size-in-bytes", "uuid": "c77209c6-6984-40d5-882e-8fcaba9ab1a4", "value": "833805" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832565", "to_ids": true, "type": "vhash", "uuid": "3e394e6f-a074-46e7-a1aa-740d3f672101", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832565", "to_ids": false, "type": "text", "uuid": "e316fdf1-1ee3-4cc7-b761-451a6e7c455d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832587", "uuid": "86a0388d-bc1f-481d-9b66-bd93c00e9e6b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832586", "to_ids": true, "type": "md5", "uuid": "51aab1ed-89b9-459f-978d-a69b69226f3b", "value": "f08840add3c6fe09efca4b0f54731eaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832586", "to_ids": true, "type": "sha1", "uuid": "20f26b6b-578c-4e9b-ae6b-da508df21aa1", "value": "bcaab0ac153a86e54928ac73024aa846a596163a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832587", "to_ids": true, "type": "sha256", "uuid": "f420ced0-d387-49fb-9666-c338d038c6b9", "value": "fe9b6c228911051d1950ddca465211ee06e966117c2d116218826880feb722c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832586", "to_ids": true, "type": "ssdeep", "uuid": "fc0a802b-c73b-46c1-bbb8-f7d55c8b8e46", "value": "12288:JsObkDhw7ovRMG6KINyRx+5QJbpEieuEyTksniYf+3E2+5H2XsX2AZo+:aAktl2G6KIEX9pEQnFf+3E2qWXsmAZf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832586", "to_ids": false, "type": "size-in-bytes", "uuid": "0aa01e8f-71a4-42a6-a2bf-5a95f4fb7669", "value": "763748" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832586", "to_ids": true, "type": "vhash", "uuid": "66de9699-9c67-46ae-9f28-6f5b5b74ef1c", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832586", "to_ids": false, "type": "text", "uuid": "67e31755-69c4-41c5-80d3-274ebfc5a1c1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832608", "uuid": "bac6e6e8-3e6d-4c26-9486-43d94f0d0c59", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832608", "to_ids": true, "type": "md5", "uuid": "db8dcccd-f2dd-4191-abdb-90ad28b3cb1c", "value": "686155efa8d368f3b8b89df8ac33a29a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832608", "to_ids": true, "type": "sha1", "uuid": "acc07cec-9cc2-491e-846a-9de0b8fb4a15", "value": "ade125921418eda9c60c12a2bb2bfeef746cbdae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832608", "to_ids": true, "type": "sha256", "uuid": "bb620a58-9120-497a-a9be-a782df84b73e", "value": "e361851c5e58b8417e6dcbf09e0ca1fa2ff20988e8fb9aed4dd3c95dad560419", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832607", "to_ids": true, "type": "ssdeep", "uuid": "07a1dfd8-a895-4524-ac94-187109321641", "value": "6144:hkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs52:rRIKiDQM6tQ30fTviiX2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832607", "to_ids": false, "type": "size-in-bytes", "uuid": "9fd4e986-b0f3-498a-a456-04fe3ec39e40", "value": "247714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832607", "to_ids": true, "type": "vhash", "uuid": "7f197510-4aa7-4fcd-8806-83021a1778dc", "value": "b44461ad3d96c2d742af7ada61fdc913" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832607", "to_ids": false, "type": "text", "uuid": "cf05fd55-aabe-4f72-a80f-06280ca5a48a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832629", "uuid": "724bebfb-2ec6-40e0-bd92-9987345e04ae", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832629", "to_ids": true, "type": "md5", "uuid": "c85fed86-6e0a-4a69-9e52-c719af0bc042", "value": "b83918fa53ec6629bcc8603e144767f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832629", "to_ids": true, "type": "sha1", "uuid": "26ac40a7-fed3-4e19-b00a-3a346c2b78e2", "value": "30a3b6aedd070638653f7ad6eb5c879680ec1ec3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832629", "to_ids": true, "type": "sha256", "uuid": "9750ffd9-33aa-4fd0-b4c8-7885ecb854e5", "value": "199de0d35b4dfa2cce8ff20e3dea6b3fd2ff680e4f90c2724c5dd733bc9f7408", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832629", "to_ids": true, "type": "ssdeep", "uuid": "b69fed84-12ab-4bc5-906e-631538b07797", "value": "24576:bbfm77f5XV8YjR6NF3QLI/4CFMFB6NK3Hqh4+VysfEp:bbfMFFd6A84CFMFB603qhDREp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832629", "to_ids": false, "type": "size-in-bytes", "uuid": "7c5088ba-6ce5-4962-9f5e-1d66f0989a6e", "value": "1035417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832629", "to_ids": true, "type": "vhash", "uuid": "c7ebcc9b-edf3-460e-9221-4c109ace20f3", "value": "4c2da72e0791ba85f641c5d778463b49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832629", "to_ids": true, "type": "filename", "uuid": "3eb66573-e923-4311-be1e-1c8086a683ab", "value": "b83918fa53ec6629bcc8603e144767f4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832629", "to_ids": false, "type": "text", "uuid": "8896546e-6786-4123-b83b-0a41caf1860d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832651", "uuid": "ad250dee-f03e-4f31-9a8e-50b6907c8b6a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832650", "to_ids": true, "type": "md5", "uuid": "a59bfc69-3b06-41af-9985-81bf931b137f", "value": "19fa61cd08e847b79582ddba72cfbde2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832650", "to_ids": true, "type": "sha1", "uuid": "3e1e6884-a594-4535-854f-971757f408a5", "value": "776976e0183fca824f94609096839f0f0c460b86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832651", "to_ids": true, "type": "sha256", "uuid": "299e7dd8-ac44-404c-9ea0-3b34d58f18ae", "value": "91e8a56f48ac8a9c7557401b61b2f3732039f79462eca97cb822a56836e40d2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832650", "to_ids": true, "type": "ssdeep", "uuid": "dbca6401-7c0f-4cbf-b3fa-4b3754a05c22", "value": "24576:GEm77yJX88YjO6NFKdF5WaKXYRVnVeMR9aBNK3HPYVO8lp:GEMosK6OUaKXYRxsdB03KOI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832650", "to_ids": false, "type": "size-in-bytes", "uuid": "11ed8dd5-ccb7-42cb-b68a-981d84857e26", "value": "1095541" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832650", "to_ids": true, "type": "vhash", "uuid": "14015f92-d104-4347-a46a-f91e8075f990", "value": "4c2da72e0791ba85f641c5d778463b49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832650", "to_ids": true, "type": "filename", "uuid": "9c3e7f8a-9d6f-4fed-90bc-f89df5e76161", "value": "19fa61cd08e847b79582ddba72cfbde2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832650", "to_ids": false, "type": "text", "uuid": "b32f74d7-a4f7-45dd-9405-f519b5ec27cb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832672", "uuid": "9d54b803-e03b-4217-a67b-75be427e54e1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832672", "to_ids": true, "type": "md5", "uuid": "490380e1-7d09-45fe-a690-a944e730f295", "value": "f37b10daada802af83af5d7a256b6156", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832672", "to_ids": true, "type": "sha1", "uuid": "e4b0c975-f1b5-4a3a-8169-41a57abb1f2e", "value": "d0b0a2c733414dc5c8c9790bc6b15f9347e4f283", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832672", "to_ids": true, "type": "sha256", "uuid": "4332abe5-1fd0-4f10-920a-c6359a6020f7", "value": "ea3f2236343a057941fa1f14ae5d0e11230545be7b50a2c93cdbf4085f8f008e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832671", "to_ids": true, "type": "ssdeep", "uuid": "a5bbaa9f-48b6-4dc8-838c-8e4709bdd6d7", "value": "98304:d2CXdzondQoszLxaJGagRIuxE9CmqRCAgec0ZdjSZes7QXDOqYk7QXDOqYfFF/gA:JdkEzbK3MCT7S1e7wDOqP7wDOqcLV4w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832671", "to_ids": false, "type": "size-in-bytes", "uuid": "b3513e82-cb90-4421-be2d-9a1177ffc682", "value": "14075803" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832671", "to_ids": true, "type": "vhash", "uuid": "a95b0f3d-0a36-4dc8-9e0e-f702b057101a", "value": "4ee35e96debc9908194c10c68971bb67" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832671", "to_ids": true, "type": "filename", "uuid": "34bdc568-cd69-4268-9926-40877af47e5e", "value": "f37b10daada802af83af5d7a256b6156.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832671", "to_ids": false, "type": "text", "uuid": "97c76cac-9c45-494e-a399-0972eb92383f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832693", "uuid": "bf6a5462-8fe0-45e4-8d5d-c0b96075bcd9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832693", "to_ids": true, "type": "md5", "uuid": "69c1cd0f-b6fc-4a26-a678-8a40408d3140", "value": "c68a4b7bb2ca335ec023d86d785c359c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832693", "to_ids": true, "type": "sha1", "uuid": "2649d329-b238-4d08-9217-afea8cf34645", "value": "7c5b7839b24ead303b37acbd228a724d6f815def", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832693", "to_ids": true, "type": "sha256", "uuid": "05b443a5-73cb-4e98-a48c-0d32e1e8379f", "value": "04c15a05f8173ee8c8786af24f769c998192513ef4488a4ac83d56eec04d68fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832693", "to_ids": true, "type": "ssdeep", "uuid": "7cb86cd5-99f1-46ea-bd41-3babb8068746", "value": "6144:LkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5v:ZRIKiDQM6tQ30fTviiXv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832693", "to_ids": false, "type": "size-in-bytes", "uuid": "0185f302-c5ae-4544-8582-c7f4fa1983f2", "value": "247713" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832693", "to_ids": true, "type": "vhash", "uuid": "4cf3693f-9b5c-432e-bb0f-33ed143b229c", "value": "b44461ad3d96c2d742af7ada61fdc913" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832693", "to_ids": true, "type": "filename", "uuid": "0cfbae12-fb30-4919-a5da-209fad81b95f", "value": "c68a4b7bb2ca335ec023d86d785c359c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832693", "to_ids": false, "type": "text", "uuid": "75a8b0a8-6580-44ac-9eb6-268e5d57cb69", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832714", "uuid": "421a8d5e-2414-4150-90d7-9e33ba9ed32c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832714", "to_ids": true, "type": "md5", "uuid": "26959a4e-2ec9-432f-9cbc-1df864a0ff50", "value": "2ad7896807c07fce8f75726a1395e21b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832714", "to_ids": true, "type": "sha1", "uuid": "1a8042a2-b2c9-45be-8463-e564f3886cc2", "value": "4aaa1c7f19157676e922ca3061848487fd389938", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832714", "to_ids": true, "type": "sha256", "uuid": "1e27fea0-5e06-4a26-9f2d-880416c9ee5b", "value": "151da561d2258da29072b1bdf60ef10c50e30aabe674aabf968ada8f09b8e1df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832714", "to_ids": true, "type": "ssdeep", "uuid": "22b4b5b8-d5dc-4c52-b3b9-d08919d933a7", "value": "6144:YkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5a:KRIKiDQM6tQ30fTviiXa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832714", "to_ids": false, "type": "size-in-bytes", "uuid": "c2e42a2d-f466-4dc9-a6df-31a931238cdb", "value": "247721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832714", "to_ids": true, "type": "vhash", "uuid": "44cae717-65e5-41c7-9419-64683b4d5ba2", "value": "b44461ad3d96c2d742af7ada61fdc913" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832714", "to_ids": true, "type": "filename", "uuid": "3945d52d-4a09-4697-a9aa-cbfd55abd91e", "value": "2ad7896807c07fce8f75726a1395e21b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832714", "to_ids": false, "type": "text", "uuid": "401b48a6-edd1-484c-918a-e3239192be87", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832736", "uuid": "382443dd-8dd4-4c96-a14d-77c923b88bff", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832736", "to_ids": true, "type": "md5", "uuid": "3153da27-f5dd-4dfc-a72a-099d90711969", "value": "58b93b6da0aaf7f5c72fb54b2d1242ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832736", "to_ids": true, "type": "sha1", "uuid": "2ebc5c92-fdfa-4dbd-bbbd-fec124b4fa03", "value": "d9c31894333fffb820ae24d294f84a683bfd9080", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832736", "to_ids": true, "type": "sha256", "uuid": "f5a10f04-89b5-4984-9f68-0047ee2827a6", "value": "25904d62bcc3537d28387d0e3b6c9843df8c5ebbefb30b516163127190753ebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832735", "to_ids": true, "type": "ssdeep", "uuid": "89a36067-d698-4e05-aa36-62e549c1eed5", "value": "12288:7eZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9OMVXb6fq02clmeFzSW6v:aZmPErHbcf/vJYsf5KUpV62cmIzSP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832735", "to_ids": false, "type": "size-in-bytes", "uuid": "b3aa80fb-5148-4fd3-a67b-a84e3fbc26a3", "value": "872235" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832735", "to_ids": true, "type": "vhash", "uuid": "66cf2f06-73ce-47fa-9f38-5171e06038b8", "value": "a9bb7ccdcf1a421d6630a58750c582b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832735", "to_ids": true, "type": "filename", "uuid": "52e73c8a-c9f3-409d-9f9d-f9039abb3293", "value": "58b93b6da0aaf7f5c72fb54b2d1242ce.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832735", "to_ids": false, "type": "text", "uuid": "a89c9f37-d63c-43ad-81d4-bd8463ad99be", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832757", "uuid": "a068a73c-06c2-4e65-b469-28a42fb589b1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832757", "to_ids": true, "type": "md5", "uuid": "f6b325c0-a2cf-4846-9489-028b2a0ab7b1", "value": "34a6bbdcccad58de3b42e718abca09c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832757", "to_ids": true, "type": "sha1", "uuid": "df6cfb55-83d2-4b20-88c2-0fd2ae7ba25f", "value": "5cee1360c9c10c80b843cf5f9d2f1ef08ab54c7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832757", "to_ids": true, "type": "sha256", "uuid": "cbc48c01-197e-4fb2-ab5f-fc2b1fe6e1d0", "value": "8d0fdfeed8345725966e923eeb5a822ace277e61e5d6958457d235927935321c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832757", "to_ids": true, "type": "ssdeep", "uuid": "e1c7dd4a-dcff-4bab-85af-f86da9cb50bd", "value": "6144:pkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5n:DRIKiDQM6tQ30fTviiXn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832757", "to_ids": false, "type": "size-in-bytes", "uuid": "49f32e64-ef7d-466a-b7de-91c6957b243f", "value": "247712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832757", "to_ids": true, "type": "vhash", "uuid": "60419e5d-64aa-4c4d-93ff-7ada019bb581", "value": "b44461ad3d96c2d742af7ada61fdc913" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832757", "to_ids": true, "type": "filename", "uuid": "09163f9a-6f52-4dc4-8d61-1eac0f9c6c95", "value": "34a6bbdcccad58de3b42e718abca09c5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 28/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832757", "to_ids": false, "type": "text", "uuid": "db07866e-5e9b-4a5b-bcc7-a3e455cce9b9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832779", "uuid": "798fc61b-d36d-49fc-a8d0-8edf54e34565", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832778", "to_ids": true, "type": "md5", "uuid": "b556bced-3921-4a67-960c-09f9eaebca2c", "value": "c9bf14bc73fe92864ddc7699b86b5f8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832778", "to_ids": true, "type": "sha1", "uuid": "0216b303-da39-46cf-82ca-133a534a82fb", "value": "13e7b1c9c27b7989867dd9302ea35cbfbd619bec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832779", "to_ids": true, "type": "sha256", "uuid": "f0ae2591-9c01-48e0-b295-abfc20ab0d41", "value": "380181b9f7bc923d7f3430c6041777ad42e4f097ab13022db9961a303d6ba908", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832778", "to_ids": true, "type": "ssdeep", "uuid": "e0f8dfe9-10b9-4647-a880-85cf321b4e37", "value": "98304:LUgzkCMOSdZ1RgRFwSY3ixMUKTjDAHWfeiBhcxs1DRybI1NrlDc6jK5:wW3SnE6eMUDWpcx4tDA5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832778", "to_ids": false, "type": "size-in-bytes", "uuid": "31845ac1-d360-4e86-b755-552ff67de370", "value": "3383853" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832778", "to_ids": true, "type": "vhash", "uuid": "a5635584-38d1-4a03-a69d-95d611786ee5", "value": "cbd8851dbd73f3e8396710d563238780" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832778", "to_ids": true, "type": "filename", "uuid": "09b9c25f-55a3-49f5-bd90-6ecb03be0efb", "value": "c9bf14bc73fe92864ddc7699b86b5f8e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832778", "to_ids": false, "type": "text", "uuid": "aa663cfc-141c-43be-9909-9dcf6139584e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:34/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832800", "uuid": "e90ecfba-e722-4c86-be49-7e41f557fe3b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832800", "to_ids": true, "type": "md5", "uuid": "8367269a-2fc6-49b6-aaef-487806ba021f", "value": "bbac24314a0e2f48d54eb967a2d01b02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832800", "to_ids": true, "type": "sha1", "uuid": "deceb449-6fc6-41bd-b107-7d19308b42dc", "value": "d068a0933df3303e09e3c74657b4beed1be5ba51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832800", "to_ids": true, "type": "sha256", "uuid": "81fb52fe-e688-4e17-82a8-ae1dbd9dfb46", "value": "7cae788ea7944a6215fc21152e5281b12f8f2689010f0c343509a8e6dd208d24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832799", "to_ids": true, "type": "ssdeep", "uuid": "72c1252b-4e65-4056-8ee9-28884a4cc65e", "value": "49152:fyHoQokJawav3SYKA6X0GqQjQxxsg8icbrMPUk0qqgRQ5Em9CZAMkUVVBCPhQqm:8XJz43zn43qgQxOgyboIqqgej2VBCPhq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832799", "to_ids": false, "type": "size-in-bytes", "uuid": "7759007e-394f-4ad2-8beb-00693b343e16", "value": "2711837" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832799", "to_ids": true, "type": "vhash", "uuid": "a77e7216-e4ce-428d-9b05-137a2a1ccb0a", "value": "66ea58997f8489b02144691233ea258b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832799", "to_ids": false, "type": "text", "uuid": "2fab0e6d-6eba-4088-86bc-c0b4a26ae32b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832821", "uuid": "b34226c5-eb1b-401d-8ba2-f42cd9cc12aa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832821", "to_ids": true, "type": "md5", "uuid": "1f016315-b258-4c53-8636-2a72cd06d736", "value": "29688d608b2047108eef5a0911657c24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832821", "to_ids": true, "type": "sha1", "uuid": "8d742134-f091-4fff-b875-78f885e90fcf", "value": "10415a7bc8367ff7d511c43823dfc71fbddcc718", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832821", "to_ids": true, "type": "sha256", "uuid": "002fd330-b427-4776-91cc-e577da40f12b", "value": "278be6f9fb681119ad697d24d4593a4fb781a81ca619f00319980c8c7e8df85c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832821", "to_ids": true, "type": "ssdeep", "uuid": "bf829d74-e3fd-465e-8e6b-876e636868cf", "value": "98304:hjBX+7SpnFlXG2qElsO0pTNjViQ6pf/7ssLHoARKudxZiDS:RfRW2b6Zr+Asnd8S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832821", "to_ids": false, "type": "size-in-bytes", "uuid": "09d8f06c-4cfd-45c2-b51e-41d7c0a6380d", "value": "4534656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832821", "to_ids": true, "type": "vhash", "uuid": "8bac34b0-be7b-43f2-be76-0ea298ff566c", "value": "6a4109f5d1400c8af97a2f4c14f088bd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832821", "to_ids": true, "type": "filename", "uuid": "521db01b-2b5c-4af9-8bbe-5e39f8f68cbe", "value": "kiqik video.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832821", "to_ids": false, "type": "text", "uuid": "c410b9cb-b76b-4b1b-be4c-42d1d2c05392", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832843", "uuid": "1a3f95e8-d7c2-4682-a32e-856127a5cc57", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832842", "to_ids": true, "type": "md5", "uuid": "a06ef997-01fa-4962-9f15-76141374cd45", "value": "8eb2c3deb0449512b9678fdab6aab35e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832843", "to_ids": true, "type": "sha1", "uuid": "27c55dcd-421c-4393-9555-357436c84fe3", "value": "652d9fe6212d3af5164e777d369ddddd1fee0b54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832843", "to_ids": true, "type": "sha256", "uuid": "eb4d2b0b-3ddf-4c46-9392-c392fde677b7", "value": "2682b2deef17a2532082e3a882c69cc77372902531d8d0194e4e0b9c2b57c66a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832842", "to_ids": true, "type": "ssdeep", "uuid": "1e5fcd6e-7120-4fac-bf0a-4f542b47823e", "value": "196608:b9lsU4WoEOMetbnW4mk+3eoYuE2xOtmmSxzMKRow1KRAcZPGLto0RMQ0:TB4WnO/tbnWfkQjzxySsScB2q025" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832842", "to_ids": false, "type": "size-in-bytes", "uuid": "9dfa3ae2-1380-43a6-9502-a7612634b199", "value": "12228480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832842", "to_ids": true, "type": "vhash", "uuid": "4830582b-7429-4f81-a703-b163089b310d", "value": "91978a0b07b79220dc4138465afae82c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832842", "to_ids": true, "type": "filename", "uuid": "5b8db5cf-77c8-4e5b-8a6b-b08a97e2d178", "value": "vlc player.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832842", "to_ids": false, "type": "text", "uuid": "6f52e891-7dac-452c-9dd1-e66748afd429", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA42\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832864", "uuid": "a760ac7a-0c45-4567-a028-e22dff8b108b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832864", "to_ids": true, "type": "md5", "uuid": "fddfa6ed-2f11-48c7-8e42-9c489642894d", "value": "31424172114f00f9b1d137e7f8d2b3c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832864", "to_ids": true, "type": "sha1", "uuid": "c51f02a5-02cd-4ef2-ad2f-2385362fa8ff", "value": "27f50c8e280e1ccf31d159b4d419f0e9887cc2e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832864", "to_ids": true, "type": "sha256", "uuid": "e0412c31-a4ce-4642-8268-08030c4ca718", "value": "df0267bfc3b55eb1d021fbfec1bee3d04d5f7344faa79fb56a80462719bd5199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832863", "to_ids": true, "type": "ssdeep", "uuid": "32e042d0-8958-4f43-8b2a-ac5932df2aab", "value": "12288:HsObkDhw7ovRMG6KoNvRx+5QJ4xS8b5p76UzxYJprbs6stSMfx:MAktl2G6KotXKpb5l6UVUUfJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832863", "to_ids": false, "type": "size-in-bytes", "uuid": "42fd1714-4ad2-4e50-b487-7877dd691bd6", "value": "763864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832863", "to_ids": true, "type": "vhash", "uuid": "0a31df3c-b170-4f77-a710-7b571c5e1c27", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832864", "to_ids": true, "type": "filename", "uuid": "1f50ce10-954c-4344-a6f7-d2a07f36ee2d", "value": "kinoqi.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832864", "to_ids": false, "type": "text", "uuid": "b805467e-77b3-4fa5-9200-b2628458bf4b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD4\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832886", "uuid": "50bac568-3cf3-4036-bce3-3a2f1583df50", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832885", "to_ids": true, "type": "md5", "uuid": "321ce741-6cc6-41a1-867a-a3f0880b5669", "value": "2138c15532751fcf169e94ec55cdda15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832885", "to_ids": true, "type": "sha1", "uuid": "701f54af-2d63-4817-b82d-f1b45f724085", "value": "899b7b30098e33af625647214dc23baf16352fc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832886", "to_ids": true, "type": "sha256", "uuid": "7d2ac389-4e21-4b9d-bb9c-89da8177eb27", "value": "2957de924829055462e3a40583aee7ab8e21355ca9dbadba5375ec04b4d474c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832885", "to_ids": true, "type": "ssdeep", "uuid": "5afcf7c4-a09b-402a-b523-b37c74296cdb", "value": "24576:NXuBwfgOFDVNdf2Ot4G+ZnUy8l/JsBZGD:NeGfgAxmOt4VZnUyWRie" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832885", "to_ids": false, "type": "size-in-bytes", "uuid": "83185cc8-41e0-4814-ba76-fea185ac6e3e", "value": "846545" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832885", "to_ids": true, "type": "vhash", "uuid": "f6f3ad3e-6f03-41b4-a927-a3b71631e77f", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832885", "to_ids": true, "type": "filename", "uuid": "0af292f1-d2d3-431d-9395-2c9decf62ba0", "value": "Tordax.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832885", "to_ids": false, "type": "text", "uuid": "fa44735c-3ee9-440d-b217-df2a504b31e7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832907", "uuid": "09de0605-a588-482d-a30b-9dce60bfcb50", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832907", "to_ids": true, "type": "md5", "uuid": "9f90b6a4-a6a3-4f03-82f0-9f0bad658f64", "value": "9b2951691a1bcf84d9f14bf6af66fb40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832907", "to_ids": true, "type": "sha1", "uuid": "299c9268-1363-4544-97eb-c37f841fa990", "value": "2714b06332e7aef368b0b3383a383f60d6b1b1f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832907", "to_ids": true, "type": "sha256", "uuid": "788cf321-3fa9-48b5-b271-35c76910ca04", "value": "586ac315a49c99f848b2cc26f776f0267e7aa2699d37fc7e78fe6319a6f433c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832906", "to_ids": true, "type": "ssdeep", "uuid": "c46696db-610a-4402-ae10-962aa3dfe7c9", "value": "196608:VPemnN6eMqQ7jXv+xkJ5c4uv18M0Ne/ZoouO:VP7nDMtXWxkJChv18VNiioj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832906", "to_ids": false, "type": "size-in-bytes", "uuid": "df538924-4e6b-41e7-b9f4-1c16244e77ee", "value": "6811774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832906", "to_ids": true, "type": "vhash", "uuid": "048d7493-56aa-4c64-ae94-300c7c60f9c5", "value": "2f6e8af86d71f1952063bb95ab7bf28e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832906", "to_ids": true, "type": "filename", "uuid": "f73c5581-69fb-4f10-bee4-fee95134ad9b", "value": "video.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832906", "to_ids": false, "type": "text", "uuid": "eb19f879-124d-4865-8c80-2f6c10bf3099", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:Linux/Gafgyt.A!MTB\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832928", "uuid": "579b6300-c862-4271-833b-fbc729fccf66", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832928", "to_ids": true, "type": "md5", "uuid": "e11e36f5-e00d-4ce6-a97e-e83b55db79d8", "value": "f30c33d586623bf3fd051451d16c40ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832928", "to_ids": true, "type": "sha1", "uuid": "4c80c709-78ad-48e8-b0e7-c4822155a40f", "value": "4e67e40f7e6f6ccea733c599e7d76a1f78364013", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832928", "to_ids": true, "type": "sha256", "uuid": "5c0581c1-fbf8-461d-ae1c-55d4789929d0", "value": "973d2e727ad3063b93360d4f05e82eeb462ea89df8bce91d1d7609663f43e7f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832928", "to_ids": true, "type": "ssdeep", "uuid": "c65a32f7-f3eb-4e08-a971-6cd78dc87fa8", "value": "196608:me0kcxJJJF4wou5q0BcKyeuEg61GNBnbKRe:me1+JJlNBPV3enbKRe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832928", "to_ids": false, "type": "size-in-bytes", "uuid": "e111bf3d-af9c-4e30-92f1-b7bf2ff9ec37", "value": "8124410" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832928", "to_ids": true, "type": "vhash", "uuid": "24c1a5a5-02d2-4a79-9811-696b82b74019", "value": "589fc94b001623251de4181e09b95a3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740832928", "to_ids": true, "type": "filename", "uuid": "17edd737-3514-4b5b-8498-53baff37eeed", "value": "tmp20170818-2134-1o01huj" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832928", "to_ids": false, "type": "text", "uuid": "773251d5-7c0e-4816-8e7a-a1809c66999c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832950", "uuid": "074de37d-77a1-414c-bdf3-4f8abb764172", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832949", "to_ids": true, "type": "md5", "uuid": "afe4defb-f3d2-4a39-82d3-21e071a08251", "value": "7ee07228903f8a53d8ee7f7baefdd956", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832949", "to_ids": true, "type": "sha1", "uuid": "b93d4e44-2d93-4750-b1e0-2f0671d7e8fc", "value": "f792bce9999d9c1a5a34efc8e584358e0fc18db7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832950", "to_ids": true, "type": "sha256", "uuid": "c13c8383-5bcd-402c-9c65-e8c9b932bbd1", "value": "96a5de428e43e95f634ff41f87d42a12228888c6aa6449d876f24216435f2910", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832949", "to_ids": true, "type": "ssdeep", "uuid": "ddc92c19-ec4c-426d-a101-39d04d48fb26", "value": "12288:NSIuxK/MCa720sMAUcgywqhWRx+5QJKstFNClBLpAyFkNGY1HU/sPQm28LJUOWc:MLI/4CFMFkhWX7KBLuyOU/sPSbBc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832949", "to_ids": false, "type": "size-in-bytes", "uuid": "d88e7355-14a1-413e-8afc-08810a93a00e", "value": "747648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832949", "to_ids": true, "type": "vhash", "uuid": "7750d49d-0e51-47f6-9f3d-884f7bdbb5c9", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832949", "to_ids": false, "type": "text", "uuid": "87cc80d8-ee74-4bbb-a6b0-ef455550b9de", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832971", "uuid": "211ad3a4-b69f-4877-9b4f-f0ee0b718da5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832971", "to_ids": true, "type": "md5", "uuid": "039c230f-b56d-4eb2-9192-2195f79ca816", "value": "147e3d06aea98fd52561ee7013c781d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832971", "to_ids": true, "type": "sha1", "uuid": "2328b65c-7bde-4723-b1bd-d09a24adccaa", "value": "ba7b57606b749d99a059f1eb7be32158c6ccbb67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832971", "to_ids": true, "type": "sha256", "uuid": "cacf4d79-fd38-4abd-a072-a4a7a22411a2", "value": "a77c3ccb4ee2abc1692cb7ccec2c9d02ffc3d1967391cc2b73046e40ec8d2bb2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832971", "to_ids": true, "type": "ssdeep", "uuid": "cc750a74-0443-4cfd-ab9d-6fbe7c8b61a5", "value": "24576:h/Q45Lbl8OiyJvDduxwZCMzafBwfgOFDVNdbK:BQAB8+LdOkeGfgAxW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832971", "to_ids": false, "type": "size-in-bytes", "uuid": "7680b553-1eeb-4be8-817d-1cacbd1e02b1", "value": "844985" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832971", "to_ids": true, "type": "vhash", "uuid": "6be383c0-036e-429f-8546-584e8999583c", "value": "0dc2fab3e59c36e5cd702b039f106cc9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832971", "to_ids": false, "type": "text", "uuid": "f5eb35a8-2211-47e5-9765-da4b15f14791", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD2\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740832992", "uuid": "65f55ae1-b568-4ab5-ba1e-35e0de8d39b2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740832992", "to_ids": true, "type": "md5", "uuid": "d07885e7-5ea3-4ab2-9de5-c3efeec1f15f", "value": "8229f7a253c909550f4a8a604dfd5aa1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740832992", "to_ids": true, "type": "sha1", "uuid": "1acd9292-9d8e-44f7-8dad-a9c090095000", "value": "5c77781e5a31460a52f867ff374819731266be50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740832992", "to_ids": true, "type": "sha256", "uuid": "4cf67d31-9a76-41e2-97fe-b88695311dcc", "value": "bffcfd5bf13b1332c30be47cd7ede8dd615777e26215ee981a25660568760e73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740832992", "to_ids": true, "type": "ssdeep", "uuid": "31224821-f9d1-4d37-a829-d22f139b392d", "value": "196608:9Y7wDOqgOY87wDOqc/OfXEetvPXroEAM7DSex:S71Br871z/xet3T7+ex" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740832992", "to_ids": false, "type": "size-in-bytes", "uuid": "f7adadf4-dc07-4d61-99d5-3d10afb590e1", "value": "13956190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740832992", "to_ids": true, "type": "vhash", "uuid": "66cfdd50-3ee3-4611-b265-8b2e9aa2f03e", "value": "4ee35e96debc9908194c10c68971bb67" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740832992", "to_ids": false, "type": "text", "uuid": "8e5358fe-9af3-4d5e-93cf-a73474a0fc14", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833014", "uuid": "0cfeba81-77af-48f8-aa01-3c5efbd9036f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833013", "to_ids": true, "type": "md5", "uuid": "bb38c261-b12b-485a-a8f7-bf37bd6e9a9b", "value": "a31dee81411815182408d93149a83441", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833014", "to_ids": true, "type": "sha1", "uuid": "fe5e820a-32ee-4d8a-989d-fdec7b0005bd", "value": "c0bfdebc6152654d5691f33fcfb2c3cf7ab459dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833014", "to_ids": true, "type": "sha256", "uuid": "67ea7319-3a04-4ac4-b621-1eb290638e31", "value": "a13c881b4ef382b2fbf7f8d40b74d1e22e463f1e2e87ddb45a365f59898ca6cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833013", "to_ids": true, "type": "ssdeep", "uuid": "bb74533a-1904-4eb9-9348-a9b95a609c2a", "value": "98304:9HkD6aMBlQYdTx0p7v4l/hzdG/FM4eMLYddvdbE5LP1kuv4vlNeYfsKu:i6a2QiTfzdjMLvLaFCUju" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833013", "to_ids": false, "type": "size-in-bytes", "uuid": "344db77f-9a03-4ec8-8bdb-4e5109f7d7b9", "value": "5726285" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833013", "to_ids": true, "type": "vhash", "uuid": "a751e7c7-13e1-4814-9b28-d72e04a98278", "value": "f5629d199e08c95862fbd16135293237" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833013", "to_ids": false, "type": "text", "uuid": "468be785-db0e-4eb2-a1cc-845299278e7c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833035", "uuid": "8c45642c-c5a2-4b3f-a176-ad5cd09b6e63", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833035", "to_ids": true, "type": "md5", "uuid": "1f212ab3-7910-4f0a-b716-f6fa79eda6a3", "value": "b4e41b8cdfe5e89d65e14402b6827b0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833035", "to_ids": true, "type": "sha1", "uuid": "17a5eb9c-b26b-4093-bb0d-e14c4734b6ae", "value": "04558261cc51d3a16e97e0464c1c911d22c58590", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833035", "to_ids": true, "type": "sha256", "uuid": "94cb1fa1-9fea-486b-8b4e-0d3d5eccc82a", "value": "0929ba1369dad6c705d45f3f8b2803ad5367641ed5b8c483bb137674f5ad05b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833034", "to_ids": true, "type": "ssdeep", "uuid": "1c12254a-e0ab-4376-8223-3742db60fd04", "value": "49152:P/jCz1EKCzamOLuv87ZtdsgFJa17lkSRaF39AiDlTprJMkZddcg6ypjVXahxr9wx:PmzORO287Z/WNlPRaF39kaacpjsy69QX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833034", "to_ids": false, "type": "size-in-bytes", "uuid": "944b243b-62c2-4013-a1be-932f106069c5", "value": "3700228" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833034", "to_ids": true, "type": "vhash", "uuid": "0c285fc8-d978-44c9-896d-1d97d59e5720", "value": "3f8515cd062d66d69e5e5eb7095ec406" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833034", "to_ids": false, "type": "text", "uuid": "2ea1eaa5-6a19-4216-b5c2-5091d30a88ea", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA63\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833056", "uuid": "4eae717f-bf0e-40f3-a2a2-aeb259e38815", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833056", "to_ids": true, "type": "md5", "uuid": "5d018fb4-436c-4e0c-922a-572a473bf77d", "value": "4380b58b5ae45130d11005381958722d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833056", "to_ids": true, "type": "sha1", "uuid": "c7ec2034-d141-4abb-9787-01feabfae8b2", "value": "7f10f0ff4b465015328f6553ec65e0c81b70c4ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833056", "to_ids": true, "type": "sha256", "uuid": "52901446-c43e-4e0b-84c7-d5a9e3fa703f", "value": "8e31d76f3d43c7939e722a7bd4584fcf52547611e22caafa1a90307bf75edd4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833056", "to_ids": true, "type": "ssdeep", "uuid": "6f1a80c9-9c0e-421e-96d7-2226268fd51c", "value": "6144:AfuCHlsbSpirSny+DXQw4qDR3OJVSIrBgn504vjgvMBjVst61MVo:4aSndDAw39b0C8ej2YEo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833056", "to_ids": false, "type": "size-in-bytes", "uuid": "bdb02188-5d7e-498e-8d7e-c09152caee68", "value": "289035" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833056", "to_ids": true, "type": "vhash", "uuid": "7af7f96f-6c90-45cc-8166-3e0c0b6264b3", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833056", "to_ids": true, "type": "filename", "uuid": "74619d26-0654-4128-a333-15834e0d6ad0", "value": "GlodEagl_.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833056", "to_ids": false, "type": "text", "uuid": "09904dcf-d5b5-4e7a-9fe0-3fda08241f6b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833078", "uuid": "b9ca4443-baa3-401e-ae67-0b7dc4100eac", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833077", "to_ids": true, "type": "md5", "uuid": "23bacff1-06ba-4fc8-9c1c-f710efe24d7b", "value": "7ab5fb4dda81a05e7928f4e9a6e4f0e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833078", "to_ids": true, "type": "sha1", "uuid": "58c09554-75ba-4408-b308-e309690c7771", "value": "ac7d702298a284633e26ea93da87c92cd9ff2e25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833078", "to_ids": true, "type": "sha256", "uuid": "c5664143-c151-4aec-9733-91c133556ceb", "value": "3dbceec6a747186a75ac5b81e0672446cd2bd732a30b81f37fcd94ecd04722ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833077", "to_ids": true, "type": "ssdeep", "uuid": "6796ceaa-f0ba-4ec6-9827-9d9206cc7b36", "value": "24576:0meyIf5bG2Ujbe7X38kZgnpyIunkoijDtF7AU98tw7C/T8J6J8X9:0meyA5G2Ujbe7XGYIWzc/AUCtcdcJW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833077", "to_ids": false, "type": "size-in-bytes", "uuid": "2a0b2e88-ea81-4244-90e9-49ac0c36aa6c", "value": "1242983" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833077", "to_ids": true, "type": "vhash", "uuid": "e0caf9e5-2d50-472f-b827-d3678f61c859", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833077", "to_ids": true, "type": "filename", "uuid": "5d9edbb3-05a9-4e9e-b9e8-d73a40f65918", "value": "GlodEagl_1456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833077", "to_ids": false, "type": "text", "uuid": "1fd78a3f-4f19-4b4b-8f2f-d50ec60bf70d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833099", "uuid": "3a065003-32f3-4d10-a000-11fd0ab7afe2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833099", "to_ids": true, "type": "md5", "uuid": "4e31da6c-7e77-4246-bbbc-fb6718c79a82", "value": "498c15a5b40e337b1002d6a6b416471e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833099", "to_ids": true, "type": "sha1", "uuid": "f1af6149-db07-4023-a7dc-0b3f00df2be4", "value": "40d86fca9edc82da799979f657e3a08a72fc4dd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833099", "to_ids": true, "type": "sha256", "uuid": "beadebd9-e80a-4462-9341-1a6a8881cce6", "value": "76518325783d4b0a7ebf1a9d224b7f64d2d0144c54475191694be797ec42be33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833099", "to_ids": true, "type": "ssdeep", "uuid": "9eb9e855-558e-44f8-8e85-42e2b685b2ca", "value": "6144:38X42pYInd1Fj/ioAMGFaiI8jSmL7+sAHQTnRgCt0opj:38X4aYINViI8jSmnAH0ztdpj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833099", "to_ids": false, "type": "size-in-bytes", "uuid": "bd5f7992-6b9e-40ae-82ca-f935d3810c44", "value": "283367" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833099", "to_ids": true, "type": "vhash", "uuid": "79d510fa-a130-4c39-9aaa-be24a3b97787", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833099", "to_ids": true, "type": "filename", "uuid": "b8534fc4-85d9-4242-8029-ee8c185a864c", "value": "GlodEagl_35.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833099", "to_ids": false, "type": "text", "uuid": "de8bb6d7-81ed-400b-a6fa-158f694f0ec2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833121", "uuid": "252d2a51-ee1e-476b-931f-c76bcfae9a46", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833120", "to_ids": true, "type": "md5", "uuid": "1b8c49e1-412c-4644-94a2-5489a8d250b9", "value": "c2b015c02097328d518ef3385eea907d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833120", "to_ids": true, "type": "sha1", "uuid": "f4b2d77b-5687-42af-838f-e35c66cced90", "value": "328db6f66b769170d99dfc29e5251a4f9f6e94a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833121", "to_ids": true, "type": "sha256", "uuid": "f359d291-7c3d-4ea0-b2c0-232fd235760d", "value": "facde425fec8c1ea02fe2ec5efc989b96d851cb0af122aa77e827a7c5d0a2b0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833120", "to_ids": true, "type": "ssdeep", "uuid": "fbb333a3-0aaa-40d8-a23e-b1df36a0d1dd", "value": "6144:38X42pYInd1Fj/ioAMGFaiI8jSmL7+sAHQTnRgCt0opd9OGYZWhwWGnM+Vo+78z6:38X4aYINViI8jSmnAH0ztdpd9OG2Whw3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833120", "to_ids": false, "type": "size-in-bytes", "uuid": "2b36d151-30ec-4164-96d9-dcb47336f6bc", "value": "292976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833120", "to_ids": true, "type": "vhash", "uuid": "ed6b9316-55fe-4c82-bd19-367077b1f49e", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833120", "to_ids": true, "type": "filename", "uuid": "7422ec48-0626-4612-8b24-e723ffcac04c", "value": "GlodEagl_3.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833120", "to_ids": false, "type": "text", "uuid": "de49d77c-bcb0-4e18-833b-c6ebad635826", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833142", "uuid": "13b49028-4656-48fa-adea-77bce0061a61", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833142", "to_ids": true, "type": "md5", "uuid": "2c01f98b-5ecb-48df-a65b-7faf2e7bf60a", "value": "ea09201a79fc283301d413429c3ee1fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833142", "to_ids": true, "type": "sha1", "uuid": "72d5cb37-8d1a-4cd7-a2b6-787e31481d0a", "value": "f3ba54440afddbfbb51210d969fd71d5d351c63e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833142", "to_ids": true, "type": "sha256", "uuid": "b5bdb501-b4fa-4b46-acd0-e3904e1fc113", "value": "e057b7850567a505497ca7eb98e0beb31bb41fc83601e8a4f564c791945b6581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833141", "to_ids": true, "type": "ssdeep", "uuid": "af10c2ac-7f1e-4fb8-8793-5e9a796982ca", "value": "24576:30D+Hl4sWYFu3whl1FyGE1xHEgR96Kvx4ICC2kMDe+XfoElqqD:1SsWYE3wh8x16+Bpjke+vogD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833141", "to_ids": false, "type": "size-in-bytes", "uuid": "bb80132e-9f85-4e53-b7ed-bab9b3d5050e", "value": "1261609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833141", "to_ids": true, "type": "vhash", "uuid": "8f0741cd-e110-4157-9eee-73b0d4e138a0", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833141", "to_ids": true, "type": "filename", "uuid": "c57ab5c3-ce19-4f50-9486-46f142388808", "value": "GlodEagl_12346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833141", "to_ids": false, "type": "text", "uuid": "81b8a4df-1dd8-4a85-adb4-cb6b8b4ee51c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833163", "uuid": "e1ab517c-ced8-4626-8cc0-68c2174a3a0f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833163", "to_ids": true, "type": "md5", "uuid": "24f86619-2a2f-4467-91db-49813a9f9e20", "value": "d8744979808f819f1177ec3d7d9c3f34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833163", "to_ids": true, "type": "sha1", "uuid": "8adae3ab-3981-4a8f-8645-c6185aeaf03e", "value": "e6491b524b5d4801c75370a71a1d39c9141c14dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833163", "to_ids": true, "type": "sha256", "uuid": "add171b4-17d3-4c4b-9ff1-31716205be87", "value": "a50cae07e0e0b5f2ab9dc283dafa71d9be2db0ec778fa2f396d9a6c49132595f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833163", "to_ids": true, "type": "ssdeep", "uuid": "286023cf-53c4-428f-9c31-68b1369386e0", "value": "6144:c8X42pYInd1Fj/ioAMGFaiI8jSmL7+sAHQTnRgCt0opwlU:c8X4aYINViI8jSmnAH0ztdpwU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833163", "to_ids": false, "type": "size-in-bytes", "uuid": "ff0b272c-f2e7-48c3-a4cd-d0f2dbaa894b", "value": "292664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833163", "to_ids": true, "type": "vhash", "uuid": "643673bf-90b6-412e-b837-c190513b400d", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833163", "to_ids": true, "type": "filename", "uuid": "43d56528-7cd1-41f5-8899-4db1e1d77ca7", "value": "GlodEagl_36.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833163", "to_ids": false, "type": "text", "uuid": "7c76712b-2c4a-44d7-8d1d-8878da6517cd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833185", "uuid": "76de4962-da90-4230-ae90-390c64566308", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833184", "to_ids": true, "type": "md5", "uuid": "d78dbfe7-01bf-4d72-82b4-c59539fd7e9c", "value": "cf0e02d54c73541b12504deac4eebc56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833184", "to_ids": true, "type": "sha1", "uuid": "4ec42f74-b743-4ffd-bf89-03825cef886a", "value": "22673d362a370d28412b4e6fe395c18fafe2a091", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833185", "to_ids": true, "type": "sha256", "uuid": "d47d51fc-013f-4ac7-b2c4-180edfa6ca55", "value": "3623ffff94554d8b34a21b745ca173fd3c5883a8dc3c72d0a4af95b95be41706", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833184", "to_ids": true, "type": "ssdeep", "uuid": "2f849ca8-7b73-4987-ad6a-85c7bbe06c2c", "value": "24576:XQDkzvR8XlelFWsu/lV0eBwb7VLOHtm6aBHhFqKJFjRyp:gkjaXMRyX67BONm6U2KJpRs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833184", "to_ids": false, "type": "size-in-bytes", "uuid": "cae69ab9-1bcf-4fab-9f38-befb992192b5", "value": "1092721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833184", "to_ids": true, "type": "vhash", "uuid": "33bab060-4b34-4259-b8b0-5ff5e5ce414f", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833184", "to_ids": true, "type": "filename", "uuid": "1eb53fe2-128c-4d3f-afa1-03e477f9cad2", "value": "GlodEagl_456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833184", "to_ids": false, "type": "text", "uuid": "f52ca26a-70c2-419b-ad1a-8f8ffa7d8424", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833206", "uuid": "50b4e82b-1253-448f-8f5f-860478617cb1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833205", "to_ids": true, "type": "md5", "uuid": "2faaa0d4-16ec-4024-a1f7-f05aa0262ee1", "value": "b716b3c6ab3d0f2556ab21082267a692", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833206", "to_ids": true, "type": "sha1", "uuid": "edcd49dd-9b1b-40ac-a8c9-4ba70c681a50", "value": "71d9a46d6a64d42ef4825a08643a1b4919fd3b82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833206", "to_ids": true, "type": "sha256", "uuid": "8db6a810-dfaf-4fe8-9812-34fd3e3ee0ee", "value": "78d8724759189e45f8d2352ba6af6cdfd3da07086e222d18219e6143b0bcd2f8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833205", "to_ids": true, "type": "ssdeep", "uuid": "6a4b1cf3-db36-41cf-8502-774d092d037c", "value": "6144:6fuCHlsbSpirSny+DXQw4qDR3OJVSIrBgn504vjgvMBjVst614vx:2aSndDAw39b0C8ej2Yix" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833205", "to_ids": false, "type": "size-in-bytes", "uuid": "11f662d3-5e3d-48f6-abde-1f8abbc1791a", "value": "288721" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833205", "to_ids": true, "type": "vhash", "uuid": "cb620a90-7993-4582-9521-017e7766eaf4", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833205", "to_ids": true, "type": "filename", "uuid": "6ab44f8b-093f-4e8f-98cd-bb68c72536aa", "value": "GlodEagl_6.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833205", "to_ids": false, "type": "text", "uuid": "0bc0d51c-51da-4a3c-832a-a1795761737b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833227", "uuid": "ae27aebc-25ab-4394-a62e-0fd5ae73e54b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833227", "to_ids": true, "type": "md5", "uuid": "33bc7de4-4624-44a4-b814-56645fdf4fc3", "value": "92be7cf182cd4feccb7255d6fa05e5b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833227", "to_ids": true, "type": "sha1", "uuid": "1f79bdf5-b818-4359-b3d2-06ad15524f28", "value": "b0b308c2206f8c5fd6d196e8844bacf9d3a52442", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833227", "to_ids": true, "type": "sha256", "uuid": "7cc3bfab-ca34-4f15-8486-7bf98e2cc2a0", "value": "8beef7eb7c46c369b6adfacff1994e40409fbf3d454eea763e1a97eccfdb1810", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833227", "to_ids": true, "type": "ssdeep", "uuid": "91749d3f-ccda-4a9a-aadb-fd5f4f31ee1b", "value": "6144:6fuCHlsbSpirSny+DXQw4qDR3OJVSIrBgn504vjgvMBjVst61V:2aSndDAw39b0C8ej2YV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833227", "to_ids": false, "type": "size-in-bytes", "uuid": "3c697318-74f4-445c-a279-55590e4af273", "value": "279112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833227", "to_ids": true, "type": "vhash", "uuid": "3b0a80ca-1668-472d-bedd-f3dd14ef2cf3", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833227", "to_ids": true, "type": "filename", "uuid": "aa50cd27-f8b1-4809-9671-24b0a701bf16", "value": "GlodEagl_56.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833227", "to_ids": false, "type": "text", "uuid": "d020009f-3997-4cfc-8e25-de9cf315d970", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833249", "uuid": "b47a7720-0b9a-497d-b7f9-6810d4f30809", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833248", "to_ids": true, "type": "md5", "uuid": "7c68fff4-1849-405d-8e13-522a8b2ab176", "value": "cdf229388f65bf7aef50ad72d923668f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833248", "to_ids": true, "type": "sha1", "uuid": "4150624b-d980-4b86-9213-a6cca8a6837c", "value": "f0dd360b0b5ed198db1a2182a6229b847cd8ca4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833249", "to_ids": true, "type": "sha256", "uuid": "6805c243-5ba9-4fbd-95c3-0f8279b709b7", "value": "f0d72470da7db0083d404a5c07b166b9dd1bc84df12da8e9fa208a1b0d74c284", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833248", "to_ids": true, "type": "ssdeep", "uuid": "d398b6a4-92d1-4bfb-8e94-002ca5ff6ea2", "value": "24576:oDkyH4RbJm3E4Xni8k4sgmdwDkHVreCLXm/iaMeTG+YqOSY8:ykyiA3EwE4rmHhhC/iaLG+KZ8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833248", "to_ids": false, "type": "size-in-bytes", "uuid": "cd385a69-d501-48ee-abf3-98b9421a8757", "value": "1227071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833248", "to_ids": true, "type": "vhash", "uuid": "32950554-6fc8-4468-8c7b-f5db1dc6c36d", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833248", "to_ids": true, "type": "filename", "uuid": "1dc7e310-1036-4565-9cea-bbe65dfb0ba5", "value": "GlodEagl_046.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833248", "to_ids": false, "type": "text", "uuid": "0613cbeb-0dd6-4959-9ce0-7ceb47f05836", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833270", "uuid": "dd5d2b42-0817-4f1a-8a05-2bd806a8481d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833270", "to_ids": true, "type": "md5", "uuid": "54ed22b8-4a76-48a9-b22d-b4e7594735a5", "value": "d7b5090809ebf61bc7a78954985171a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833270", "to_ids": true, "type": "sha1", "uuid": "26586cb7-ae0b-4dbd-965d-e12ebe12d03f", "value": "53d757b005ca55d40efd47aed5aa73146b2ec834", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833270", "to_ids": true, "type": "sha256", "uuid": "f87b0e5f-a799-462f-96ba-836108dc71db", "value": "ff22d43744671c8805bb23ceefeba2d8837efff0391ce034b34230c31cf7f5c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833269", "to_ids": true, "type": "ssdeep", "uuid": "f887ce37-cf92-433a-96f3-553de67f6633", "value": "6144:f+GSomug90P5fXBhz24go1wGK9feshFWt/qf0r4ZcsFUxIq:WdomugefXBgZesh4tS44ZVUiq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833269", "to_ids": false, "type": "size-in-bytes", "uuid": "69dee6d3-a134-4c0e-9937-1446db0a7503", "value": "281637" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833269", "to_ids": true, "type": "vhash", "uuid": "da7bb1a9-0a32-4e34-a77d-998a0aabe1a0", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833269", "to_ids": true, "type": "filename", "uuid": "af2c23ea-7852-4972-9b22-c3b57b02e265", "value": "GlodEagl_256.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833269", "to_ids": false, "type": "text", "uuid": "8600148b-8940-470e-a4a9-8900822c13f1", "value": "GoldenEagle\r\nType Description: ZIP\n\nMicrosoft: None\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833291", "uuid": "3a88e131-edd6-48ab-952c-9893a5fbb18d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833291", "to_ids": true, "type": "md5", "uuid": "95d753e8-0cb6-48e0-ac22-77973652e7f9", "value": "491031968dfc91eb9f419a8d2780d89f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833291", "to_ids": true, "type": "sha1", "uuid": "d2fb6472-10d0-4c91-a9c0-c270a8bf8417", "value": "e0e4f7126321f8198da51c9a6f5fffdc1292583f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833291", "to_ids": true, "type": "sha256", "uuid": "36b7e03d-c0ef-432f-b152-4dc86778a91c", "value": "bd624470e3fa8ae37f55c3d55c8cfa298a86d358c5701d43bbf155e200af7556", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833291", "to_ids": true, "type": "ssdeep", "uuid": "59410555-7b12-4c83-be8e-fb7152959738", "value": "24576:VRhO/xOxiMVEnRz+BxVLFICtpVxx1FhUlR2ksMv:HgCvORkx3ISpVv1/eRxv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833291", "to_ids": false, "type": "size-in-bytes", "uuid": "c93b031d-3cae-4894-89d8-b691e620ca2a", "value": "1238436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833291", "to_ids": true, "type": "vhash", "uuid": "bc8b5a40-dc43-4ee5-a368-5e45e304f252", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833291", "to_ids": true, "type": "filename", "uuid": "59f935b5-2797-4ff8-86a6-8699d533183c", "value": "GlodEagl_034.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833291", "to_ids": false, "type": "text", "uuid": "d0e89ef8-5286-4d94-841c-ec16d9a34bb6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833313", "uuid": "86d003a7-dc9b-439e-9f3e-c71bc070afa1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833312", "to_ids": true, "type": "md5", "uuid": "476ac799-3f1a-4d83-874a-fe5faf3b7cfd", "value": "9710089c33fa8f639035a3f124504eb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833312", "to_ids": true, "type": "sha1", "uuid": "65fcb7d6-f7fe-49d7-89c8-d63073800a2f", "value": "79139ffb36580e7d0477089c5109488cad7fc937", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833313", "to_ids": true, "type": "sha256", "uuid": "672638a7-a513-4777-a010-4c95e96196d8", "value": "85ab1461b6431f025689fddbf152aaec14025a2d9826db3def0c24ef0aeb7fc8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833312", "to_ids": true, "type": "ssdeep", "uuid": "63001c21-be49-435c-8a25-715eace535ca", "value": "24576:VRhO/xOxiMVEnRz+BxVLFICtpVxx1FhUlR2ksw:HgCvORkx3ISpVv1/eRh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833312", "to_ids": false, "type": "size-in-bytes", "uuid": "b9516e65-4f17-439a-ab8f-001f48f43404", "value": "1228827" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833312", "to_ids": true, "type": "vhash", "uuid": "e6e75662-8d17-4960-bd12-02f32b26ef76", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833312", "to_ids": true, "type": "filename", "uuid": "01638609-9cc8-49e0-8723-7dab5334bbea", "value": "GlodEagl_0345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833312", "to_ids": false, "type": "text", "uuid": "f35718c5-4885-4415-bfa4-4db60ff4a67e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833334", "uuid": "ccb933e3-5bc8-4735-974c-04ad289f9f3e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833334", "to_ids": true, "type": "md5", "uuid": "79b2a853-e0f1-4ce7-86c5-53edd192f32e", "value": "ec6665d80daa7e720887368c313d1ef6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833334", "to_ids": true, "type": "sha1", "uuid": "6c70e7d7-354c-43bc-83fa-0680e54dfed4", "value": "58a4c56858e62af6273d74d649032b4158ab3b25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833334", "to_ids": true, "type": "sha256", "uuid": "d230e471-3ba6-4d55-9768-c02263a8786b", "value": "434e05c757d21009d601ea17e199fda7c8f1082f7b6e03b707e6068a20790bc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833333", "to_ids": true, "type": "ssdeep", "uuid": "c31fadf6-e54d-49c1-91f0-50fd3319c301", "value": "24576:tttXGnPpaBll4284XNxVc0A4pMKA8/H8JqH+tU04X06:VuCtfNnc0VNN/cBLv6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833333", "to_ids": false, "type": "size-in-bytes", "uuid": "feede18b-b7b7-4bfd-bb21-54292a88fb0f", "value": "991287" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833333", "to_ids": true, "type": "vhash", "uuid": "c6146923-ad65-411b-bb47-94a21d5f4694", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833333", "to_ids": true, "type": "filename", "uuid": "ba6f6cf6-5683-4fb0-8bfb-29f1c61e11e1", "value": "GlodEagl_016.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833333", "to_ids": false, "type": "text", "uuid": "99c8463d-1233-4691-b075-a2725e6f7e16", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833355", "uuid": "afe12a0b-f7b4-4dac-bf29-4c56567e2a13", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833355", "to_ids": true, "type": "md5", "uuid": "c8a30f64-7baf-4f3b-9404-734f600c87ef", "value": "3a69b3e911b1ddce09501fd592102ab8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833355", "to_ids": true, "type": "sha1", "uuid": "d49dd1ee-8fae-48ce-9ff4-7c2e959aa248", "value": "b2c85c694eaefe17044ebdf271fb7552a74d82e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833355", "to_ids": true, "type": "sha256", "uuid": "c1e5e8cd-a101-4547-bf40-e8ec318c6fe7", "value": "7315badcb9bfbdbd5ef7d17823628e5cf5bce4daa3361a0fa813f790be84bd06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833355", "to_ids": true, "type": "ssdeep", "uuid": "dc43a373-0ce2-4d6e-be96-4bbcb35dde5e", "value": "49152:Urgg0OllvJ8Xhm8jesm3mYxcy1jizzJSghgUHxi:iLveU861mYKCmkgmGxi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833355", "to_ids": false, "type": "size-in-bytes", "uuid": "ae5346d6-326e-47d0-87ac-3044294f5547", "value": "1808087" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833355", "to_ids": true, "type": "vhash", "uuid": "f22499d4-2637-4fc3-aa1b-dffb0c0998a9", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833355", "to_ids": true, "type": "filename", "uuid": "353b2893-b985-44c6-9728-f5b886043ed7", "value": "GlodEagl_012456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833355", "to_ids": false, "type": "text", "uuid": "480047de-ac2f-4609-b26d-ee4a0c23fef9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833377", "uuid": "4df81cc2-cbc4-4270-9fd8-3dcc2e80326d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833376", "to_ids": true, "type": "md5", "uuid": "302945c3-8ed1-41a4-afc0-c869390b78ec", "value": "558982df49265985140bb3fcba69e4b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833376", "to_ids": true, "type": "sha1", "uuid": "5b3de900-619d-4c39-97a7-23744b44e09f", "value": "8d6aeca1e778e3a6897c64aa05f39c364c4af523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833377", "to_ids": true, "type": "sha256", "uuid": "c608e02a-8d8d-4d8a-a890-a534adeb5ca0", "value": "c593211a7657241bb6aa24e58e04e30ca05da6612bef6628e911fb00c43f9592", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833376", "to_ids": true, "type": "ssdeep", "uuid": "e8389505-3a93-425a-99aa-071dd3cdd3d4", "value": "6144:AfuCHlsbSpirSny+DXQw4qDR3OJVSIrBgn504vjgvMBjVst61V:4aSndDAw39b0C8ej2YV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833376", "to_ids": false, "type": "size-in-bytes", "uuid": "8cb7e841-e4d7-4c69-afc6-dcaebb70287f", "value": "279426" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833376", "to_ids": true, "type": "vhash", "uuid": "d0b2de0c-3019-4555-ba4c-d5832ae3a51c", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833376", "to_ids": true, "type": "filename", "uuid": "05899636-b62d-4ad0-9747-11f9b7d49e4e", "value": "GlodEagl_5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833376", "to_ids": false, "type": "text", "uuid": "4e1a576d-6281-4ecc-b6a0-832229e1d8b9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833398", "uuid": "8279c398-ab33-4026-85ac-d3e3a69b5d10", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833398", "to_ids": true, "type": "md5", "uuid": "636bac54-f044-47ba-9227-5de4749f9290", "value": "db3d0225c1fbfa35d263270211ba4886", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833398", "to_ids": true, "type": "sha1", "uuid": "b6eef776-cb4c-4df6-a2b9-35f6ecaab376", "value": "f64562d020ae592686fed700d70f25f968c415f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833398", "to_ids": true, "type": "sha256", "uuid": "9e7bd57e-11f3-4d75-990b-ae9e34dbf9e4", "value": "01cb64c055222bed463058e781bbde37c18554b1c126328c260d5fa20227679d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833397", "to_ids": true, "type": "ssdeep", "uuid": "8c729d23-2198-40d8-93de-2fe4246594e2", "value": "24576:XbhBqNUNC54iNLkQ8xwFtXD4a9fH2iDWwbp9WWTDQ5El5olDoQ6w+:LPqNMEdkJxwHXhZH2+Rbp9PDQ5EP6DHI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833397", "to_ids": false, "type": "size-in-bytes", "uuid": "d637506f-b389-460a-82a9-6efe220e6d56", "value": "991210" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833397", "to_ids": true, "type": "vhash", "uuid": "8e1d22b5-3955-4a1d-841c-2a21da49c54c", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833397", "to_ids": true, "type": "filename", "uuid": "44ae74ca-bba9-428d-818d-a19b6e601023", "value": "GlodEagl_01.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833397", "to_ids": false, "type": "text", "uuid": "a88adda7-06ef-4103-a994-6a7c4001287b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833419", "uuid": "403ebe81-2807-44d5-93e6-47cacae501e3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833419", "to_ids": true, "type": "md5", "uuid": "35984e13-ad79-4506-a5ec-3490ebd0af59", "value": "5c2e41a41474917a7e57d290f8b1dea5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833419", "to_ids": true, "type": "sha1", "uuid": "6ffcf522-4d98-4b42-9040-364ff76b1b2d", "value": "598347afe23f5e7466ab4bb6d95a71958ad91b92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833419", "to_ids": true, "type": "sha256", "uuid": "a71650a9-e840-49a8-b9cb-5423d5844d9f", "value": "1c2633890715adc66d2369b1619d28b17df0838fcccf11ab00d2b19258f6f93b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833419", "to_ids": true, "type": "ssdeep", "uuid": "2400ed28-2b17-42f5-8951-35cbe4764708", "value": "6144:f+GSomug90P5fXBhz24go1wGK9feshFWt/qf0r4ZcsFUxI8FR:WdomugefXBgZesh4tS44ZVUi0R" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833419", "to_ids": false, "type": "size-in-bytes", "uuid": "857a4e40-3617-4b68-99e0-a95d256f74fd", "value": "291246" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833419", "to_ids": true, "type": "vhash", "uuid": "d1e73a47-c379-4394-a020-732b5da4dc44", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833419", "to_ids": true, "type": "filename", "uuid": "388e7e38-5951-4f19-9a9e-d0ff2f2559ae", "value": "GlodEagl_26.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833419", "to_ids": false, "type": "text", "uuid": "33d61bb3-5d64-47d4-ae0b-ee0d5bbc50c1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833440", "uuid": "8f83f8ee-9af1-40c6-b4e1-49c2116cd11d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833440", "to_ids": true, "type": "md5", "uuid": "523568ec-e3e4-4475-b757-423f01e92d4c", "value": "141c684dd24103334f163865bd4ccaae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833440", "to_ids": true, "type": "sha1", "uuid": "4fec2613-111b-48f4-9b72-7ccf1d25c680", "value": "842b7b138a0f400f8b4593844169e55115693c8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833440", "to_ids": true, "type": "sha256", "uuid": "8565fbb8-b1a1-4f0e-b4d9-a810c996e097", "value": "a4e2eeab20f0f72f47acebb4cfcd70c80d7dcc6b65606b25a98c12c0b672a547", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833440", "to_ids": true, "type": "ssdeep", "uuid": "34dd4ab2-ac17-4cbe-9f96-4cd6b9ae3356", "value": "24576:KYMi/TEHVBVkCpXyTBkMFOv0aapujYhuvAWZnnLWE/semKvseiRlRMJC:Kfi/TE1sCpXAkyI7jcm9nLWE/WRMg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833440", "to_ids": false, "type": "size-in-bytes", "uuid": "2cafd22d-3837-4a69-b41d-7c146914f046", "value": "1252115" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833440", "to_ids": true, "type": "vhash", "uuid": "85821748-953d-4504-b72c-e2eb83ae2c77", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833440", "to_ids": true, "type": "filename", "uuid": "1bc22972-e47c-4c7c-aa6a-00b50d5e7e54", "value": "GlodEagl_123456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833440", "to_ids": false, "type": "text", "uuid": "b4ad3487-4557-447e-bc0a-64d6e322a3f3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833462", "uuid": "ed32189f-d50b-4052-b814-c63b599acce5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833462", "to_ids": true, "type": "md5", "uuid": "a59abcdd-d77e-4559-be24-43291271204a", "value": "adc765008b63b92428db6e9d75842b78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833462", "to_ids": true, "type": "sha1", "uuid": "eb983075-0c58-4eaf-a183-bb32d85ec3d7", "value": "dedc470a8facc78077025fa864f7ca7fc311dce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833462", "to_ids": true, "type": "sha256", "uuid": "2c3f9301-e4b9-4b18-b707-a24e75517f4f", "value": "09ec5afaae1548b22b2ba2814328c2b396e67eaab178aa6f09517b59d762a7b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833461", "to_ids": true, "type": "ssdeep", "uuid": "6e278f6f-3c43-42e4-aa01-5dc48e112d29", "value": "24576:VYKGuRO5iUwhH54YMc8qRpxdaeYekP9PboH1d8/UYGNAQUGc:VYKLbUA+5VqRB+ekPRUYGrk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833461", "to_ids": false, "type": "size-in-bytes", "uuid": "5576a7b2-e907-46bd-9e72-4434ef4dd4c1", "value": "1252171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833461", "to_ids": true, "type": "vhash", "uuid": "f52ae67d-73b0-4553-803b-f3bbb21e583a", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833461", "to_ids": true, "type": "filename", "uuid": "9cc57e25-7674-4d83-84b5-a054347c5405", "value": "GlodEagl_12345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833461", "to_ids": false, "type": "text", "uuid": "d9d90f27-1633-42ed-8efe-d181df712d1b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833483", "uuid": "88f91dc6-de15-48e2-9bfe-0aabdf85cac3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833483", "to_ids": true, "type": "md5", "uuid": "f104c793-c56f-46e3-8a49-af0f8ad15ab7", "value": "d60e6b8430d7b532c546657e39a4af79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833483", "to_ids": true, "type": "sha1", "uuid": "c6f5b236-4aa9-470b-bb11-18a176b327e9", "value": "f31518c32f0cb167190434864a348daf878b36b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833483", "to_ids": true, "type": "sha256", "uuid": "d95134e8-0dc4-4c09-8aee-6fac48d369e9", "value": "78d6d5660a2a7b2dabab8417d729f6be77e2d914e7c053b7e47c063dc1d8ec2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833483", "to_ids": true, "type": "ssdeep", "uuid": "05669afb-4b6d-4d18-9e4c-d91152391fba", "value": "6144:i4Eaba48eTHvf1SHc4gE0Jq8z4qd1svFMcI76YJt1cRwX1:iQ7fJ4gEqivFQ7PYW1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833483", "to_ids": false, "type": "size-in-bytes", "uuid": "3e38c466-da82-4754-a4df-cef8367b2000", "value": "293882" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833483", "to_ids": true, "type": "vhash", "uuid": "08a84f9d-8bb6-4724-b3f8-e3720fe3803d", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833483", "to_ids": true, "type": "filename", "uuid": "4004187e-a21b-4b56-b9d0-9760282db794", "value": "GlodEagl_236.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833483", "to_ids": false, "type": "text", "uuid": "0d0f5f1a-4f2a-4a09-9c45-762972f32b28", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833505", "uuid": "f2c6ea86-351a-402c-96d5-28fb8c15ed89", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833504", "to_ids": true, "type": "md5", "uuid": "36df4398-59f4-4748-8735-b2c20d5e2c9d", "value": "6e644cebe05cbda74ca1699a9638e778", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833505", "to_ids": true, "type": "sha1", "uuid": "4c2a3735-41d8-4cb5-a178-720a24312ea3", "value": "da8495d34d2d9058635bced02f0d6c4b14a688de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833505", "to_ids": true, "type": "sha256", "uuid": "7dbc3318-eb57-4461-85e6-62c0358ce0cb", "value": "876f94627b0d27071c257f20c3c13d65a83e8ba4c363a613c26d0466abe63b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833504", "to_ids": true, "type": "ssdeep", "uuid": "24d27692-1b0f-4f37-9472-9233aeeb0040", "value": "6144:p+GSomug90P5fXBhz24go1wGK9feshFWt/qf0r4ZcsFUxI3:EdomugefXBgZesh4tS44ZVUi3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833504", "to_ids": false, "type": "size-in-bytes", "uuid": "f12da528-52a5-4ab1-ab4b-af4e7d786910", "value": "281951" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833504", "to_ids": true, "type": "vhash", "uuid": "15a61afe-d362-4813-acbb-0dc74d26f6cb", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833504", "to_ids": true, "type": "filename", "uuid": "5cbc3cea-41a0-4bcd-8400-9325514b84ae", "value": "GlodEagl_25.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833504", "to_ids": false, "type": "text", "uuid": "b7799623-9452-47c0-82cd-9bb2889df652", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833526", "uuid": "e46a6ba6-a669-4399-913c-88be0304b003", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833526", "to_ids": true, "type": "md5", "uuid": "3e6ffba9-44a7-40b4-bd7f-2cb526254d19", "value": "2d3750d9d6064cf3cee69ede3a93fdf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833526", "to_ids": true, "type": "sha1", "uuid": "6fc6af78-58ad-437a-b3d2-30063b4a51d7", "value": "b1f3461611e4fe3502c7370c736ca7ddb849f7bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833526", "to_ids": true, "type": "sha256", "uuid": "6076c923-800d-467d-9a51-4c61f3fafb7b", "value": "de0462f7dad142eab829e639027f5aeb8b4926a587430561341906fb13cd98e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833526", "to_ids": true, "type": "ssdeep", "uuid": "7b162ead-43e4-4ec7-92df-71d6980ebca2", "value": "24576:ehzL4WJrx4Xz9vFOwWVbjT/48YeHLoGWRUiVZo2CTkp:eCMrx4PgXT/48YeH5WSirrp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833526", "to_ids": false, "type": "size-in-bytes", "uuid": "d38b7072-8379-4906-bc47-26b0c87b8e54", "value": "1111166" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833526", "to_ids": true, "type": "vhash", "uuid": "d8265ee9-66bb-43dc-8584-4c1293cc91cf", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833526", "to_ids": true, "type": "filename", "uuid": "d7e1a04d-d8e2-4f76-8192-5f411e412acd", "value": "GlodEagl_2346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833526", "to_ids": false, "type": "text", "uuid": "e6a7f51a-0a4f-4650-ac4d-38d3079d2098", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833547", "uuid": "9c932c42-bc5b-46ee-b038-465e04379bd3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833547", "to_ids": true, "type": "md5", "uuid": "70bdfea9-78c4-4815-b391-9c05ebd94c87", "value": "8fbd72d77749a85d7a47af0ce7335b08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833547", "to_ids": true, "type": "sha1", "uuid": "baa30021-ca2d-48ff-b3f1-c3167ef66677", "value": "35aaaf011bb42ba963f9250666406464e58559f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833547", "to_ids": true, "type": "sha256", "uuid": "695b9287-cd96-4154-939d-b12ebe65aa73", "value": "13dc080a16dd0814203e2a883a77ff90a17d57107e6a8e3003f481b03df7e84e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833547", "to_ids": true, "type": "ssdeep", "uuid": "994d5c05-2495-4a40-b91d-94640759d073", "value": "24576:saRIB/gqH1G13wR3kA+V2TyaQH0PbKi+RJvpm++JAufQkef:1RS9s3qkA+VEjKqrUJvR+GMef" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833547", "to_ids": false, "type": "size-in-bytes", "uuid": "fce02e51-06d1-40fa-bc50-ebacc46e6efa", "value": "1241494" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833547", "to_ids": true, "type": "vhash", "uuid": "0c6369fb-b254-469e-901a-5f0fc87c3c2b", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833547", "to_ids": true, "type": "filename", "uuid": "74ad3515-e05c-424c-9ec5-1de9a42a07f4", "value": "GlodEagl_0234.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833547", "to_ids": false, "type": "text", "uuid": "baaf2158-558c-4b5c-9199-ede060466345", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833569", "uuid": "1e201428-209d-4c06-8844-df29fbaf7de3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833569", "to_ids": true, "type": "md5", "uuid": "934360a3-f86e-41aa-ba3b-b45bbe0465b6", "value": "baec3eb663e6a02b6be2fb481ab13c50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833569", "to_ids": true, "type": "sha1", "uuid": "f08c0419-474c-4c1c-845a-3867f3496caa", "value": "7fd196a0ca199bd216cd9ff0575167ad0b464461", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833569", "to_ids": true, "type": "sha256", "uuid": "68613065-269b-4f98-bb48-121d47d70fd3", "value": "feb523488ed315e53de6c303b03fb6377c9736dcc51d2bcb18b0ce080f96371f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833568", "to_ids": true, "type": "ssdeep", "uuid": "bcfb1954-d722-4632-9d60-f7fc76a3c656", "value": "24576:aRPUuSKs1BMS80QrifkqQFNAbOc4XISfXVYRbQ17QsxbuhdxEPqBpg+cz1:adKIj0Qr8S4747fX2RbQKsFUCPq30" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833568", "to_ids": false, "type": "size-in-bytes", "uuid": "97000a54-8bac-4656-900c-4cad0f17e789", "value": "1249071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833568", "to_ids": true, "type": "vhash", "uuid": "f4df633c-9f7d-43d3-9470-5c284585361e", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833568", "to_ids": true, "type": "filename", "uuid": "a72db42c-177c-4821-9ce0-fdb9306394c1", "value": "GlodEagl_1345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833568", "to_ids": false, "type": "text", "uuid": "37c12ae9-063d-4fa5-a775-de6f8b0e0c0b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833590", "uuid": "521a3223-dd31-4f4d-9265-35525c92b67f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833590", "to_ids": true, "type": "md5", "uuid": "c85e0487-8d72-4c9b-9032-81a079b336a5", "value": "237db96e3792dff96d88d5e7ade911a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833590", "to_ids": true, "type": "sha1", "uuid": "af26d370-731b-4afc-9d2c-1e16059da1cd", "value": "fc366591211c3a80b512f14a826a5c86d7ff4015", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833590", "to_ids": true, "type": "sha256", "uuid": "7b7d7415-b68e-4e69-b461-18c0c9770029", "value": "586934909e677cc68f4410d9bb88cdd1ab555af7e9927d93d2b45e8c617b45fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833590", "to_ids": true, "type": "ssdeep", "uuid": "5a84a38c-32b4-4c54-92d4-21730df25ca6", "value": "12288:p6OPhYrOUNSUHF3pxKFBetk1tTozNvHF2WhIeC:p6OpYrFNnl3KFp7TodHF2wDC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833590", "to_ids": false, "type": "size-in-bytes", "uuid": "10c4e9f4-c895-4253-a946-5fa00993eb4e", "value": "413367" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833590", "to_ids": true, "type": "vhash", "uuid": "57b6e99a-69d2-4688-b20e-fc1f24a42349", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833590", "to_ids": true, "type": "filename", "uuid": "11a26cdf-574e-41a7-99fa-d0c4eb26422c", "value": "GlodEagl_0235.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833590", "to_ids": false, "type": "text", "uuid": "548b48c8-5cff-4b27-b45c-39b720486fe2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833612", "uuid": "04cb57ef-5204-45b3-b524-6482c4d0b51c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833611", "to_ids": true, "type": "md5", "uuid": "cbc21c1a-bfe8-49b3-b282-68fe85727677", "value": "c0ebd56fdab7a6578705d0bb83359261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833611", "to_ids": true, "type": "sha1", "uuid": "8d9d6872-9a19-4258-a3d8-e95961fd857a", "value": "c18e5d00eae2d30d8dbc725bc58f30940dac8a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833612", "to_ids": true, "type": "sha256", "uuid": "a1c0e9d3-d77a-4121-859e-00f2cf782757", "value": "e53721bba217e4114e1a08da643cfd540feb9b43695062d9717b35d2422e9531", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833611", "to_ids": true, "type": "ssdeep", "uuid": "25cc7ed7-ff23-4238-8796-9973c22a527d", "value": "12288:0wT8dpgDvr+x3RZ4XLklEGPewVcapKu4I6awJwfa/KiOChi6z:0k8dk+xhZ4bNQZ4fB+faTpz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833611", "to_ids": false, "type": "size-in-bytes", "uuid": "58053fc4-2a3d-4a7e-9e2b-64342e16b58d", "value": "425726" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833611", "to_ids": true, "type": "vhash", "uuid": "fd487ab4-e0ab-45f0-af7b-b0b6450b0bcc", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833611", "to_ids": true, "type": "filename", "uuid": "0930496f-aae3-4f03-9f98-010da018783b", "value": "GlodEagl_156.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833611", "to_ids": false, "type": "text", "uuid": "0ebe5c54-7ad6-4fc8-8f3e-08725ef7901b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833633", "uuid": "859acb59-ad67-4c0e-9d11-3d0b4eec5f32", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833633", "to_ids": true, "type": "md5", "uuid": "87277945-c171-4577-b574-735493e5364e", "value": "7eabd18aa3ad9c2cfd3e094917055dd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833633", "to_ids": true, "type": "sha1", "uuid": "2fe3782a-84aa-4df0-9152-bab2c0cf5a2f", "value": "6addf03db381861d664329a15b5a51dabad532fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833633", "to_ids": true, "type": "sha256", "uuid": "ba9bd23b-892e-4abb-b07c-9b8a92fe154b", "value": "ecf67beb69965a2e48477e47e4b6c2c431864db1eccd32754753f56d2ad2f094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833632", "to_ids": true, "type": "ssdeep", "uuid": "a84fcba7-3144-4527-aa70-072c0c8c4dba", "value": "24576:KzQyPrQHOogEQjJsq1ANUMCXWls0CFe0mH90IMm49R:pu51sAANfk50P0OSIwL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833632", "to_ids": false, "type": "size-in-bytes", "uuid": "2b776e7f-5d03-40be-8ab1-1c0d94838213", "value": "1222893" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833632", "to_ids": true, "type": "vhash", "uuid": "0b38b4c0-1852-4145-9c14-6cedd7357d81", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833632", "to_ids": true, "type": "filename", "uuid": "05d72a05-937e-4527-a6be-801f5b1203c5", "value": "GlodEagl_0245.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833632", "to_ids": false, "type": "text", "uuid": "70e51ca4-5b72-40e5-9e44-8045c957487c", "value": "GoldenEagle\r\nType Description: ZIP\n\nMicrosoft: None\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833654", "uuid": "811d2446-66b5-4f67-9288-5eba59be0f4e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833654", "to_ids": true, "type": "md5", "uuid": "2ec592c1-0db8-41d7-b27c-3c8fdea941c2", "value": "5db1aaa5b64d3bfe0de5070b7f557430", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833654", "to_ids": true, "type": "sha1", "uuid": "72825d9b-5252-463b-a398-8a58cf3cb2b5", "value": "c6c5abd0ad92caf84fde038e0e55631b0d1b8aa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833654", "to_ids": true, "type": "sha256", "uuid": "3d2f7235-bf2f-4e8a-b300-dfc3bcc98714", "value": "8c12267736debcd9fbe2156b45e4ed4a307770b7422dbf12800576e1167e054a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833654", "to_ids": true, "type": "ssdeep", "uuid": "0d887b90-387f-4d72-92f6-97dceebd8501", "value": "6144:R4Eaba48eTHvf1SHc4gE0Jq8z4qd1svFMcI76YJt1cRm:RQ7fJ4gEqivFQ7PYm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833654", "to_ids": false, "type": "size-in-bytes", "uuid": "55fe238e-89cc-4357-8c77-012e93fc203e", "value": "284585" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833654", "to_ids": true, "type": "vhash", "uuid": "6a325716-f7b5-4a7f-9165-26b4e4ab9f16", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833654", "to_ids": true, "type": "filename", "uuid": "aed70e1e-1dab-42ef-af56-e05421e3aae5", "value": "GlodEagl_235.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833654", "to_ids": false, "type": "text", "uuid": "a3e96336-717a-49a2-a470-d7283878823f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833675", "uuid": "f6ed44cc-6076-4bdd-80cc-4034424e4abd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833675", "to_ids": true, "type": "md5", "uuid": "0f52629a-d363-4691-8cfc-2d0c224093ae", "value": "02eba18a4bb6d6e92b19eacaa7dc68b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833675", "to_ids": true, "type": "sha1", "uuid": "dbeae5f8-3f91-42ed-8f03-feef69a0888b", "value": "5c4e69b2bfabb608c37fb49db91fa54d06170341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833675", "to_ids": true, "type": "sha256", "uuid": "24ffcc2c-ee1a-4dec-9512-ad711eb9cf32", "value": "1d210f1e2251d4dada00407879b6404f9ac09855f1765e415d4deffe11d7c744", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833675", "to_ids": true, "type": "ssdeep", "uuid": "28ddb9ba-5b33-4d7f-8527-debad68bbeef", "value": "24576:oqKfyB72Uq14dMqrwaOzdCb6jwMjR2gA4f409o26JiMSF9CMIY:oqC2729EbrwRzdC6wMjw4f40Z6hSOTY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833675", "to_ids": false, "type": "size-in-bytes", "uuid": "61e39fa6-8235-4a98-8ab3-1e5fd43e8c17", "value": "993011" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833675", "to_ids": true, "type": "vhash", "uuid": "9ee51fee-1581-4402-a832-b0de2ef6ced7", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833675", "to_ids": true, "type": "filename", "uuid": "ca5ec0e2-5838-4a36-a3f2-2dbcb948320d", "value": "GlodEagl_0123.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833675", "to_ids": false, "type": "text", "uuid": "33fbd7a0-f918-4180-a4d5-0abbe5decd4e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Occamy.AA\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833697", "uuid": "ba9f5196-13e1-46a4-88ff-94e8df35e2e7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833697", "to_ids": true, "type": "md5", "uuid": "1092afeb-05ca-4b6f-9548-c4c451a739ed", "value": "5f1c34b6800b421ddb3aecf7bea4f22e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833697", "to_ids": true, "type": "sha1", "uuid": "67214328-c2eb-486e-a11f-6bc818968604", "value": "c74e7a1e790b0c8757c85be5d6120eb21f92aaaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833697", "to_ids": true, "type": "sha256", "uuid": "befea86b-ef32-4146-b528-02d36fdeb423", "value": "cedb51b11727a0e2e8e59649a3922e24070ce08af441f2d7bfdd3a1635c3dc2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833696", "to_ids": true, "type": "ssdeep", "uuid": "b6f49e80-6648-4737-bed0-4094396ce41d", "value": "24576:KwMM3/GEINGX7f5G3U/r3OsG3q3izzxMwBJgWZH6j:K23/GEINGL5rTFGfTBSW0j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833696", "to_ids": false, "type": "size-in-bytes", "uuid": "123b0c22-1160-4952-92e8-6fef6c22f7a2", "value": "992907" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833696", "to_ids": true, "type": "vhash", "uuid": "650793fd-40e7-493f-bf49-254ad2eceefe", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833696", "to_ids": true, "type": "filename", "uuid": "61a7ab50-65f2-45ff-8d3b-78f9760111d6", "value": "GlodEagl_01236.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833696", "to_ids": false, "type": "text", "uuid": "3df6e823-0778-4dea-9551-b037a1d24c4c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833718", "uuid": "6eaa2cb3-3da1-45ac-b2d9-1ca6adda90bb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833718", "to_ids": true, "type": "md5", "uuid": "446a8908-4bfc-4ec7-bcb8-e61c18818cf5", "value": "95bd1d1334eedcb45dc717558e3a7f91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833718", "to_ids": true, "type": "sha1", "uuid": "714360c9-6f19-4e7e-95e3-2cb2a7387756", "value": "c00ae59b7d18d5271fd04534a59ae274f34c7721", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833718", "to_ids": true, "type": "sha256", "uuid": "5fe1e15c-040e-45a5-bbb3-6026fa2ba8a4", "value": "fd8a8c475d49a1790dd4c077a746d0a34741b10683b116961d343722b2db641d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833718", "to_ids": true, "type": "ssdeep", "uuid": "db5131f5-be9b-41aa-a4bb-623402aab8ae", "value": "12288:md1/dzB7z3iixxR2HH3/Ry34leFDL7u9BN95FWzkL:mrdz9z3TSn3g34sLu9BjvL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833718", "to_ids": false, "type": "size-in-bytes", "uuid": "ae25d31e-7171-4612-ab1f-0ed9a0810c73", "value": "430277" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833718", "to_ids": true, "type": "vhash", "uuid": "4bf4a1d8-1c31-4d05-808f-8c8d8461208d", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833718", "to_ids": true, "type": "filename", "uuid": "8dc5dbb8-ef46-4b99-9dae-713166a3ac76", "value": "GlodEagl_135.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833718", "to_ids": false, "type": "text", "uuid": "7c6783f3-b152-47a0-8083-a266202a85da", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833740", "uuid": "d360453a-3e29-406f-92aa-68982e847d80", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833739", "to_ids": true, "type": "md5", "uuid": "4dd84fa5-df84-4607-85ab-86290ad86573", "value": "43753f78846ea42c267b4af961ab3a98", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833739", "to_ids": true, "type": "sha1", "uuid": "230d40b5-c5bf-4b90-9c7d-08bb19fb3c36", "value": "caf5ea00aaa16a91372d464a6baa07aeb8fb0b2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833740", "to_ids": true, "type": "sha256", "uuid": "654a0331-0af1-4bf3-bf13-0d03b4177846", "value": "8a05fa989ab070be2f2528a2dc19e0528311dea5d724af9f15a842147d37d992", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833739", "to_ids": true, "type": "ssdeep", "uuid": "62bb9d39-e0c0-42e0-a1bb-2848a6a6681f", "value": "12288:r61GW34bA8xjFz9Dl/w5liZvJjEEB20mqm4suZ:WZGFpDqlsEC20WuZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833739", "to_ids": false, "type": "size-in-bytes", "uuid": "53e90406-50d1-4e6a-9ad0-8b99626edea3", "value": "439267" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833739", "to_ids": true, "type": "vhash", "uuid": "f93b2d06-3500-4938-999c-13709f6c1038", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833739", "to_ids": true, "type": "filename", "uuid": "aad22822-e844-4417-a479-99d5f9fc2bc2", "value": "GlodEagl_136.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833739", "to_ids": false, "type": "text", "uuid": "0b2ab16a-9cd4-4a69-99bc-2b160ced0bb8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833761", "uuid": "8cccc567-2912-419d-8c40-5e68042df455", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833761", "to_ids": true, "type": "md5", "uuid": "1a3d78be-53ff-4bef-b172-97de01579524", "value": "9102eb3835f92db525ad73f900b0bbf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833761", "to_ids": true, "type": "sha1", "uuid": "58e58f39-a951-41ec-9777-2a2fe5dad5f7", "value": "6e1df33ce941adb77e7818cf96cebca304c1648a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833761", "to_ids": true, "type": "sha256", "uuid": "24bbc54a-7b0e-40c4-a432-a355c45d9865", "value": "012a0581ff00b3bf4f077a488b7704712fc1e44c7605814a4800c974e5e34004", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833760", "to_ids": true, "type": "ssdeep", "uuid": "33f3654b-0c91-49ce-ba14-ee88a50bfe50", "value": "24576:yyHKSXACuNIyfqzRWdJfMSdf6TqtapYTFqvodueon:RqbCuNlqzRWdJ0Wf6GApY90eU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833760", "to_ids": false, "type": "size-in-bytes", "uuid": "4f6e11df-8a36-4aa0-bd00-3db1eea292e9", "value": "1098888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833760", "to_ids": true, "type": "vhash", "uuid": "0c69827b-a870-49de-be9c-be26eabaa6b8", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833760", "to_ids": true, "type": "filename", "uuid": "799a0f3e-d5ad-4f71-953d-7604045c5348", "value": "GlodEagl_345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833760", "to_ids": false, "type": "text", "uuid": "9e138a68-5807-4f11-a58a-7d1482c7c7c7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833782", "uuid": "3a291a27-d3a6-4a3f-8f79-f666a10d8ac8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833782", "to_ids": true, "type": "md5", "uuid": "b85283ed-ec85-4622-aa3e-db4099daf8b1", "value": "8f03aa1a75dd6af1f2f17fe707636f45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833782", "to_ids": true, "type": "sha1", "uuid": "a29318c4-865d-438c-b5dd-54b939a648be", "value": "d9ebd7dd06f9fba609e6484b120b82f106a37866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833782", "to_ids": true, "type": "sha256", "uuid": "87b82944-d821-4c6f-a1aa-d759362e14c5", "value": "7041020d3a1d57c2f95af035b03a4cbcf716425bbfbc331989b01d1e690e2414", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833782", "to_ids": true, "type": "ssdeep", "uuid": "fda600b4-5d36-4e7b-8e4d-1a4a2f88fd2d", "value": "12288:oc3/Vsgq9yscDPPn4AIEe1iwVVICmUttnt7oD:oc3W7yscLwAIEedIvUtt9oD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833782", "to_ids": false, "type": "size-in-bytes", "uuid": "fd345174-2b9d-496e-8996-6defba2b33a7", "value": "413358" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833782", "to_ids": true, "type": "vhash", "uuid": "b917b18e-e980-404a-a5c7-a1772472dd97", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833782", "to_ids": true, "type": "filename", "uuid": "00819972-c9db-48a7-bee8-1556d0d66131", "value": "GlodEagl_06.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833782", "to_ids": false, "type": "text", "uuid": "fafab7af-e924-4491-bda5-32719cd0654a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833804", "uuid": "8ed78818-ab64-483f-9654-9f138c6fa57c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833803", "to_ids": true, "type": "md5", "uuid": "dd9a4971-a045-4891-91b8-062733752237", "value": "dd2a9855962426406805049e3b1a62b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833804", "to_ids": true, "type": "sha1", "uuid": "5628197e-a1ef-492b-9f94-0cbb3f7d1362", "value": "b1b3df9a265adebd3c9385a17c91d6af81cb1e8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833804", "to_ids": true, "type": "sha256", "uuid": "54fc6714-042c-4844-974c-8dc0d810254c", "value": "e2c21e32f7674442f7fff2069b2d545f9dae6873a382a5d4297587b0c6cf8fc1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833803", "to_ids": true, "type": "ssdeep", "uuid": "9fe3af9a-834e-4a15-9b24-878a17ba7487", "value": "12288:Y6OPhYrOUNSUHF3pxKFBetk1tTozNvHF2WhIegK:Y6OpYrFNnl3KFp7TodHF2wDgK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833803", "to_ids": false, "type": "size-in-bytes", "uuid": "b896ea90-977b-405f-9a18-858d6e5b08be", "value": "422664" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833803", "to_ids": true, "type": "vhash", "uuid": "748dfa65-74b7-432c-8822-15074c919d37", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833803", "to_ids": true, "type": "filename", "uuid": "f9e07120-b16f-4f86-b67a-6cb44edd69f3", "value": "GlodEagl_0236.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833803", "to_ids": false, "type": "text", "uuid": "1dab2acb-67a8-4678-92d3-aac317f07ff5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833825", "uuid": "36121935-b0b0-4035-82bb-ea46ea3ef179", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833825", "to_ids": true, "type": "md5", "uuid": "7b22d468-2a76-44ff-aa4a-ebf285ee13aa", "value": "94335b1f1234ab737ccff1ab98fb83e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833825", "to_ids": true, "type": "sha1", "uuid": "567b2e7f-565f-4580-8eab-4248438c87fb", "value": "7f73af57c7b2f3cfdb694047d12038387a6e5e8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833825", "to_ids": true, "type": "sha256", "uuid": "ed703b8d-7143-4f17-9165-53bed6bd3af5", "value": "0cdaa51c64e170b94ad0f4475b9d75c1bef717fc055917960a76768fecc1c7cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833824", "to_ids": true, "type": "ssdeep", "uuid": "5e0f66f6-5a2c-4d2c-a04a-0982c939a5c7", "value": "12288:Y6OPhYrOUNSUHF3pxKFBetk1tTozNvHF2WhIeZ:Y6OpYrFNnl3KFp7TodHF2wDZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833825", "to_ids": false, "type": "size-in-bytes", "uuid": "fd0dbb37-cf6a-4b0d-a717-60b440828b84", "value": "413055" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833825", "to_ids": true, "type": "vhash", "uuid": "e96afe5e-4b33-4226-99aa-d990298316b6", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833825", "to_ids": true, "type": "filename", "uuid": "2b2430d0-1215-43d6-a39e-88de905f27e1", "value": "GlodEagl_02356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833825", "to_ids": false, "type": "text", "uuid": "ea584c61-cd1e-41d1-a606-775826f07c36", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833846", "uuid": "f2db4830-8463-45e7-817a-14cce00a9b06", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833846", "to_ids": true, "type": "md5", "uuid": "ce27f9d1-6ac2-4893-a214-f922ca36f243", "value": "1c45622ab5541940298c2ba557ec5ff7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833846", "to_ids": true, "type": "sha1", "uuid": "67bf8936-1319-4b0e-903e-b1fd4554521d", "value": "d3743aaee231ea3743d85f1f68e718dd7b35acd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833846", "to_ids": true, "type": "sha256", "uuid": "6b07240d-f018-4725-9f0a-939eda979639", "value": "d0b13d4feba996461561e235fe425542bd06183a9e720d68eeb91cfd92b51268", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833846", "to_ids": true, "type": "ssdeep", "uuid": "b218afa6-4eec-4a99-9b90-53bb42abff7d", "value": "12288:Kc3/Vsgq9yscDPPn4AIEe1iwVVICmUttnt77:Kc3W7yscLwAIEedIvUtt97" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833846", "to_ids": false, "type": "size-in-bytes", "uuid": "1cc1292e-8b95-4feb-9da6-00e5ec556802", "value": "404063" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833846", "to_ids": true, "type": "vhash", "uuid": "118f1706-b324-42b0-bf9a-662c09ef407a", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833846", "to_ids": true, "type": "filename", "uuid": "fcb228f1-763d-4e36-aa88-ef21594cfc94", "value": "GlodEagl_05.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833846", "to_ids": false, "type": "text", "uuid": "135782ed-aafe-41c3-8890-e97d956948d8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833868", "uuid": "fd934091-1e28-4ba9-85ba-7c8ff5a5a4e4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833868", "to_ids": true, "type": "md5", "uuid": "acf2cd67-5d9f-4151-8923-030a08923078", "value": "1bead74a4babc2d681d52cb921f2d338", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833868", "to_ids": true, "type": "sha1", "uuid": "736d9735-9bf3-4963-9e9e-5ca3e4dda11a", "value": "5b78b7b71bed60a9028ee20af0249cd8296887c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833868", "to_ids": true, "type": "sha256", "uuid": "6416fc8c-6c8f-47f3-9a50-147ecf16aa89", "value": "d18d25125e84fa2287fa4af6a16fbd27ffc4bd888356bb4a26f4a2d9b43844fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833867", "to_ids": true, "type": "ssdeep", "uuid": "a3349cea-c67e-4a62-bb27-8d9faf104f09", "value": "24576:r9HywXheIr1QBDjTMs5wYGDkYL12RG981aiX/qN43JlIUVgP6kmi+6ysMe24:rx9eIr1QVNwDkC12R3X/qN02UCxmi+67" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833867", "to_ids": false, "type": "size-in-bytes", "uuid": "3ba48178-5130-4d95-9e8b-54a5eb488368", "value": "1247089" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833867", "to_ids": true, "type": "vhash", "uuid": "33ef93b8-b5ed-4a50-846b-5db44400f11c", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833867", "to_ids": true, "type": "filename", "uuid": "5df80eac-0b16-4d19-a4a8-6b61444e8b5f", "value": "GlodEagl_1245.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833867", "to_ids": false, "type": "text", "uuid": "fdfd80e0-9bef-47ed-9f4e-92894256d18c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833889", "uuid": "dab2ec37-2933-44ec-ad33-ce4a93e2bdce", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833889", "to_ids": true, "type": "md5", "uuid": "cec46f11-fcb5-41ef-bfd5-20b745ff9673", "value": "32b63de5fe5c5eda5c029e253cd26305", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833889", "to_ids": true, "type": "sha1", "uuid": "9d25755b-7acd-441e-b6a1-f54705f853ce", "value": "6e43f1271b1413802a080715813478b024143a86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833889", "to_ids": true, "type": "sha256", "uuid": "e0e94263-75dd-4ad8-8edf-897452134f03", "value": "2f8459d1a1276922fd7daa4a31a873fb44a1d8e7f8df00e06ed5c61c5fd6857b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833889", "to_ids": true, "type": "ssdeep", "uuid": "499abdd8-a090-43b7-b552-4c476f540dba", "value": "12288:sVsZMXpB2k1+k/CL0BeqoBA+ZXplsNXgGB+We:cfXHx1+2lsA++NXgGUWe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833889", "to_ids": false, "type": "size-in-bytes", "uuid": "5f3c2dcc-f4d4-49c6-9a5e-6b3e97813810", "value": "439640" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833889", "to_ids": true, "type": "vhash", "uuid": "0c3e1ca6-1ebe-4a71-b22d-92a5077e98f0", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833889", "to_ids": true, "type": "filename", "uuid": "f71bf32f-7506-41ac-a2f0-9aaa1292af6f", "value": "GlodEagl_13.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833889", "to_ids": false, "type": "text", "uuid": "81fcf786-cc76-44ea-a420-aaa73e135a8e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833910", "uuid": "39c1ec6b-f422-4d31-a130-aeba742cbbf9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833910", "to_ids": true, "type": "md5", "uuid": "9e00e18a-3473-4a52-921e-db94c12b4591", "value": "afdff06f8d9924db57fa91a1e4abb5c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833910", "to_ids": true, "type": "sha1", "uuid": "b09e24ec-550e-4029-857a-7b91c9e7a7fc", "value": "75d4e604703a7458b44a17bbfee17ee525e1ae38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833910", "to_ids": true, "type": "sha256", "uuid": "fe27c5e9-637b-4ec7-9181-999a6508c91a", "value": "1235e2e9c301b8f30dca87beb15820738dc0409fe8a7d3f6e86345b9e1cf08cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833910", "to_ids": true, "type": "ssdeep", "uuid": "e1a21796-f41f-4393-ae75-d0a869d19860", "value": "49152:jMha8QU7TJjMIzU9gxPed3i8TXF2eShAMIH5L:jMhVQUZg/9gted3TTXfpxR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833910", "to_ids": false, "type": "size-in-bytes", "uuid": "cae0e1c3-9e42-48ad-b751-36c4e28fa45a", "value": "1808667" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833910", "to_ids": true, "type": "vhash", "uuid": "588e1440-1540-46d7-83a5-f32c48c19029", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833910", "to_ids": true, "type": "filename", "uuid": "87535d6e-1c30-4b94-a5bb-b6154ec0f87c", "value": "GlodEagl_01245.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833910", "to_ids": false, "type": "text", "uuid": "7443e336-8d44-402e-95cc-8928a001025d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833932", "uuid": "7c1658e9-5ef1-4297-baa0-53c8b63ecb0f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833932", "to_ids": true, "type": "md5", "uuid": "46ea26a1-06c2-4410-ae26-0c15640f0e5c", "value": "563e65ed13a9cf23e0adbe2661bfe2d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833932", "to_ids": true, "type": "sha1", "uuid": "001fc69d-332e-4f0f-8dac-ff2a93fa8dfb", "value": "cdcb8a77f40847f362ac70119e7177d38f8403d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833932", "to_ids": true, "type": "sha256", "uuid": "c3c054d5-a252-47f3-a839-b935936cd840", "value": "280b5da6a0086e0796b68ab10f4c2691720165c47c461a7302811ca3fe0ee351", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833931", "to_ids": true, "type": "ssdeep", "uuid": "37c23303-1065-401d-a46e-f576c6dcc448", "value": "12288:oc3/Vsgq9yscDPPn4AIEe1iwVVICmUttnt76:oc3W7yscLwAIEedIvUtt96" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833931", "to_ids": false, "type": "size-in-bytes", "uuid": "aa088284-9898-4222-85fe-c65dfda97b56", "value": "403749" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833931", "to_ids": true, "type": "vhash", "uuid": "ba9f852a-9469-49f1-8825-7f042d4e39a7", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833931", "to_ids": true, "type": "filename", "uuid": "38c5f620-4815-4262-9c7c-3206070e0125", "value": "GlodEagl_056.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833931", "to_ids": false, "type": "text", "uuid": "615688ac-1cd7-47b1-91c5-5f1cc55dda8c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833953", "uuid": "b8b3a5dd-b20d-486e-885a-81113b67f9eb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833953", "to_ids": true, "type": "md5", "uuid": "229c3172-8cdd-4ba1-b111-e95a2b1ca6af", "value": "e066b8e51d8dc9453ef6fa851a227863", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833953", "to_ids": true, "type": "sha1", "uuid": "932a77b0-5340-4908-b93b-c0e0008a075c", "value": "5b7be1ec39295ca49e3824492f15c3e22ffffc11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833953", "to_ids": true, "type": "sha256", "uuid": "ce590698-795a-449b-8328-c12d6cb49361", "value": "5ab8c1fef0f3936a18311ec04d957e2eec0cfdd751a181f2e5e086c6f3d5d2a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833953", "to_ids": true, "type": "ssdeep", "uuid": "1728b213-3d01-4319-85d9-d9d9b7a20430", "value": "49152:CrBvh/T+14HfWU6RSlE33dgNatElmw8IrzFFUyjWjt48tC3vba52g5Cd:yH/T+18WtSK3dgpdzbUyCxRUbaUg5w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833953", "to_ids": false, "type": "size-in-bytes", "uuid": "01ffd20b-0501-4994-ac62-e585de27d224", "value": "1812194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833953", "to_ids": true, "type": "vhash", "uuid": "6ad01c7b-0e9e-4cc4-b0cb-5cb7a9b5e333", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833953", "to_ids": true, "type": "filename", "uuid": "5ed774f8-4600-4498-991c-bf3d7430822b", "value": "GlodEagl_013456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833953", "to_ids": false, "type": "text", "uuid": "ed36720d-fd29-4f70-a2ee-7446d82fb1e3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:30/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833975", "uuid": "091f2b51-811a-4365-9141-d0acc8486a7e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833974", "to_ids": true, "type": "md5", "uuid": "c88aa86d-b222-4627-a9fe-7ee610d6c88c", "value": "f95e1345082db2cecf08d10bf71bb1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833975", "to_ids": true, "type": "sha1", "uuid": "90f0fc17-a5b5-4110-84a5-8586fb8f5849", "value": "8c80ae0f9651990348ad53d61d28637852ceb1a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833975", "to_ids": true, "type": "sha256", "uuid": "ff4370e4-cb1d-49b7-afae-cbdcc0a76ea0", "value": "2cdad30b1c4a03cb4004c599837e5399f407db7606413fd89286d633781f46fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833974", "to_ids": true, "type": "ssdeep", "uuid": "ab663d20-75dc-4eec-8ead-cbb51eec90e5", "value": "24576:IW9NCqEmQ8WNhrN8tu/eSSb6UQ8ibks6SkopvM1E/sEVXil6gp:IwtEZh7rNheSSb6UMd6YpviEkSM1p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833974", "to_ids": false, "type": "size-in-bytes", "uuid": "7ebb5b34-5028-47e3-863b-02b53dacecc9", "value": "993267" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833974", "to_ids": true, "type": "vhash", "uuid": "013b2c03-db00-48b0-971d-5cc93fdf986a", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833974", "to_ids": true, "type": "filename", "uuid": "2f0a2227-47b2-4716-8ede-57f801b5ab81", "value": "GlodEagl_0136.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833974", "to_ids": false, "type": "text", "uuid": "5250117b-c884-4463-ac8b-760f0477cf3c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740833996", "uuid": "6ce816cb-94b2-4533-a0da-a7ed5180668f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740833996", "to_ids": true, "type": "md5", "uuid": "a35df6cd-a126-43f0-ae62-439b3b4ae40c", "value": "5f0fda37d8489e96033e100f4b441097", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740833996", "to_ids": true, "type": "sha1", "uuid": "422285df-dd36-4cc5-b40d-ec4b7c19ebf5", "value": "140ea25b4ee305ae5116c5a58315747804fc44a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740833996", "to_ids": true, "type": "sha256", "uuid": "e112d6de-4074-48a1-aac2-bf9932b4d10e", "value": "7c0e8f8d5fb54756b9a372c35d5591c8224e5010cf20ff5ccbc607bfd04bb70c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740833995", "to_ids": true, "type": "ssdeep", "uuid": "c8b61fec-a51e-4d2f-b901-a485d8c410cc", "value": "12288:DDcwIBSKqCL2U7X0iSqahQYKrretmEQjRYlxP0dW:8nBSHCL2Uj0iXnmmJj8xsdW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740833995", "to_ids": false, "type": "size-in-bytes", "uuid": "705142b0-9aca-4586-b0e9-458b62dc96fc", "value": "428663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740833995", "to_ids": true, "type": "vhash", "uuid": "68c67700-f547-4384-b06f-ef9d33d007bb", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740833995", "to_ids": true, "type": "filename", "uuid": "3c1b26e4-cfd3-4835-9d5b-9988eb404c17", "value": "GlodEagl_125.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740833995", "to_ids": false, "type": "text", "uuid": "a4348a67-7f17-474f-a9f9-14511dcbe415", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834017", "uuid": "bcda6deb-5c0e-4c16-a788-2d895af73d7e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834017", "to_ids": true, "type": "md5", "uuid": "dddc777d-2409-4831-94fc-9fef7134e60c", "value": "dfff121adadd15f3f25b734241485105", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834017", "to_ids": true, "type": "sha1", "uuid": "40d7b99d-d14d-42f4-8afa-0e2ea56411d5", "value": "c33e347bd5d9481b8000486f91c52b5fc345b482", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834017", "to_ids": true, "type": "sha256", "uuid": "9c3df977-f722-4862-a234-cd06c38864ac", "value": "daeb9d14e37090d673c261e1311c3f9255caaf2699e3f91cc77f1aaf3a62ee1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834017", "to_ids": true, "type": "ssdeep", "uuid": "03fabb2d-c142-4c5d-9896-2827fce9da6f", "value": "24576:/hzL4WJrx4Xz9vFOwWVbjT/48YeHLoGWRUiVZo2CTg:/CMrx4PgXT/48YeH5WSirz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834017", "to_ids": false, "type": "size-in-bytes", "uuid": "3da7878f-a791-4258-b9e3-c975ae32fcf6", "value": "1101869" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834017", "to_ids": true, "type": "vhash", "uuid": "376a1991-0705-4e31-a820-523ec56424c9", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834017", "to_ids": true, "type": "filename", "uuid": "daa86260-87fa-4c4d-bb6b-73ac9717bd6c", "value": "GlodEagl_2345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834017", "to_ids": false, "type": "text", "uuid": "7206dc46-a6fe-4e71-b1f6-e6a040c3b823", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834039", "uuid": "ae6f888e-d37f-4b4d-8e88-5ea68d6976d0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834039", "to_ids": true, "type": "md5", "uuid": "6396c4b1-1b74-4b77-82a9-61ab15374b04", "value": "7703a132de2e9b0cdb59b332e5f38c29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834039", "to_ids": true, "type": "sha1", "uuid": "e453fead-81bd-4a07-8b49-5376e83e6456", "value": "4e13bebb1f0f18ec561ad745f0ddf4d028af319b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834039", "to_ids": true, "type": "sha256", "uuid": "f6c1b96e-ad1c-45d3-8e94-ad9b685f4dc2", "value": "20dd7eaadaeefa637c9b1d10c809fc40171e6cf7d6c35ef230d85112367d7da1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834039", "to_ids": true, "type": "ssdeep", "uuid": "a87d6acf-d9c3-4ad3-8218-affc8b70a524", "value": "24576:U1rFI6LwRlfuYtZYgnYbHRxb9KX71MJc13fTe2tkYl:MI5vNtCgnm0X71MJ8fL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834039", "to_ids": false, "type": "size-in-bytes", "uuid": "9fee4132-fd62-4fe3-9a17-e212fa1fc9c4", "value": "983540" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834039", "to_ids": true, "type": "vhash", "uuid": "a130d212-8314-405a-9e20-50309654bb06", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834039", "to_ids": true, "type": "filename", "uuid": "22c3366e-8295-4b6b-b92a-5672c0f8466c", "value": "GlodEagl_0135.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834039", "to_ids": false, "type": "text", "uuid": "5615b046-85c8-47be-8f18-720635cde9f4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834061", "uuid": "d3b0b9d2-cbf1-43ce-b460-d9746dffc704", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834061", "to_ids": true, "type": "md5", "uuid": "2b5cb623-4d41-4664-bfb6-d168b27d048a", "value": "845abff16d5314305b60d60bf10eb7f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834061", "to_ids": true, "type": "sha1", "uuid": "1b5efbfb-ff4f-4a7c-977d-1e9be1d5306c", "value": "3c1bafcdc14729db053cdbc59804521f1f14b061", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834061", "to_ids": true, "type": "sha256", "uuid": "a443d168-ef9f-4126-99ff-5c0ee36aa3cc", "value": "d26e11b1ce0ffaca9bfcc1f821e606555cd917411906d851f7188b745cc36c0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834060", "to_ids": true, "type": "ssdeep", "uuid": "ba2b67a9-08f6-42af-be96-2f79666c7d5b", "value": "12288:Hebuh3E8edtQ5ALzHLhkGFll8XLPi3ejPUyEs33D33U3Q7paItjGM7AyFAJS9V+l:aphLjqYll8XLmE7MhMXFAJSvRIsmUPUX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834060", "to_ids": false, "type": "size-in-bytes", "uuid": "d379df0e-e893-4af4-8f85-64f1f15626e0", "value": "983552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834060", "to_ids": true, "type": "vhash", "uuid": "e6b1bc73-8f2e-4de2-92a8-b84055048d42", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834060", "to_ids": true, "type": "filename", "uuid": "f03cc747-b055-4fd7-96e4-ce7c39d02046", "value": "GlodEagl_01235.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834060", "to_ids": false, "type": "text", "uuid": "514266bd-0dc9-435f-bb12-1d2454f47dd6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Skeeyah.A!rfn\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834082", "uuid": "daa5bd27-2479-4f0f-ab33-ef781ecd239a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834082", "to_ids": true, "type": "md5", "uuid": "46e997c6-3740-46c6-8788-f8cdc7569ab1", "value": "a8a02a0e99b9a4fa65772aceef40edf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834082", "to_ids": true, "type": "sha1", "uuid": "dbb4e75a-b83a-48d9-939f-12c51b843311", "value": "f9c152fc61b42f8d80f725fcb31cae18a4dd1975", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834082", "to_ids": true, "type": "sha256", "uuid": "762514ca-5b1b-4ceb-b248-153d19b16dfc", "value": "3c35f14d8c5978a13e4310a432c801d48ea5aed906c30eaab3cb9c6ac77bad11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834082", "to_ids": true, "type": "ssdeep", "uuid": "1fa20118-9284-4f85-a166-59f31acf3dfe", "value": "24576:5X0yxKQHliPd+NtUdi4VFPkt6olTfosQkmKejPFJ:Z9KkqUSdzQ6EfQkmKez" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834082", "to_ids": false, "type": "size-in-bytes", "uuid": "34d20a38-6f1b-48fa-a3b8-db6383a9c3c7", "value": "982966" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834082", "to_ids": true, "type": "vhash", "uuid": "c0db7941-f81d-4633-b495-c80731cdc227", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834082", "to_ids": true, "type": "filename", "uuid": "16fc7dd1-548d-4861-9ff7-b858301c43cb", "value": "GlodEagl_01356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834082", "to_ids": false, "type": "text", "uuid": "7366e50e-51a8-4b6b-9a34-dfdc946cf063", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834103", "uuid": "be796369-95fd-4b1f-a315-2b3e99343c26", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834103", "to_ids": true, "type": "md5", "uuid": "7badce25-df94-4aaa-a70c-0a6dbbcdcbe1", "value": "710a3984dc274e2d74742d56039bdac4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834103", "to_ids": true, "type": "sha1", "uuid": "ac714eca-df62-4df7-89f6-29eb0dd2ed99", "value": "76f44679f71c009951fe493a9e376b3dc73aa406", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834103", "to_ids": true, "type": "sha256", "uuid": "023d6fb3-18df-4072-a4eb-fb0f90db8169", "value": "55f4b7028bf5c0a84410e8077ad9818f3445abcc24e51bca12d0a01daff44188", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834103", "to_ids": true, "type": "ssdeep", "uuid": "bcd847ce-6210-4b58-accc-20ee31899bc0", "value": "6144:4gQtwxTQNFmkPRlfh524ilnmgY2F8T1CpmbtAqhCHJpD0ZoKIm4jCtzEi8H7:udfT/ilnDY+8T1CpmbA05b4jcRa7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834103", "to_ids": false, "type": "size-in-bytes", "uuid": "fbf3f64b-7138-4f35-9a31-2d9d43ab76fe", "value": "437968" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834103", "to_ids": true, "type": "vhash", "uuid": "96eafcbf-7391-48ce-be1e-b4d643f6691d", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834103", "to_ids": true, "type": "filename", "uuid": "f6363d28-9c80-4acb-8bd2-728dc8590e18", "value": "GlodEagl_126.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834103", "to_ids": false, "type": "text", "uuid": "c8dc37e1-fd05-41fc-ac97-e2bf8cdb5c97", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834125", "uuid": "6ccdb29c-b6c7-485b-aef2-48f6b806ee23", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834125", "to_ids": true, "type": "md5", "uuid": "06ed5e0c-e91c-4468-ac40-5aa0cb28e606", "value": "f0234318c5382b96d69acdfb1a72e03a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834125", "to_ids": true, "type": "sha1", "uuid": "b17aedcd-7475-4abb-966f-ce5d22d2012f", "value": "36e608ebd9fda913285654e0cb1a2b2e3ee34f2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834125", "to_ids": true, "type": "sha256", "uuid": "5a7e6b83-f1b1-4a07-8102-3788d748cc12", "value": "4f48ef8c48cf7a1fc7c672beff5a36d8ab7eab0f4ba3525fe37874842ac58b74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834124", "to_ids": true, "type": "ssdeep", "uuid": "0f01a69a-7f9d-4c91-810d-088ea1b107a1", "value": "24576:9J/moEpxejYU5tlAkaoh/ePsXMlv0Rpymhj0zfPr2oT:zSpAjYUtlAkazk8lAhjKP5T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834124", "to_ids": false, "type": "size-in-bytes", "uuid": "57732d83-3c2a-43b4-b893-f3901a7aa925", "value": "1106063" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834124", "to_ids": true, "type": "vhash", "uuid": "87271888-7c30-4de5-b193-ec84db329e55", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834124", "to_ids": true, "type": "filename", "uuid": "39c1dc00-3452-4cf9-96e3-84d32df9b045", "value": "GlodEagl_246.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834124", "to_ids": false, "type": "text", "uuid": "55ff5dbd-8004-4294-a563-ad1d98d84c93", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834146", "uuid": "b400dca3-9f80-4a03-923f-e6e829c29c2e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834146", "to_ids": true, "type": "md5", "uuid": "1a0bd119-fd1b-4755-a0c5-f6f70fa473a6", "value": "ca4a07a8efefc39507d8db277ad3c1bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834146", "to_ids": true, "type": "sha1", "uuid": "c68524f4-0816-4f78-946b-7949449778fc", "value": "4554333b1120758af86faec1143e4779be4d2636", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834146", "to_ids": true, "type": "sha256", "uuid": "02532ed9-e6c0-492a-a17d-46d376cb6c8f", "value": "6a8283c3218cb5cbe62f8c1c71ca18d7b01ce185ae3cec2fb8f84622f05c4aa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834146", "to_ids": true, "type": "ssdeep", "uuid": "3682dbee-67cb-4abd-a692-b6b11a07abbb", "value": "49152:qxelcXp49pTK/dUEG+rTmL27He4EH8BvxS3bE7ItL:Ceep4DOS4rTmizQcnaE8tL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834146", "to_ids": false, "type": "size-in-bytes", "uuid": "dc531421-7dbd-4e06-849c-1c9191d617c8", "value": "1803428" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834146", "to_ids": true, "type": "vhash", "uuid": "f95d9102-9647-4301-b8da-afc84f50a7bb", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834146", "to_ids": true, "type": "filename", "uuid": "9593b36b-9bc6-45a5-bc91-921920dd152c", "value": "GlodEagl_0145.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834146", "to_ids": false, "type": "text", "uuid": "a95f1078-0613-41b5-b961-0054e954bc29", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834168", "uuid": "5bccac82-3546-40b8-8e5f-51eeb2d5f420", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834167", "to_ids": true, "type": "md5", "uuid": "7334329c-7b3e-4213-9897-53e132796647", "value": "8428a3a82562ddc87dc104eaea158386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834167", "to_ids": true, "type": "sha1", "uuid": "1c39856a-636c-45a7-aca0-b275d9ee5574", "value": "446082c7a6eb1ef6d5bd555f9ba2f7bf6fe8616e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834168", "to_ids": true, "type": "sha256", "uuid": "e2e949b4-0e0d-49ed-b989-de773cfdb407", "value": "39cca97aade7bd62d8f30fb4c5f642fed7a572b622dc0ad2d2efdd593a00b670", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834167", "to_ids": true, "type": "ssdeep", "uuid": "b463012d-7cda-4f24-a075-c945c9da29f3", "value": "6144:R4Eaba48eTHvf1SHc4gE0Jq8z4qd1svFMcI76YJt1cRwXo:RQ7fJ4gEqivFQ7PYWo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834167", "to_ids": false, "type": "size-in-bytes", "uuid": "d70a228a-131f-4730-8d60-a1c8477d989b", "value": "294194" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834167", "to_ids": true, "type": "vhash", "uuid": "5ee4b3be-cc33-44dd-936e-aa7e36800df5", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834167", "to_ids": true, "type": "filename", "uuid": "d3a927f0-e1f1-495a-a6cd-78a794a1efca", "value": "GlodEagl_23.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834167", "to_ids": false, "type": "text", "uuid": "6047093c-b885-4bf3-9cfe-d7dcecd055d1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834189", "uuid": "b7d954fb-fd48-4d7e-bb85-07b40ee6fbec", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834189", "to_ids": true, "type": "md5", "uuid": "fe8f870b-eff6-4b80-89e0-0b0e26aea960", "value": "f2ad38c05d18be77023626167390351c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834189", "to_ids": true, "type": "sha1", "uuid": "65cb1606-5b5e-40df-bbb0-a133011bfdd5", "value": "8f96a863a04470aba169a3940fb71de57897e49b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834189", "to_ids": true, "type": "sha256", "uuid": "27be55e6-2e0f-4ed3-a5eb-bd4b44ca7d57", "value": "9b2d005af7f743c4fac75ba084745cb16bad1bcf0b53259bc51404c0b7eab2b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834189", "to_ids": true, "type": "ssdeep", "uuid": "fbd4b2fa-504c-404d-9cae-693914ac27f7", "value": "49152:83LByDfTI8ryB8gxIx+v6FM9Ns5l0RR7JS1i5zMrmS/R6qywSILxudqEqqAO3:83LByDf3ryDIxq6iNiISMzLoLoTAK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834189", "to_ids": false, "type": "size-in-bytes", "uuid": "e3fa0b77-4e42-4d9d-b0d3-fe7d91549ae7", "value": "1813992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834189", "to_ids": true, "type": "vhash", "uuid": "5f747aac-a8d8-43d8-8868-2b89ee0f87c3", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834189", "to_ids": true, "type": "filename", "uuid": "88998d87-f455-4d81-a469-b79687597756", "value": "GlodEagl_0123456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834189", "to_ids": false, "type": "text", "uuid": "9d7375a4-0872-4e58-94f3-ff9a8fd736d5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834210", "uuid": "fe252cd1-336f-444f-9b82-6bbbb4ff5447", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834210", "to_ids": true, "type": "md5", "uuid": "c85d3bd3-37df-4610-81a4-95258b6b59b7", "value": "b60b5ac8ea5a9e30e8a5776d8688bf8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834210", "to_ids": true, "type": "sha1", "uuid": "3d0eb9b3-15d5-42ef-b195-67979320a049", "value": "87cafbcbebdc328ca6ddddf776c553c520eaf5d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834210", "to_ids": true, "type": "sha256", "uuid": "ca0e2be0-2873-45a4-8c24-c0b18ed53ee1", "value": "165a545998031d8a363bfb14a367724f59d2797c96fdc09cc6e8b504075b112b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834210", "to_ids": true, "type": "ssdeep", "uuid": "d36bf613-11b2-4606-90e5-b793e3156170", "value": "24576:qctu5+0NQhuaysf/dOTGxfvFZuSzww8tg4lH+C:/Uc0NQJfFOaxFZMtfHr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834210", "to_ids": false, "type": "size-in-bytes", "uuid": "9762ebfc-4042-416a-b54d-d2d915bf1f1e", "value": "1246963" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834210", "to_ids": true, "type": "vhash", "uuid": "7bfa019a-4b52-45e5-9e9d-697835e9c969", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834210", "to_ids": true, "type": "filename", "uuid": "69da392b-547a-4c4d-a2a1-7e3633bfb015", "value": "GlodEagl_12456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834210", "to_ids": false, "type": "text", "uuid": "ed84e117-4469-408c-8d5e-290019c86db3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834232", "uuid": "29a35f76-1b1d-4806-ab41-8cb69b46765f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834231", "to_ids": true, "type": "md5", "uuid": "3b14f343-e3d7-401b-8062-292ffd55353b", "value": "70fc66576b1ede2fb4eabcb64d6bd928", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834232", "to_ids": true, "type": "sha1", "uuid": "6e7e9bf8-d7ed-4044-ab62-23f4b47318bf", "value": "ca8857cc834dc7557a1c37ae3866e906725f4fed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834232", "to_ids": true, "type": "sha256", "uuid": "f4cd7597-e1bc-45ce-8e11-0c309a50df59", "value": "4f06966ad02b17838892830409699f60cedb027d4bd5434c287a598ae184187b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834231", "to_ids": true, "type": "ssdeep", "uuid": "05752ee6-ecbe-4d98-b099-07964dd1d1b6", "value": "24576:HRKS8n2mX2+u3rL6wfGbl28VtBidtc65y7s7ktf+rCB1zuXvfKW:R8n2mX2+u7Lybk8vKz5B7kZuAhHW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834231", "to_ids": false, "type": "size-in-bytes", "uuid": "b194cae4-459f-4195-add2-a5edb01d0ab2", "value": "1256724" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834231", "to_ids": true, "type": "vhash", "uuid": "f0cfcd14-8a12-4c76-b934-08786ca0c19f", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834231", "to_ids": true, "type": "filename", "uuid": "d6ee95bc-6d08-4fe7-a44f-b490310d8519", "value": "GlodEagl_124.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834231", "to_ids": false, "type": "text", "uuid": "cd80f2ea-6378-4e4f-8a80-21cbb1578cf8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834253", "uuid": "01fe0a1e-f364-450a-8f8d-9ef123592f29", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834253", "to_ids": true, "type": "md5", "uuid": "e5e0f486-d6f1-4d51-934a-fbbc2c24ab79", "value": "08cad9d2890cffb2e025cbecf2ca4d45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834253", "to_ids": true, "type": "sha1", "uuid": "07b753bc-f044-4f9b-a9dc-b13506f4f2a1", "value": "0dd5c47a85bbc25c6dff7443ee96ebf9723e3cdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834253", "to_ids": true, "type": "sha256", "uuid": "a4cebf5d-3dc3-41f3-93b9-8dc65bfeb983", "value": "f343dc4d2adc90cbac85243e66cf1da5ccbd2a7d77f8694dc1ee6d13c346b51e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834253", "to_ids": true, "type": "ssdeep", "uuid": "3eb02715-0721-462b-aa23-025fdbdf56a9", "value": "12288:GnOresYxycUCkeVAM9XWIHrT2y1HwpbbDilrGMS3M/m1cT:zresYoIkeVA8X3/HwWGt3yGcT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834253", "to_ids": false, "type": "size-in-bytes", "uuid": "176f3bd6-213a-46e7-abef-fdd4168950fb", "value": "440727" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834253", "to_ids": true, "type": "vhash", "uuid": "85661780-53db-4a0a-ae8b-b35545569a0b", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834253", "to_ids": true, "type": "filename", "uuid": "82ed93ad-17c8-406d-b457-61214007ba57", "value": "GlodEagl_123.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834253", "to_ids": false, "type": "text", "uuid": "2bce93f1-9db7-4685-a85f-3cc75b152985", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834275", "uuid": "617333dd-a339-49f1-b9ce-7a8709e0bd83", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834274", "to_ids": true, "type": "md5", "uuid": "76e2eb7e-618d-4908-850f-fd1e1e9377a9", "value": "8df411c7a7267826d14418eb76728f7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834275", "to_ids": true, "type": "sha1", "uuid": "793c1c80-cb83-4a3a-9281-d2cd3b27c6ae", "value": "5bab802ab6eb70b86f2e436e40ce83df051ffabc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834275", "to_ids": true, "type": "sha256", "uuid": "fd1180c1-46d0-40c4-899f-ad374b68411b", "value": "fc6db862de2dd3055aa59a799f8d64e356e41efa7d594c7c7c99de331414a55e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834274", "to_ids": true, "type": "ssdeep", "uuid": "46579a14-b475-4164-b683-ad15316ac324", "value": "6144:jgt0iNIRs0C3BbiEHjipORuO7u9ay6QR0aZSUOasDq5K/sRxTeJu7497gdjlnfMl:jgtgs+OTDu9Ug0ISaDiw8CHfMYbAlCA7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834274", "to_ids": false, "type": "size-in-bytes", "uuid": "64222fab-d7f4-47e0-90bd-8f32ee1c44af", "value": "428410" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834274", "to_ids": true, "type": "vhash", "uuid": "636eb34c-af32-4949-b491-740f8c6721a5", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834274", "to_ids": true, "type": "filename", "uuid": "85abf1ff-ce6d-4427-b4de-b760df2d7e35", "value": "GlodEagl_1256.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834274", "to_ids": false, "type": "text", "uuid": "e27a6987-b2aa-40fd-9d61-ac3e26739df0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834296", "uuid": "65808d7a-2c89-4c69-ae4d-8293304fc9e0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834296", "to_ids": true, "type": "md5", "uuid": "00cc2448-6253-4367-8c0d-9cc3e986eaa5", "value": "fb5508ac3b2b6ef9d07242a45b8e47cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834296", "to_ids": true, "type": "sha1", "uuid": "bcafb776-e108-41e2-a65a-4dce6e3a9743", "value": "cc8eb55f4887e12752b33d011f53244506823c8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834296", "to_ids": true, "type": "sha256", "uuid": "6fdb5a83-c6dd-4c82-9857-d548fc15513b", "value": "63f11e0c95e2aae24bb139c53f54fbb5e54d147f0df54e79ea6d1919bdf8dc48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834296", "to_ids": true, "type": "ssdeep", "uuid": "7764067a-921b-4884-a5e6-52a8ed4dd7cd", "value": "24576:qeNAafa3Arzz7OGjnIXbL1YmWwpEC6qcPPoc5G1jzaeCeZ6wAv:qeuafhrHpmaqpECKwcQU5eZbY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834296", "to_ids": false, "type": "size-in-bytes", "uuid": "06a92c93-7ce2-4241-abc8-6c0e65f39b39", "value": "1248893" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834296", "to_ids": true, "type": "vhash", "uuid": "6ac0bc52-f5d0-4e0c-a1d4-da72109bb9ca", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834296", "to_ids": true, "type": "filename", "uuid": "0b491f00-387d-46a8-bff7-b347c8e1f4ac", "value": "GlodEagl_13456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834296", "to_ids": false, "type": "text", "uuid": "af587282-9c04-4698-ac16-3639d6e361b4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834317", "uuid": "91309f37-08d0-4ceb-90c7-a92ed5991202", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834317", "to_ids": true, "type": "md5", "uuid": "b86e8cd2-424c-49b6-95d3-71a5b0f1f3d1", "value": "79e367e92e17d53d9104368ba9e3e202", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834317", "to_ids": true, "type": "sha1", "uuid": "09b57fa7-1cbb-48da-8db2-70a458e90514", "value": "93fd86932eda177e1e05ce7aa84e5e7568fe97de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834317", "to_ids": true, "type": "sha256", "uuid": "3a8dacae-710e-410c-9c98-83753fb32065", "value": "ae0d70cd538139966f202ae023640ce7ef4554d07a2fd857a919c97c3716e726", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834317", "to_ids": true, "type": "ssdeep", "uuid": "4c8789cb-aa2a-43f3-bdd1-c148fa4dca79", "value": "12288:d/VMogrfICJT6Id/3y/DccnjCPfCq59cYf9:/gTICJTDq/AQ5JYf9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834317", "to_ids": false, "type": "size-in-bytes", "uuid": "d5782dfe-258d-4af5-a0b8-93c6595bbd0e", "value": "435492" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834317", "to_ids": true, "type": "vhash", "uuid": "1805ed8f-8696-4186-9302-171f1d8b45d9", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834317", "to_ids": true, "type": "filename", "uuid": "031c467d-17f4-4f88-9505-fe244ff42720", "value": "GlodEagl_1.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834317", "to_ids": false, "type": "text", "uuid": "105670a6-38e9-4772-bd9d-add7fc4f629f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Occamy.CAE\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834339", "uuid": "50659c51-7241-4576-961a-675ff96038dd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834338", "to_ids": true, "type": "md5", "uuid": "fca062d5-9239-49f7-9b3e-829ac3f22e84", "value": "ca9c591f10cfe3e21a4698d3cfdcc6a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834339", "to_ids": true, "type": "sha1", "uuid": "dc9fe49d-e166-4881-9509-a35918c66cde", "value": "8427c127162f055be1015822cde51d3e674492a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834339", "to_ids": true, "type": "sha256", "uuid": "387ace67-c399-4dd3-abfc-64d88d0ee0ec", "value": "00e9529c895a6d60ac7c2ce8462b0b5f73ae77af250bed0b7ef40d7933185261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834338", "to_ids": true, "type": "ssdeep", "uuid": "bf0e6138-5b95-4799-9416-6134932a5035", "value": "12288:23p5hWSQf5pnR8vFlf9KMkOWqH1q4UUKs:ohU5pnR8vFl1BkfqHpFKs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834338", "to_ids": false, "type": "size-in-bytes", "uuid": "f7f39399-5a6e-49bb-99c9-0388450a4fd6", "value": "438268" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834338", "to_ids": true, "type": "vhash", "uuid": "4119d0ba-565b-484a-bb71-5bc331e32d8c", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834338", "to_ids": true, "type": "filename", "uuid": "54e3af82-195f-48e3-9512-fd9a106852e8", "value": "GlodEagl_12.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834338", "to_ids": false, "type": "text", "uuid": "76bad061-6604-4914-b3ee-f4d2db357506", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834360", "uuid": "8aaca2b9-19cb-4206-bef1-f725e7c6d6a8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834360", "to_ids": true, "type": "md5", "uuid": "074db791-4b1a-40de-a170-adaf861b8e88", "value": "3c95de054b64da7e4035d88ee1aff6b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834360", "to_ids": true, "type": "sha1", "uuid": "57134872-e668-4b9e-a494-0d2dacbf5cae", "value": "99314c4705f7da18f8eba4f29cd45497828dc820", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834360", "to_ids": true, "type": "sha256", "uuid": "a936f5a7-3339-4c42-9040-7efb5cb49e57", "value": "e6d731b31b7ae24bb92a7a51494bdc554d8e67412a55445ec64bb7d0686c9d5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834359", "to_ids": true, "type": "ssdeep", "uuid": "1a87cb33-8e9f-43a2-b12f-fdf1ef941d08", "value": "24576:hyHKSXACuNIyfqzRWdJfMSdf6TqtapYTFqvodueoS:8qbCuNlqzRWdJ0Wf6GApY90eV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834359", "to_ids": false, "type": "size-in-bytes", "uuid": "c031de95-b81e-411a-bc4c-9195d1dc957c", "value": "1098576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834359", "to_ids": true, "type": "vhash", "uuid": "c345a795-869d-4d0e-98ea-568c0fe57697", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834359", "to_ids": true, "type": "filename", "uuid": "0c462127-54b5-4d6d-83d2-74a43a4fc05d", "value": "GlodEagl_3456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834359", "to_ids": false, "type": "text", "uuid": "aac13de9-5919-454e-b7f5-53b6ff155683", "value": "GoldenEagle\r\nType Description: ZIP\n\nMicrosoft: None\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834381", "uuid": "4d06912f-5c2f-41ac-a1ca-127adece69e2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834381", "to_ids": true, "type": "md5", "uuid": "db51d077-0b36-45b3-9c27-e264fbcdd3a4", "value": "e4ee10c0b7e36929b1c635641f0b4819", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834381", "to_ids": true, "type": "sha1", "uuid": "6de5c90f-6992-4ec3-835f-4c529af7e7b7", "value": "58a04b1eacd8bcfc33569f444927a745a5bca69a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834381", "to_ids": true, "type": "sha256", "uuid": "0f7180df-a76a-47c7-a3f2-15a2a354d15d", "value": "3239daf307cb3d5f72aa3c587df393d649c21f76a8add2c8ce2a78aad6dd1e42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834381", "to_ids": true, "type": "ssdeep", "uuid": "a043407d-1e47-4c3c-b024-b26f286f885d", "value": "24576:ehzL4WJrx4Xz9vFOwWVbjT/48YeHLoGWRUiVZo2CTj:eCMrx4PgXT/48YeH5WSiro" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834381", "to_ids": false, "type": "size-in-bytes", "uuid": "08cb0f42-1484-4fdd-ac3d-2f61c674e270", "value": "1101557" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834381", "to_ids": true, "type": "vhash", "uuid": "b26cd8f5-9cf9-4736-96db-568f74224895", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834381", "to_ids": true, "type": "filename", "uuid": "b7d071a9-a52c-40d9-bbd0-eaeb862e6ff5", "value": "GlodEagl_23456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834381", "to_ids": false, "type": "text", "uuid": "e10a7b67-5bce-4a83-bdd0-bfd8a35c4805", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834403", "uuid": "f6838bcc-c129-4062-b5f7-fde59bdc9448", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834402", "to_ids": true, "type": "md5", "uuid": "39266bd8-bc42-4e6a-813d-376d1de655ee", "value": "cf3e68e488256da8bfdd51efcc70cd7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834403", "to_ids": true, "type": "sha1", "uuid": "aef7ad9f-57a3-46d5-ba7d-51c7e02dc842", "value": "447e3ecd17c1b5ceeb47c0ce7124efb42bd6acee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834403", "to_ids": true, "type": "sha256", "uuid": "49c20501-1563-4f5e-93b2-2ab9aef6ce79", "value": "ecfb81fe6e33126b6808e5b5f9b0a514f410e0fa037de9b0e2f43cd1fecc505b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834402", "to_ids": true, "type": "ssdeep", "uuid": "5097dd5e-bdbc-4a84-a19e-fb0437c41372", "value": "24576:PJ/moEpxejYU5tlAkaoh/ePsXMlv0Rpymhj0zfPr2v:xSpAjYUtlAkazk8lAhjKPu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834402", "to_ids": false, "type": "size-in-bytes", "uuid": "8439511d-a8fd-47cd-a565-be3ec30ca0f2", "value": "1096768" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834402", "to_ids": true, "type": "vhash", "uuid": "c18e4093-de2e-4860-ac3c-336de178845d", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834402", "to_ids": true, "type": "filename", "uuid": "86be8b7c-f444-45ac-9de4-a8718cd50b59", "value": "GlodEagl_245.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834402", "to_ids": false, "type": "text", "uuid": "08ef34f6-3c56-42a1-9ba8-1c9a6930472f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834424", "uuid": "3fed31b2-cfd9-4b93-b9b2-6d53be566c78", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834424", "to_ids": true, "type": "md5", "uuid": "cb959c78-141e-433a-9439-8983f07a06b4", "value": "64563e70947d5d41b1eabfa0c61f2b2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834424", "to_ids": true, "type": "sha1", "uuid": "18ceeac9-6840-46f7-aa76-b58efb92b024", "value": "80b8e3684d761fe990fde8276adbb694ad4bb499", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834424", "to_ids": true, "type": "sha256", "uuid": "f7d76db6-0933-47b3-80ed-08e9124e6d3b", "value": "49e08adae0b31b1f4fbd5d35f15f78ee14c0966d86df8e69a4b21c9c0cfdc35e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834423", "to_ids": true, "type": "ssdeep", "uuid": "a9e547c9-87e8-4fd9-b9ce-76c630089055", "value": "24576:9J/moEpxejYU5tlAkaoh/ePsXMlv0Rpymhj0zfPr2u:zSpAjYUtlAkazk8lAhjKPP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834423", "to_ids": false, "type": "size-in-bytes", "uuid": "010647a9-2385-4967-941e-cf4b31fa5d1c", "value": "1096454" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834423", "to_ids": true, "type": "vhash", "uuid": "7b179d95-be9e-415a-8562-ed47c5d4abf0", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834424", "to_ids": true, "type": "filename", "uuid": "29cfcd38-c92b-4f15-8b61-2804e889e184", "value": "GlodEagl_2456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834424", "to_ids": false, "type": "text", "uuid": "86defa08-3898-4f85-acda-1223814f0829", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834445", "uuid": "f089ecb7-9faa-4237-86b0-c30c80b288a3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834445", "to_ids": true, "type": "md5", "uuid": "7c7901d7-3614-4bef-b30a-7a85461d0cde", "value": "ed6e434b3f3d1e53f7df95efe70a8be3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834445", "to_ids": true, "type": "sha1", "uuid": "b7c384e2-3020-49eb-ae12-831ec80af1fa", "value": "e5a9ee25b6628a9e9bc326f812dee5b95c38fb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834445", "to_ids": true, "type": "sha256", "uuid": "0e7fb543-a429-4da4-8cc8-6c2c50cfd705", "value": "554150dc6cdfefb55a9ec9a08d10a2e6f5ef2c0aa64ee96ce54a0be236ffd465", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834445", "to_ids": true, "type": "ssdeep", "uuid": "37314af3-c975-4003-ada4-d62379d8ba2c", "value": "12288:h112zbEOw6CVD2a0ydMSQZ3XOUki4ccEiGUbNyk3:h11GZQR0ydk+zi4ccEiSk3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834445", "to_ids": false, "type": "size-in-bytes", "uuid": "9f5ede5a-d952-484f-b9fb-00b3bad66873", "value": "440248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834445", "to_ids": true, "type": "vhash", "uuid": "e64d077a-eb2b-43aa-8764-fc81a40d21e7", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834445", "to_ids": true, "type": "filename", "uuid": "4f73818e-1406-42f4-a517-67db37e633b9", "value": "GlodEagl_1236.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834445", "to_ids": false, "type": "text", "uuid": "ae7d195e-944d-4fdd-903e-1199780e1eba", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834467", "uuid": "46646ab0-5dbc-4b93-b5e2-8c9fce796353", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834466", "to_ids": true, "type": "md5", "uuid": "d7d9d1a7-45b3-426a-8d14-c153f6245f1f", "value": "077659203a19465c3c609f35c52ca621", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834467", "to_ids": true, "type": "sha1", "uuid": "06a27ebc-b540-4d73-b9fc-6f7378e55cf6", "value": "3cd74daa24ae45697cda79fbf1a4c497c09401b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834467", "to_ids": true, "type": "sha256", "uuid": "d541f7ed-ed56-4fba-8cf0-cc1f0cfa7a82", "value": "13e6d47fb95c16b3d92b35a43d70a6d80d78074bb80ede32ee408c19885a51c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834466", "to_ids": true, "type": "ssdeep", "uuid": "fb7d9860-baac-43f9-9c52-e9b8941a555a", "value": "49152:KqcrdeVpnsxb95bi8cvjzg6jJYBV6/rTgv2v:sr+ns19w8cvz8STeo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834466", "to_ids": false, "type": "size-in-bytes", "uuid": "91cfbeb7-86e7-4a5e-a44a-d1b20b7112f1", "value": "1823701" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834466", "to_ids": true, "type": "vhash", "uuid": "e72db847-0c3f-4ed7-88d9-2717cba42b71", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834466", "to_ids": true, "type": "filename", "uuid": "95a70af6-1604-40e5-8ea4-b75b886055d4", "value": "GlodEagl_012346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834466", "to_ids": false, "type": "text", "uuid": "f4337711-7f65-452a-beb2-a654df0750bc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834488", "uuid": "83a3a422-930e-4fa2-aa74-f5b50b21b095", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834488", "to_ids": true, "type": "md5", "uuid": "ad40cf9e-4e42-4380-bbac-bdb52a81c28d", "value": "6d1a7c60b79c73eea4b5d35daf009501", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834488", "to_ids": true, "type": "sha1", "uuid": "ab22390d-3177-4d8b-94c2-58318a100385", "value": "7dafa6834d420e890bd2ff24a9580c475382baa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834488", "to_ids": true, "type": "sha256", "uuid": "f42ec273-c40d-4236-b54e-4d2f0a42361f", "value": "c581bc3cfe6fa3c39b59109f5aedf908a1ce7e8098f64f34177ed78ec31ad323", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834488", "to_ids": true, "type": "ssdeep", "uuid": "893bbfdd-1b9a-47c6-a53d-da8a07033274", "value": "24576:f0Gqa2VshsOz3TYf1hJfscSzpQs414fqXsR/U5QMgQzagh3BuzpryDnuu:sGoVIs4Y1Lg9rW4f2sRegM/xkGDuu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834488", "to_ids": false, "type": "size-in-bytes", "uuid": "e0ed6d7e-2663-4e70-9f84-736b5d2a8f7c", "value": "1261787" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834488", "to_ids": true, "type": "vhash", "uuid": "14c93ba5-f870-4939-80f9-ba021507b58f", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834488", "to_ids": true, "type": "filename", "uuid": "f9a2a7df-a5ca-436b-84a4-2a6c5f1632f1", "value": "GlodEagl_1234.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834488", "to_ids": false, "type": "text", "uuid": "d14dab6a-0335-4310-945d-3564e03294a5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834509", "uuid": "bb327078-10e2-46fd-998b-1269adff5929", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834509", "to_ids": true, "type": "md5", "uuid": "3f47c893-555c-4bd2-8b3e-98b0a1b9b2ca", "value": "ff5bfb7cfecb56a954107bf6707dfdcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834509", "to_ids": true, "type": "sha1", "uuid": "26b2d833-5cf1-42fb-965f-49acea5b0b63", "value": "8b8b77e0ecfd1bbfe73c3d37f0185c7640527767", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834509", "to_ids": true, "type": "sha256", "uuid": "5285dbf8-8939-47ac-81c3-1b9d9c1ed767", "value": "8ce4421bcf5b74c38422dc6d54fb78f99c250f72a2275f06be6e4b9918c23df6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834509", "to_ids": true, "type": "ssdeep", "uuid": "046ef1fd-e297-4cec-9154-5c7e65cfc497", "value": "24576:xQDkzvR8XlelFWsu/lV0eBwb7VLOHtm6aBHhFqKJFjRyIB:ikjaXMRyX67BONm6U2KJpRBB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834509", "to_ids": false, "type": "size-in-bytes", "uuid": "16533baa-cb2f-490e-bddf-592735fa5eeb", "value": "1102644" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834509", "to_ids": true, "type": "vhash", "uuid": "8245db74-1519-4598-ad5e-17a0bad694bf", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834509", "to_ids": true, "type": "filename", "uuid": "1cced488-da45-445b-ab0a-7c1938fe9104", "value": "GlodEagl_4.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834509", "to_ids": false, "type": "text", "uuid": "5c02f751-c0c5-40ca-aae3-d23167a42207", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834531", "uuid": "66279eb1-0914-4271-b93a-c966ffa74df1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834530", "to_ids": true, "type": "md5", "uuid": "3c477248-8013-4c5a-9e07-e9e05ccd8801", "value": "49aa41bb3f5c7b0c6e7128920d3b1ac1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834531", "to_ids": true, "type": "sha1", "uuid": "b00a3c5a-d494-48e6-8f4a-9163f994e816", "value": "a4d0ead47e56fb3fc6dbdd9861de8a7f0c414c1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834531", "to_ids": true, "type": "sha256", "uuid": "10122e95-f59f-4a67-8eb5-25dfcb317778", "value": "d33c2f82cd0ff0e8476366d23d7e486a4b56165f115d4648a2cefc60629ce866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834530", "to_ids": true, "type": "ssdeep", "uuid": "5b3195ce-bb65-4132-b975-1c78c2b4acfc", "value": "12288:59Ex5Ba0yJ/tbOkhmc1wyJFlumCZ39VJCs:Twtkb1wyJzk393Cs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834530", "to_ids": false, "type": "size-in-bytes", "uuid": "6b945bd3-5416-42af-9738-50c9fa413dd6", "value": "417979" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834530", "to_ids": true, "type": "vhash", "uuid": "56f2cc71-d114-47c2-ac84-cc20b0f1af57", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834530", "to_ids": true, "type": "filename", "uuid": "7ee67206-ae81-48a2-b51a-f02b4cd9d7b2", "value": "GlodEagl_02.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834530", "to_ids": false, "type": "text", "uuid": "1ba26ae2-799c-47c0-bc3e-3aabd8f8d69f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834552", "uuid": "c653f8cb-58ec-48b2-a1e2-f78d5cf1f086", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834552", "to_ids": true, "type": "md5", "uuid": "bb076ff1-0c76-4f63-abd2-f6897cc9141a", "value": "6ed8d7423f1cd35f429498e4060b8e66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834552", "to_ids": true, "type": "sha1", "uuid": "8091f44b-4bde-4fd2-8030-381a893928a8", "value": "42b205cacb746610fe1ca2637c45ef395d97e418", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834552", "to_ids": true, "type": "sha256", "uuid": "31c63da8-6f2c-4e7d-8eb8-f12003474659", "value": "dcff268d6045b1a054c2f889aff27908152bc267b991d35b6ab2f3fad3be1649", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834552", "to_ids": true, "type": "ssdeep", "uuid": "f6efef76-eee3-4b70-8c79-04d6cf07a891", "value": "24576:p+qrQ916c/UPkGT2KNrLoQhVeuxGtq2pVQLsRc8JxDMCfwR5a2WhhUPN0pEJ9:IqcV82orLRhVurpGac8bDfwXaL0N0pw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834552", "to_ids": false, "type": "size-in-bytes", "uuid": "591b48ab-ac7d-4e71-b88e-d5cc2dff5dcc", "value": "1814034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834552", "to_ids": true, "type": "vhash", "uuid": "8fadeffe-08a1-4872-9f87-168bbeec3b05", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834552", "to_ids": true, "type": "filename", "uuid": "1e3234e6-31e8-4b97-828d-71c1fea6021b", "value": "GlodEagl_012345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834552", "to_ids": false, "type": "text", "uuid": "13dc70ad-f746-45eb-8b5d-0a55b7ecab59", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834574", "uuid": "9ba6708a-582b-433c-b702-70bdea36acb6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834573", "to_ids": true, "type": "md5", "uuid": "0939c70d-f4f8-4d90-b564-691d8bd135df", "value": "96a19a9b4439a9b4b73629538439581b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834573", "to_ids": true, "type": "sha1", "uuid": "19f7e60f-0b66-473e-87bb-f7428ff591bf", "value": "4e76471a20efe5617d99d26a80affd51c1af7433", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834574", "to_ids": true, "type": "sha256", "uuid": "46f84d36-10d1-46e6-b3ce-bb63e05a0ad2", "value": "90320e70f93d664b1ed0dac808c038b0d629062405b0a6ed051171516002fe97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834573", "to_ids": true, "type": "ssdeep", "uuid": "ffb361cb-58c8-4e07-a6a3-74ff8385aaef", "value": "12288:hHCcNVTp+T1NrRqrQqrQIuVIqGIi7oCeLv0KR:VDVToHIrHXuSqcUCk0KR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834573", "to_ids": false, "type": "size-in-bytes", "uuid": "3d320f53-3362-42fb-a989-74faf67ef09b", "value": "425997" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834573", "to_ids": true, "type": "vhash", "uuid": "a2c9ee41-e800-4639-ad2b-93f69b245e7b", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834573", "to_ids": true, "type": "filename", "uuid": "438766a0-bb4b-4f8a-8d79-243c31f330cd", "value": "GlodEagl_15.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834573", "to_ids": false, "type": "text", "uuid": "aeb1513b-c4e5-4051-8c36-1700a2d46d0d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834595", "uuid": "6e3f8461-d615-4007-b933-7d1e032b46b0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834595", "to_ids": true, "type": "md5", "uuid": "77169ac9-3af8-40b7-be36-1e924313c1cf", "value": "ccce3a41690f44b4e91dc02246adfc97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834595", "to_ids": true, "type": "sha1", "uuid": "f0de7489-111e-46b0-afba-2cbca4294d14", "value": "772210206b767a8fedee1bdf2c4aaa055e36f421", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834595", "to_ids": true, "type": "sha256", "uuid": "283b7e2a-f00a-41a9-b07a-0fa76b894c7a", "value": "0522c94664a68cb9aeb5d7f034964d39288ef4ed2bb65796cf9115f9eee431fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834594", "to_ids": true, "type": "ssdeep", "uuid": "23fdea0b-5ded-428f-8bd7-9a1bcb0b8268", "value": "24576:nKGX050CUrQ0y1EC22mwUCu+h0jX5tM6aBAkK6Ik/tZ98rnl89cp2:nKc050S1E2mwRu+haX5tMV31FvwycI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834594", "to_ids": false, "type": "size-in-bytes", "uuid": "943ff6f5-0b48-4a03-a5e1-171bbf255399", "value": "1243260" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834594", "to_ids": true, "type": "vhash", "uuid": "a3b6a2da-c19f-40ed-a7e6-1de252934143", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834594", "to_ids": true, "type": "filename", "uuid": "de6450c0-09c3-4b15-a9a1-81ada8126ff0", "value": "GlodEagl_145.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834594", "to_ids": false, "type": "text", "uuid": "1de7623a-2050-4a35-8594-e4459c696b60", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834617", "uuid": "957bd972-9ce1-4b8a-847f-4341580b767a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834616", "to_ids": true, "type": "md5", "uuid": "e2fa0ea2-4bfe-4191-94af-b6baa58e6bae", "value": "a2167baaa769270a155f9a8512ed39ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834616", "to_ids": true, "type": "sha1", "uuid": "7a9eeae4-3757-411c-bfeb-d8745c1e0ba3", "value": "3f0a84cf01b45d57c30fc4476bc4b31abe761c10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834617", "to_ids": true, "type": "sha256", "uuid": "030e5b8a-3cec-4ffa-9169-9561021c66dd", "value": "ae32daa5e42462f6ae48aed0213aae94bc47ecd5b70672aecfc33f43ba509016", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834616", "to_ids": true, "type": "ssdeep", "uuid": "3a85e1d4-4a88-4df4-8af2-e29e1f66210a", "value": "12288:Kc3/Vsgq9yscDPPn4AIEe1iwVVICmUttnt7IC:Kc3W7yscLwAIEedIvUtt9IC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834616", "to_ids": false, "type": "size-in-bytes", "uuid": "f29e9bea-1f27-4aeb-b1bc-334cee5c4ebe", "value": "413672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834616", "to_ids": true, "type": "vhash", "uuid": "7200fcae-35b8-48f5-94d4-472acc220892", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834616", "to_ids": true, "type": "filename", "uuid": "3f8366f9-45e1-43a6-a942-806e996683e0", "value": "GlodEagl_0.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834616", "to_ids": false, "type": "text", "uuid": "efaf7a43-0e84-41c8-9a36-9b306dbf793b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834638", "uuid": "f3e39c2e-76dc-45d4-9b09-5a6b5ee2a28b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834638", "to_ids": true, "type": "md5", "uuid": "98fb073c-2e2e-4024-b77f-f1ce42e22df8", "value": "114a6b47ff8d8d6a5143aa59c11edb37", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834638", "to_ids": true, "type": "sha1", "uuid": "fc3ae18f-3eea-42c2-9449-6c30d46671d7", "value": "60d0734f23643a44dbcfb7c6c36dace5c8f1a6a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834638", "to_ids": true, "type": "sha256", "uuid": "ac99b7fe-13b7-482e-b384-d077c474e478", "value": "fa45005d12a46e163cc44a9f67cb8f803a69549422162fa4b56bba773e387e4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834637", "to_ids": true, "type": "ssdeep", "uuid": "5ec0aada-40b3-478a-bd08-cc21a465f45f", "value": "24576:XQDkzvR8XlelFWsu/lV0eBwb7VLOHtm6aBHhFqKJFjRyaN:gkjaXMRyX67BONm6U2KJpRPN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834637", "to_ids": false, "type": "size-in-bytes", "uuid": "39b0f54c-a301-45c7-9278-10457a8e3040", "value": "1102330" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834637", "to_ids": true, "type": "vhash", "uuid": "d8a72dd0-3654-4b23-a30c-a9dff9147012", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834637", "to_ids": true, "type": "filename", "uuid": "74089a63-9608-48c5-8a0d-0fdaa13d18db", "value": "GlodEagl_46.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834637", "to_ids": false, "type": "text", "uuid": "b66cfb0a-e285-46e1-8a5c-78553aeacab5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834659", "uuid": "932573aa-3765-443c-96b4-30a70af4d2be", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834659", "to_ids": true, "type": "md5", "uuid": "6fcd0e25-875c-4275-b7c2-2f864c66afbe", "value": "670cd01476969d4ef47a56ccf7160fc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834659", "to_ids": true, "type": "sha1", "uuid": "74bc179f-8995-459e-a63d-6cb808a1c166", "value": "3485fc62744db4210f8c061284a9a3ce91ad5900", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834659", "to_ids": true, "type": "sha256", "uuid": "fa663b72-28ce-4776-b140-4a0a5b2131cb", "value": "c4a5d32bdc5b829537fb509c4205c2dfd2a30b2870c6d204522227b365a594d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834659", "to_ids": true, "type": "ssdeep", "uuid": "c7f10b47-c5ee-4d47-bcb5-a72fe2624e14", "value": "24576:xQDkzvR8XlelFWsu/lV0eBwb7VLOHtm6aBHhFqKJFjRyn:ikjaXMRyX67BONm6U2KJpRC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834659", "to_ids": false, "type": "size-in-bytes", "uuid": "7b2482c6-9f4c-4620-8460-50ecfa530825", "value": "1093035" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834659", "to_ids": true, "type": "vhash", "uuid": "25b8a73f-edcb-4ac2-8ad3-ad1a578a86a6", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834659", "to_ids": true, "type": "filename", "uuid": "ecb379a8-c963-4e5b-ad02-f79a6777b4ee", "value": "GlodEagl_45.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834659", "to_ids": false, "type": "text", "uuid": "028268e7-c6bc-4228-ac09-c2e9411f3ad8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834681", "uuid": "79018ccf-f2a6-41d9-82e1-163f96e59270", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834680", "to_ids": true, "type": "md5", "uuid": "488745dc-1809-4f63-88ec-ae43e6d81678", "value": "72b5328e02f710b4f2bb4006f5039fa6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834680", "to_ids": true, "type": "sha1", "uuid": "5f645621-abc4-454f-8e02-52039b40bd26", "value": "fb3c0f051481a6d6bbe60605ee2e8715413fc11c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834681", "to_ids": true, "type": "sha256", "uuid": "2899970a-6066-425c-a997-bfa11e89933e", "value": "6b37b80ed80bf32769c7da3ffadbf0cb746d4ae86a7903d1504f56e43e5d34a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834680", "to_ids": true, "type": "ssdeep", "uuid": "bb6ffd7a-4d8d-4acb-abd3-6b1289f12521", "value": "6144:p+GSomug90P5fXBhz24go1wGK9feshFWt/qf0r4ZcsFUxIAVk:EdomugefXBgZesh4tS44ZVUiQk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834680", "to_ids": false, "type": "size-in-bytes", "uuid": "d79579a8-e154-473b-adb3-f35bb2738d0a", "value": "291560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834680", "to_ids": true, "type": "vhash", "uuid": "e416195a-c870-4a4d-8ec8-8c14df9a0a28", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834680", "to_ids": true, "type": "filename", "uuid": "ab487107-e1c3-42dd-b5c1-f9398bce8a6f", "value": "GlodEagl_2.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834680", "to_ids": false, "type": "text", "uuid": "90d3a477-a923-4dee-913e-611f2291d587", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834703", "uuid": "9a248ee3-8d4a-47b7-a99a-615a61c086fc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834702", "to_ids": true, "type": "md5", "uuid": "8eaa4b35-3110-4dda-b3e3-7985df6b9a50", "value": "63727f114ade9e7e4c0617f77ece3a2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834702", "to_ids": true, "type": "sha1", "uuid": "036256e8-af8f-465a-a08d-810c099b7256", "value": "1ba72175814d72afa33d65b13b1658cff228c5da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834703", "to_ids": true, "type": "sha256", "uuid": "779a40e2-0800-4a5b-90ff-69c31aa35ec0", "value": "5abc97ca565778de88da726047e7126909449503758dfc3bd977cccf35f01222", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834702", "to_ids": true, "type": "ssdeep", "uuid": "2116178b-cf22-450f-8785-10ac1010d77e", "value": "24576:PJ/moEpxejYU5tlAkaoh/ePsXMlv0Rpymhj0zfPr2XP:xSpAjYUtlAkazk8lAhjKPGP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834702", "to_ids": false, "type": "size-in-bytes", "uuid": "a915ca4b-e0d2-4d0a-8d6a-a7ab09e762f9", "value": "1106377" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834702", "to_ids": true, "type": "vhash", "uuid": "d3d523d3-591e-4590-aa23-645292041f8a", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834702", "to_ids": true, "type": "filename", "uuid": "d03db055-0004-40c4-b975-92f74327661d", "value": "GlodEagl_24.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834702", "to_ids": false, "type": "text", "uuid": "2908b1a0-6707-4800-8ebd-e2eedf5b1171", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834724", "uuid": "a78b438c-3094-4c7a-88b9-69b8971efe06", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834724", "to_ids": true, "type": "md5", "uuid": "1a7e4595-e9c2-4b64-ba8e-dd376c241f5b", "value": "e2ee107a0f9b7370fdc4734e7163b492", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834724", "to_ids": true, "type": "sha1", "uuid": "9a06069b-e8fd-4957-8a88-f3ce64325b4e", "value": "f4f82d2dfcfadf9b48e4bd5f962c57ff1fa7ea2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834724", "to_ids": true, "type": "sha256", "uuid": "25b0c4f6-80ca-4c77-80b4-dfe2b3c736ea", "value": "7349746c39823a24fd4d18f246f43b85bd5c8d477d860ccf836bdea3487f7824", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834723", "to_ids": true, "type": "ssdeep", "uuid": "f8ba7599-198e-456c-bedd-e1a335ab44dd", "value": "24576:0zuQsRhUTjegggHTT9Wufw8szPiEssw0y9RR5alD8A5Nm47:fQsROeqT9OdPSl0y9ziz5n7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834723", "to_ids": false, "type": "size-in-bytes", "uuid": "78ff923c-b6ce-4a8a-8624-bbc58fc3e5d1", "value": "1252683" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834723", "to_ids": true, "type": "vhash", "uuid": "750c430f-ff5f-4e67-8116-2f3133c8de75", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834723", "to_ids": true, "type": "filename", "uuid": "12d58dd2-3232-44c2-b304-8fdc7f4f4a1a", "value": "GlodEagl_146.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834723", "to_ids": false, "type": "text", "uuid": "2d79898d-7096-474a-aaeb-da4e1e269716", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA31\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834745", "uuid": "a3f1e3aa-c01b-4d36-a983-57f0ec99e227", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834745", "to_ids": true, "type": "md5", "uuid": "a9d9638d-ef19-47a9-9f9a-4ebae8ffa78d", "value": "cec2ac73bf728f30604c735da2396cb6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834745", "to_ids": true, "type": "sha1", "uuid": "029c4549-7032-4f82-a2dd-8c66db3b3e0d", "value": "367d8f71429475e9d30d5118dc68b6f617ab00bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834745", "to_ids": true, "type": "sha256", "uuid": "ae657a2e-4e64-463a-bd2f-a1e6937441ed", "value": "b6170bc6da46cff14a854745c1c3019b8487d631e3194abf2965d1fb71fc5be1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834745", "to_ids": true, "type": "ssdeep", "uuid": "a155208f-3096-4a4c-8350-62f4fa00bd63", "value": "24576:uItP4C9gCrcUcdxAqx2Seh9uLZ8KLwW9kYxSZoHEgqa4/i0:uM4CCCrc9dx3kuLZ8bW9b8x80" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834745", "to_ids": false, "type": "size-in-bytes", "uuid": "025bd891-4fba-4ff3-9900-28834a9a8fce", "value": "1256566" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834745", "to_ids": true, "type": "vhash", "uuid": "5ca0ed7f-3e7f-46b7-91a3-9b7384170764", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834745", "to_ids": true, "type": "filename", "uuid": "5ccbe224-63bd-415e-bdc9-becfa796c0d8", "value": "GlodEagl_1246.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834745", "to_ids": false, "type": "text", "uuid": "e4082f32-52b8-4575-a12d-a8b73c68c118", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834766", "uuid": "6bc50bef-a5c6-4251-9a82-1258db92505b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834766", "to_ids": true, "type": "md5", "uuid": "af2b5bda-61c5-437f-9d21-baef26041133", "value": "5836c275e0b27cc6ae3dbc10f14f34c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834766", "to_ids": true, "type": "sha1", "uuid": "ec616512-2925-4b5d-900e-4c402fe33a47", "value": "142afb52f4cdea2a03c4c78e869e8b4ebff9bb61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834766", "to_ids": true, "type": "sha256", "uuid": "7525d8dc-f0b3-464b-b151-32529d9b5a1d", "value": "c5a590084503ed8d1515dc6672e68fdb9e35e1a722a6ce9292f59d0417f9d8d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834766", "to_ids": true, "type": "ssdeep", "uuid": "0ded022e-7478-4a7f-a57d-5399ce8d8f15", "value": "12288:VHSZR/iJgSIUXZ6kNYV3zDaJ0QKGph2mpOCj:u/iiSIWUkNYhs1K62mICj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834766", "to_ids": false, "type": "size-in-bytes", "uuid": "e6eac0c2-6085-4c88-b4c0-90781e83cd0a", "value": "430823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834766", "to_ids": true, "type": "vhash", "uuid": "aff87229-52ed-4e8c-af05-ccc64edf47db", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834766", "to_ids": true, "type": "filename", "uuid": "42569daf-3597-41b2-b372-9644dc168f12", "value": "GlodEagl_12356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834766", "to_ids": false, "type": "text", "uuid": "1e461e2e-c7eb-44da-93cf-81159d406337", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:32/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834788", "uuid": "bb30d314-bebf-4a86-b3cd-8bc3d7de1ee0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834787", "to_ids": true, "type": "md5", "uuid": "375802a8-a5b1-4d82-b6c1-f982621640a6", "value": "1f4b40b28d0f7131f9fd62f2f6bde0bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834787", "to_ids": true, "type": "sha1", "uuid": "22917de4-ff4a-4451-b664-399d2d34183e", "value": "f4452d7efae73b322ac4b88a1046ac4d0a26dcfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834788", "to_ids": true, "type": "sha256", "uuid": "89413f8f-a7b4-452e-b8b4-d531ce61fe0a", "value": "e44c635f87946e5d9c3b0766b1665904dd321afa44590284aa6271223af4b398", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834787", "to_ids": true, "type": "ssdeep", "uuid": "4b747fcc-07c9-4968-b07b-b0c4ef58e360", "value": "49152:PmXrcMGsIIHI/Jru8iCKZvtc6UCODvQiDF:OLcrqhUCxiJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834787", "to_ids": false, "type": "size-in-bytes", "uuid": "9060d974-688a-45c8-a6d0-ff3a5782381f", "value": "1824034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834787", "to_ids": true, "type": "vhash", "uuid": "6b63c608-c55e-47bf-a397-c8f290b8e97b", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834787", "to_ids": true, "type": "filename", "uuid": "6e12027a-3129-4a94-928b-d17f7e6b0906", "value": "GlodEagl_01234.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834787", "to_ids": false, "type": "text", "uuid": "898d01a4-3dc0-488d-a45f-deb5ee4a794d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834809", "uuid": "54a84d7b-ca62-4ad3-ac14-95a4792453c6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834809", "to_ids": true, "type": "md5", "uuid": "45b09314-de6e-4ca4-a75c-c454b512ffb0", "value": "04351ca2dc5796f464479ad57f3008fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834809", "to_ids": true, "type": "sha1", "uuid": "5129dfde-fee2-4643-9129-d1f6cf9da6d4", "value": "50435cfe0d697a30c658657c0afff11cc3bd4de3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834809", "to_ids": true, "type": "sha256", "uuid": "6a186f7a-07b0-47fc-82d8-9bd0793ad9e3", "value": "7e73db1ff367b9c0b125dc3cd90f5eb70fdd937cee3d82b44f36d1576794b200", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834808", "to_ids": true, "type": "ssdeep", "uuid": "6efa81a8-5fc0-40ec-ad01-3fffa81c0201", "value": "12288:39Ex5Ba0yJ/tbOkhmc1wyJFlumCZ39VJ4:twtkb1wyJzk3934" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834808", "to_ids": false, "type": "size-in-bytes", "uuid": "4bc91155-5634-43d2-85a8-58efefa4effa", "value": "408056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834808", "to_ids": true, "type": "vhash", "uuid": "a9651457-fc50-4bc4-bd28-7bd62ccc2fbc", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834808", "to_ids": true, "type": "filename", "uuid": "7fa09775-6bb3-40db-813a-70150d2b04a7", "value": "GlodEagl_0256.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834808", "to_ids": false, "type": "text", "uuid": "e0dc560a-03be-4ea2-801c-e19b5b389cc1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834830", "uuid": "c42fc685-7cf8-4ebb-a81f-e54557c648ec", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834830", "to_ids": true, "type": "md5", "uuid": "05eba469-2caf-4d07-9872-9135335a354f", "value": "364f721c397bf8952066ad6e89f38b47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834830", "to_ids": true, "type": "sha1", "uuid": "c12c8779-5103-4af9-a2b2-d288a5dbbc1a", "value": "8b4ae4f7935d117b6ac1d17916d7b7244606ff4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834830", "to_ids": true, "type": "sha256", "uuid": "a0d85784-5034-4200-bad0-9bdca0b2e1e9", "value": "7b530fd856a8f584a00d442a254d620e8f40d3473d166c89f974633fbd9ef777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834830", "to_ids": true, "type": "ssdeep", "uuid": "7af07378-3580-4460-afdf-943665767370", "value": "24576:2DkyH4RbJm3E4Xni8k4sgmdwDkHVreCLXm/iaMeTG+YqOSO:ckyiA3EwE4rmHhhC/iaLG+KT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834830", "to_ids": false, "type": "size-in-bytes", "uuid": "56f80ecb-1fcb-4d64-80ba-49eb637a7a2e", "value": "1217776" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834830", "to_ids": true, "type": "vhash", "uuid": "7add2f8a-e8a4-42de-8b23-abb6ca887b67", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834830", "to_ids": true, "type": "filename", "uuid": "25e3fe48-089f-49d7-a3d2-0d3befda88ce", "value": "GlodEagl_045.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834830", "to_ids": false, "type": "text", "uuid": "cee446dc-2e0d-4ff9-babc-950cda4216e4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834852", "uuid": "63a3de71-ccf5-496a-99ae-ac6bc9df7e6c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834851", "to_ids": true, "type": "md5", "uuid": "a16a40f0-c421-44a7-b06b-f4c38a481305", "value": "4ef39fcae5ec0c808212d6564375121d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834851", "to_ids": true, "type": "sha1", "uuid": "99cce5be-9f8d-4612-9868-4993d69d2264", "value": "3dc80c1fd875af9b707e9e8d607347fa1aade665", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834852", "to_ids": true, "type": "sha256", "uuid": "d8d0df4a-6fd2-4bea-bb14-e8060611683f", "value": "75aabf3865b6691600dc2a54fbe55296bf5ee644f4e33e6b4af0a0c301563a36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834851", "to_ids": true, "type": "ssdeep", "uuid": "0468cb94-714f-486d-bc75-d9d411954e13", "value": "24576:wzQyPrQHOogEQjJsq1ANUMCXWls0CFe0mH90IMm49wd:3u51sAANfk50P0OSIwed" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834851", "to_ids": false, "type": "size-in-bytes", "uuid": "f9eba17d-9fbb-4b23-889a-ae1044429723", "value": "1232188" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834851", "to_ids": true, "type": "vhash", "uuid": "355c3043-9873-45cb-b07f-ed3edb172350", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834851", "to_ids": true, "type": "filename", "uuid": "8bfe759b-c465-4c30-8483-210d2036c339", "value": "GlodEagl_0246.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834851", "to_ids": false, "type": "text", "uuid": "42a4b18a-f170-44c1-84b8-aa10f0909d75", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834873", "uuid": "8ec59f87-9aed-4f6a-aa5f-1ddf5973273b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834873", "to_ids": true, "type": "md5", "uuid": "76becd51-abee-460b-ae89-5107d8b2e173", "value": "6d32d4270ba06771a6e41a59adda7a64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834873", "to_ids": true, "type": "sha1", "uuid": "e47de4a4-be13-432b-a47a-7099454534cc", "value": "40fc40484c93b55bacf384eba034656f60db65f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834873", "to_ids": true, "type": "sha256", "uuid": "215775f0-5c00-44b4-899f-cd26b44f1826", "value": "13fb4460637c3057d76f98b654e527e1f5494256dd046d6d77a48831c0912b0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834872", "to_ids": true, "type": "ssdeep", "uuid": "0e64a196-2f19-45fa-a763-2a68d39c88aa", "value": "24576:KzQyPrQHOogEQjJsq1ANUMCXWls0CFe0mH90IMm498h:pu51sAANfk50P0OSIwih" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834872", "to_ids": false, "type": "size-in-bytes", "uuid": "93864c16-5862-4fc4-8bf2-02a03c0dc2cd", "value": "1232502" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834872", "to_ids": true, "type": "vhash", "uuid": "fa0dd365-10d6-4e3e-848d-62abeeda7bb2", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834872", "to_ids": true, "type": "filename", "uuid": "da882141-444a-4908-a56d-3024e6852874", "value": "GlodEagl_024.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834872", "to_ids": false, "type": "text", "uuid": "8d09c7f9-7570-4ceb-8cca-635c583413a5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834894", "uuid": "0af8246c-fd69-4f7a-876b-4a22d0b0917d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834894", "to_ids": true, "type": "md5", "uuid": "844a08b7-bcaa-410a-be83-b4949ee416a3", "value": "6cb54f24fcd8a390188f5de97462125e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834894", "to_ids": true, "type": "sha1", "uuid": "58f09ca9-62d4-4757-9f8f-b2a0151f1385", "value": "8e52e27d87bfbaac8846ddb25be99c45fc9c7a20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834894", "to_ids": true, "type": "sha256", "uuid": "f38d102a-522d-4ca0-afc2-d5bb1869323d", "value": "069e1523bd5eaa5e4fed78cf38b62a4ab96dc6fa1972682de315013d86e3271d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834894", "to_ids": true, "type": "ssdeep", "uuid": "6e791396-5c29-4e43-8536-8996b6363ade", "value": "49152:cbd3y4MIc9y24nmsFwlmKWpS/2GctJE6e4RRddIE+zncTrs8I:O3c9y2x9w9MZctU4RRgPzncTrC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834894", "to_ids": false, "type": "size-in-bytes", "uuid": "7dfd0785-7346-4c4d-8b19-a99b053247f9", "value": "1821472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834894", "to_ids": true, "type": "vhash", "uuid": "2d26ba19-d84e-4faa-84e2-6be6623410eb", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834894", "to_ids": true, "type": "filename", "uuid": "407ac2a0-7578-495c-b53c-b4788d0b866c", "value": "GlodEagl_01346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834894", "to_ids": false, "type": "text", "uuid": "67c5fabd-62f6-4fbd-9ea9-ebb049378a27", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834915", "uuid": "bdb8f77b-bef6-4eb8-b595-0c50563eec6b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834915", "to_ids": true, "type": "md5", "uuid": "970cdf0f-acd6-477e-bc5f-fb8e297ada76", "value": "96fb81525114fce9be9c244123ca6692", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834915", "to_ids": true, "type": "sha1", "uuid": "5f80d31e-b35f-4e8e-97e1-cf4d257cf60d", "value": "9a02f0c79295f91eec64d79f70dec4ae0aeddf83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834915", "to_ids": true, "type": "sha256", "uuid": "28312fc7-fcbf-4505-b5a3-f2448b4cea3a", "value": "2c0dca74cfca9540fc0952ed83bf14a891d860761ba43cacf46f2054c6624cc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834915", "to_ids": true, "type": "ssdeep", "uuid": "9e0da07c-7ca2-4d6a-a670-5bd476f1f4fd", "value": "24576:PaRIB/gqH1G13wR3kA+V2TyaQH0PbKi+RJvpm++JAufQW:SRS9s3qkA+VEjKqrUJvR+G+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834915", "to_ids": false, "type": "size-in-bytes", "uuid": "290bd8aa-5061-4b6a-9f25-7449db9a94a7", "value": "1231573" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834915", "to_ids": true, "type": "vhash", "uuid": "3628e857-d59c-458f-bb82-21e670027f16", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834915", "to_ids": true, "type": "filename", "uuid": "7285288c-f068-40fa-ad9b-a2705c52b886", "value": "GlodEagl_023456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834915", "to_ids": false, "type": "text", "uuid": "e243a7af-6f96-4ce1-bb7d-4d8f9c49ebe1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834937", "uuid": "8746c6e8-4e5d-4eb2-afb7-2b42b4be9937", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834937", "to_ids": true, "type": "md5", "uuid": "241f9f1e-21bd-4946-a571-5e97aa39ef0d", "value": "2c214372e2542e9224264af487d93630", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834937", "to_ids": true, "type": "sha1", "uuid": "c7c49eef-ac1c-41e1-81fa-91b3ea416527", "value": "8757337a5fa5b0ce1090040b8989b24fcc5b826f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834937", "to_ids": true, "type": "sha256", "uuid": "352c3cd7-1b63-45b8-83d4-7a49d348f201", "value": "fb4017d11922d80f10e79ea275696887bb19ff14a01c1bcbea891bf940292b02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834936", "to_ids": true, "type": "ssdeep", "uuid": "09cda1a5-788a-4da0-a415-8cc13e5b72db", "value": "12288:uyvXyizTRHMmIeLc0niK6sVZz7+27QENOrrpVz:usXyssmIeBxZt7QprdVz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834936", "to_ids": false, "type": "size-in-bytes", "uuid": "0bfa530e-0ee7-4661-8320-548fd2eba92c", "value": "431012" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834936", "to_ids": true, "type": "vhash", "uuid": "5ca7b43d-742f-4300-b6f5-5904850c4bb1", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834936", "to_ids": true, "type": "filename", "uuid": "6f79f0e0-0f1a-4bcd-90c6-1079ee356d2d", "value": "GlodEagl_1235.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834936", "to_ids": false, "type": "text", "uuid": "36f4910f-c675-4812-8b4c-dd58b2ef2a09", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834958", "uuid": "14e212a2-7d50-4b98-964d-6da84b69bb6e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834958", "to_ids": true, "type": "md5", "uuid": "866e4e64-2f21-4497-88f2-31c747147be9", "value": "1cb9192a6636ffb08dbaa5653add9e00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834958", "to_ids": true, "type": "sha1", "uuid": "9b5cbec3-9ab7-446e-a2ee-40f1b4a1dc00", "value": "3b787498f2d2a9e3aee5e9dc914f980a8dcca214", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834958", "to_ids": true, "type": "sha256", "uuid": "e03d7afd-8aa2-430e-a7e6-034bfff2b5ec", "value": "ad911cec64fa5c5ea1318866d11fecfe6c7ae29c72eba496377c92d53bb49028", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834958", "to_ids": true, "type": "ssdeep", "uuid": "5631237e-4a1f-408f-bc34-f12f8bf7dcfd", "value": "24576:/hzL4WJrx4Xz9vFOwWVbjT/48YeHLoGWRUiVZo2CTYY:/CMrx4PgXT/48YeH5WSirXY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834958", "to_ids": false, "type": "size-in-bytes", "uuid": "fc26ff24-1c2d-4486-8020-d55bee2921f4", "value": "1111478" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834958", "to_ids": true, "type": "vhash", "uuid": "11f28d1e-abf9-4eed-95e0-4dbe1bdd37d4", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834958", "to_ids": true, "type": "filename", "uuid": "e1d2d129-64a6-4932-a3bc-7e08f3906050", "value": "GlodEagl_234.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834958", "to_ids": false, "type": "text", "uuid": "93005bd1-871f-416d-a538-00c44fa9c1b8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740834979", "uuid": "41bdfbc9-038c-4e6c-8b92-185442aefb80", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740834979", "to_ids": true, "type": "md5", "uuid": "c684d947-518f-4fb5-b5ff-0f74b2318434", "value": "cc1a0e448cd6b494752e63c78eb22282", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740834979", "to_ids": true, "type": "sha1", "uuid": "3f5c5586-dbd3-4524-b4ac-22d4a1353817", "value": "2293d2c694e7f990e30ccbc2880cad5b470270ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740834979", "to_ids": true, "type": "sha256", "uuid": "cf35310b-c5fc-4525-997c-d10401f2269a", "value": "7fd2248dbc0da5a147ad114aa315b232ee1f008418b4f99e405562db8ccf100b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740834979", "to_ids": true, "type": "ssdeep", "uuid": "9db3b3d2-6e31-45cc-870e-f6048ae8c57a", "value": "6144:VGTIg9Y2bjR4T+8Fe70up9EyWU0b07c7my21INGOuh3TrFS/HMvLpJ7xr3chgeS:IVFb1orFKp9EfpS1UGPfFS/+NNxr6S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740834979", "to_ids": false, "type": "size-in-bytes", "uuid": "be11c973-9d06-4676-a46a-11e3af5ecd60", "value": "429674" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740834979", "to_ids": true, "type": "vhash", "uuid": "7561bec3-5815-45f6-9713-2800149e77b3", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740834979", "to_ids": true, "type": "filename", "uuid": "f36fe2ed-8b72-42eb-a14b-4ff2a6ea93e3", "value": "GlodEagl_1356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740834979", "to_ids": false, "type": "text", "uuid": "efd21662-8404-4ec0-9e46-b1891f1b907d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835001", "uuid": "e88ebf77-e3d7-482d-8ce7-5f3f977b62a1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835001", "to_ids": true, "type": "md5", "uuid": "a6dbd684-9e36-469a-b15c-0ddcc211bcac", "value": "d88a4bfd674d05856ff298db3c0c6ee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835001", "to_ids": true, "type": "sha1", "uuid": "2006b32b-87f4-4bf5-87b9-a63b2b302202", "value": "73b5e53ec38e80fd364f099fdd4c4316ef0ef86a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835001", "to_ids": true, "type": "sha256", "uuid": "0e787000-49cf-4981-8d3e-f6fc705686fc", "value": "35cddb795a7e3e7b5936073bc32a7912f9c6ab25bd90c870dbef0a9e44187b9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835000", "to_ids": true, "type": "ssdeep", "uuid": "9d234953-dbd2-4fdb-b92b-f8aee22a2a43", "value": "12288:sAh18f1Y5zPLoBGpMnWnzM/B47Bv8q+0WBrbObNcm:H5zToBGK0kB4x8qcmNcm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835000", "to_ids": false, "type": "size-in-bytes", "uuid": "21878a52-9e36-4009-a477-1f189f97a9eb", "value": "435242" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835000", "to_ids": true, "type": "vhash", "uuid": "0d1658f3-e8cf-4ee9-b9d5-afb6abe44672", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835000", "to_ids": true, "type": "filename", "uuid": "d0c57fae-a3fa-469b-9766-fb33793aaf61", "value": "GlodEagl_16.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835000", "to_ids": false, "type": "text", "uuid": "294fd6e5-95b3-432b-8258-bec3bbc9af13", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA7B\nVT Total Detection:35/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835022", "uuid": "cdb1bf34-16f6-4b3e-b34b-ce53fdb8926f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835022", "to_ids": true, "type": "md5", "uuid": "abc6a93e-b125-4e2e-8dc8-70f9062ea1a6", "value": "32b0640cd3824c9f75d375c8719750b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835022", "to_ids": true, "type": "sha1", "uuid": "1e0aa662-a03b-4a21-ab94-17f1e71c61f2", "value": "981a82151b8cd9e3f37dbc2ffdfee3d99f85c9f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835022", "to_ids": true, "type": "sha256", "uuid": "7b7eba97-587a-4928-9837-0bb95f4dc35c", "value": "430c2b8b27d7cd624e5d7a66bbb2e16491ed0fbe882dde72be251c32b0f02796", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835022", "to_ids": true, "type": "ssdeep", "uuid": "8f84bf9e-ac14-4798-9d0c-7c7adf43c9fc", "value": "24576:3gZArEnZSwrOJTFGUhoJ+953qFKBLyAuUCj:wZArEnZSlBG8o+aFK5yAuNj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835022", "to_ids": false, "type": "size-in-bytes", "uuid": "e11c43c0-3ada-40a2-be7b-3586e811b55c", "value": "993542" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835022", "to_ids": true, "type": "vhash", "uuid": "ce89dd76-7081-46f1-8486-407235814838", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835022", "to_ids": true, "type": "filename", "uuid": "afe8a752-307d-4244-ac71-113d3bea0811", "value": "GlodEagl_012.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835022", "to_ids": false, "type": "text", "uuid": "d62287d7-ce7c-48de-b438-8c0cba81c592", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835044", "uuid": "0b1d06f5-2c20-4df6-977d-fb9181a1eba7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835043", "to_ids": true, "type": "md5", "uuid": "91aa35c3-eaa3-452c-90a6-9d6d4ee71e37", "value": "669f61cfdf6fadd3ba9541f8957733f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835043", "to_ids": true, "type": "sha1", "uuid": "41c1a64b-050f-4182-b34b-177081987d79", "value": "3485abbd4c95f0a71ddd5561b34dd4c979ef0859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835044", "to_ids": true, "type": "sha256", "uuid": "a845893a-aabb-4dbe-bd42-47e53b632db4", "value": "e2f2be4b3399e439363b9510334ee5ec95afba5da70f2ecdd120627916e40cca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835043", "to_ids": true, "type": "ssdeep", "uuid": "d7bbfea6-39ae-4460-9365-7b10a1675963", "value": "24576:BeBvF/bXnhVoHc4dHxFVdxgu+z6OQu53gNVM25Wg3/I7ZBG139Gi:onhN4dRx+7bVEVMaWgoZw1ci" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835043", "to_ids": false, "type": "size-in-bytes", "uuid": "1bed9b46-8f8c-43dd-84e5-f18a4ef89892", "value": "1258587" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835043", "to_ids": true, "type": "vhash", "uuid": "ec6a442d-25ee-4c4a-ab69-e75760cb4dd2", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835043", "to_ids": true, "type": "filename", "uuid": "c9364130-3d4f-4045-b2bf-95ecc14b4f02", "value": "GlodEagl_1346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835043", "to_ids": false, "type": "text", "uuid": "63fe8b2c-ebcf-4bf3-bc56-968268e04991", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835065", "uuid": "a1562b88-28a2-46dd-bc85-71cfc03897bc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835065", "to_ids": true, "type": "md5", "uuid": "abe5fac2-d790-4076-b467-ed37b78d4560", "value": "a85bf631cf0fe7c2832d74da025e2ccf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835065", "to_ids": true, "type": "sha1", "uuid": "9eb60a40-5e4a-4b01-8566-066da279cd08", "value": "31fece1d863466f5fa0b10c00b4207a0bcfebdf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835065", "to_ids": true, "type": "sha256", "uuid": "d3b4cce0-b71c-4cad-a3b0-8a51c5dd2c56", "value": "a0039c36f71aabda2e4cfcb10b7239ce56405cbab00ac094bc84f4908bf4287f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835064", "to_ids": true, "type": "ssdeep", "uuid": "a231804f-5d76-4345-9e19-e28d306ebfbc", "value": "24576:PaYrCYleaEyQVcGsQz1n/V8m1cGVet1aTCZCqURE2YSY5A6htmj4bnIw:NCIeaEy6lrzR/iLGVe/ZCJRE2YSY26hd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835064", "to_ids": false, "type": "size-in-bytes", "uuid": "c20c3359-fb6e-413e-80a4-397ef3fdb5c6", "value": "1252800" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835064", "to_ids": true, "type": "vhash", "uuid": "428faf16-eeaa-406a-9447-b22d2ecd235c", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835064", "to_ids": true, "type": "filename", "uuid": "61b4a12c-02a0-4b09-90ac-2ae1a1028a44", "value": "GlodEagl_14.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835064", "to_ids": false, "type": "text", "uuid": "af39fa81-a684-47c7-8f10-4acbb5a77827", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835086", "uuid": "1d9b8da4-c22b-4efc-8958-2753b4307ea6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835086", "to_ids": true, "type": "md5", "uuid": "f217e447-101e-4aaa-8ac5-4db8d4a4e169", "value": "2f13193530183c022ad7d47b5e195bd4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835086", "to_ids": true, "type": "sha1", "uuid": "f76fcae0-18a6-44fe-b1ef-a36d216f53e0", "value": "98f1f95f30acdb0582b59a7c97895c27751f72fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835086", "to_ids": true, "type": "sha256", "uuid": "7093f65a-17e1-4528-bc4b-39bd95c40562", "value": "3762abcc2df1ddb34af05193158efd181a564eeb212826f39ba72c8b140a1af7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835086", "to_ids": true, "type": "ssdeep", "uuid": "cf2c415b-d6ef-48d2-9fe9-53da6edc739b", "value": "24576:CoTKCLwe6wTiFt0ymPLrglls74c/8f+msZoXBJxaSC4/LVaUgdkCxm3YO:CoTKCLwXnmTrgl4X/8fvi21aSC4aUgdq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835086", "to_ids": false, "type": "size-in-bytes", "uuid": "50da9546-96e7-4412-bb07-475e0d113362", "value": "1258759" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835086", "to_ids": true, "type": "vhash", "uuid": "74aced20-1cda-40b3-92e0-9e2c4b5256ca", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835086", "to_ids": true, "type": "filename", "uuid": "7ee6f153-1c30-4fd8-b5d3-9ec68ee00ee8", "value": "GlodEagl_134.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835086", "to_ids": false, "type": "text", "uuid": "4110e1ac-25f5-493c-a780-bdc1f6a95eca", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835108", "uuid": "3f3cc021-4934-4c67-9f0f-01473825e249", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835107", "to_ids": true, "type": "md5", "uuid": "88c3eac9-614e-4ee0-8a0d-6e376d59bbde", "value": "6907fc9734f95c6bbc70ee9b54fd2392", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835108", "to_ids": true, "type": "sha1", "uuid": "1a8c61ad-5e23-415c-b5d8-9e80863ce4ee", "value": "04271b3af715cedad2703f7bec7dc352e0299dbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835108", "to_ids": true, "type": "sha256", "uuid": "13fcb13a-7453-41d7-a33e-ca91510ce2df", "value": "d4241bc1cc5bc0e91d20d3547416675b95554bde83ced96489e2dae2e24dcae0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835107", "to_ids": true, "type": "ssdeep", "uuid": "50d82961-f229-469a-a729-182e6cc59510", "value": "24576:PaRIB/gqH1G13wR3kA+V2TyaQH0PbKi+RJvpm++JAufQsM:SRS9s3qkA+VEjKqrUJvR+GUM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835107", "to_ids": false, "type": "size-in-bytes", "uuid": "eff990d9-4cf5-49a4-a470-8dbf78689897", "value": "1241182" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835107", "to_ids": true, "type": "vhash", "uuid": "14abda5b-4f2e-4c0c-9080-defd7a5aa402", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835107", "to_ids": true, "type": "filename", "uuid": "695c983e-5830-41b4-adf0-51329d67d8a9", "value": "GlodEagl_02346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835107", "to_ids": false, "type": "text", "uuid": "447829cc-e6ff-42d8-9561-7e5a59354dbd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835129", "uuid": "b6d56d5d-3f6e-45cd-a2ca-0faa1f8d1fd1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835129", "to_ids": true, "type": "md5", "uuid": "838ecfce-e3d1-403e-890c-bdfb4c62567b", "value": "d94d2787b9c106ad07b028711fc69340", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835129", "to_ids": true, "type": "sha1", "uuid": "06de87cb-4b83-4dad-9c72-270b1fa39c85", "value": "3bc3a96af78ea7b7589662abce70dd1a9184975b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835129", "to_ids": true, "type": "sha256", "uuid": "213e7417-8b52-41ec-9566-77e32e2f9fe2", "value": "997906881b4e827d0a66e32e6bdd806c1568ad557fd9b5e6c1589a1ae6945345", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835128", "to_ids": true, "type": "ssdeep", "uuid": "0edc1b8a-e6bb-4def-b603-993ee3c08d04", "value": "12288:p6OPhYrOUNSUHF3pxKFBetk1tTozNvHF2WhIe2a:p6OpYrFNnl3KFp7TodHF2wD2a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835128", "to_ids": false, "type": "size-in-bytes", "uuid": "55a297a2-e3fd-4a6a-a5bf-ce584a19f8e9", "value": "422976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835128", "to_ids": true, "type": "vhash", "uuid": "ac0da7df-af3b-442c-9669-3cfaf63d08d2", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835128", "to_ids": true, "type": "filename", "uuid": "d30ba522-4ad2-4f60-bab4-88f2014f76c0", "value": "GlodEagl_023.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835128", "to_ids": false, "type": "text", "uuid": "5d4d08ca-5409-4702-8d25-dc62eda362d7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835150", "uuid": "7e8bf8b4-44bc-4fe9-b4e2-9e0935427f82", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835150", "to_ids": true, "type": "md5", "uuid": "bf7ddc87-9986-4919-87ec-01e7cef4cb87", "value": "2326cbdd2a94aeca11ae21de02ab6782", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835150", "to_ids": true, "type": "sha1", "uuid": "6d7cc9a5-0167-4e78-9e68-d2a103cba759", "value": "2b4a0511f3eae28f0d95a8b3d730d74ce88dd303", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835150", "to_ids": true, "type": "sha256", "uuid": "6ec4a0c1-3120-4d33-84b9-8785a654f788", "value": "831aa7d028ef2ebe7b8f6935ab2d4c63d33b1f4350aa6a63a73619fe1eed2841", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835150", "to_ids": true, "type": "ssdeep", "uuid": "6285c06b-2ff5-4094-a6f6-4f36f6ae03a8", "value": "24576:oDkyH4RbJm3E4Xni8k4sgmdwDkHVreCLXm/iaMeTG+YqOSO:ykyiA3EwE4rmHhhC/iaLG+Kb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835150", "to_ids": false, "type": "size-in-bytes", "uuid": "44a2bf37-2a21-4de9-9bee-03d3d916bc87", "value": "1217462" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835150", "to_ids": true, "type": "vhash", "uuid": "d1d32f17-571d-4846-a8ac-7b28299fa0ea", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835150", "to_ids": true, "type": "filename", "uuid": "ecddc43d-a972-4b98-9422-14dd3305e599", "value": "GlodEagl_0456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835150", "to_ids": false, "type": "text", "uuid": "f8bc5f77-184a-40f1-ae7b-341dce84fab3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835172", "uuid": "da4c5a5b-ff8f-46a3-a120-66247142f902", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835171", "to_ids": true, "type": "md5", "uuid": "c4f2894f-d01a-415e-9d57-ba7db4487e12", "value": "4a9f47d75e8f19368f56b6480463c261", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835172", "to_ids": true, "type": "sha1", "uuid": "e67dedf6-8171-4383-ad6b-0324e9d7fb8d", "value": "321b5197145937d505b813497dac2edb9986104b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835172", "to_ids": true, "type": "sha256", "uuid": "ec1144cb-ee7d-4957-a848-e3fff6b2b0d9", "value": "25ec43a907a0b89eaa37e782aae33588b6dcfe5dad5545fbffacc5e4f435c0a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835171", "to_ids": true, "type": "ssdeep", "uuid": "4114162b-5ec8-4aeb-9f42-b8667bfc3a36", "value": "12288:IuKTS9PnS8wbicFlckX3VSYiv9yXqJSse:IuZo8wjlck1hi1sse" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835171", "to_ids": false, "type": "size-in-bytes", "uuid": "f180ee36-bcfc-4b96-a87d-13356408f79f", "value": "421248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835171", "to_ids": true, "type": "vhash", "uuid": "d1262e9c-3b30-4d6d-8141-f6aacf54d3e1", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835171", "to_ids": true, "type": "filename", "uuid": "2afc9826-f62b-475e-8a0e-e07f591c35a6", "value": "GlodEagl_036.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835171", "to_ids": false, "type": "text", "uuid": "c8cb7b22-faf3-4797-80fb-cfd4834442df", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835193", "uuid": "724d7ae1-f4ea-49fe-ac71-7fb28a12c194", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835193", "to_ids": true, "type": "md5", "uuid": "1f96441e-afd6-45fa-8441-44f5ec5dc429", "value": "09dcf2e389a69ffe5511d811f02d2e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835193", "to_ids": true, "type": "sha1", "uuid": "6b702925-7e52-4068-a42f-1a4af1124215", "value": "5016610c874faac3f44d48384447d029f57d3b4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835193", "to_ids": true, "type": "sha256", "uuid": "0f503d3e-7050-44cf-bb08-070a41093d94", "value": "f3d9f43db4b1c44970c88ba0a808be13e72e451ac36a0be3ae2ef27702f453f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835192", "to_ids": true, "type": "ssdeep", "uuid": "0766130f-9c7a-435b-80f5-568c80d9c089", "value": "12288:YoPHMe+JeE5t28gFZ4D7BbEY0AP3tXUWKPWUE9zfiizzCUVCBxcGua3VokFyp6kS:YePy88WyNb104OOzzffeUMx59yUkpc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835193", "to_ids": false, "type": "size-in-bytes", "uuid": "56b9ed53-dc06-4448-adc1-8694d1c92808", "value": "981671" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835193", "to_ids": true, "type": "vhash", "uuid": "dd5799c8-87ab-46ba-8a8d-4516d3156491", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835193", "to_ids": true, "type": "filename", "uuid": "2a52c496-6c1b-489a-b8ef-c1ddaea5f341", "value": "GlodEagl_015.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835193", "to_ids": false, "type": "text", "uuid": "7d70d81a-ae4a-405b-968e-565a75744670", "value": "GoldenEagle\r\nType Description: ZIP\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835215", "uuid": "f9b7b2ea-20cd-40dd-94fe-30c9093d6037", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835214", "to_ids": true, "type": "md5", "uuid": "f66e0f97-cae0-453c-be59-ca5f212e6893", "value": "14003e519203eda8a404457406586d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835214", "to_ids": true, "type": "sha1", "uuid": "ad0ab38f-5e02-4030-81ac-736e4febb4ca", "value": "bff9a82f113e200bd9eca910fdb1a729230cb02c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835215", "to_ids": true, "type": "sha256", "uuid": "a055bbc4-97a4-4083-8846-0bf6168e9373", "value": "2061c54388e1f6b457c61305070b5d55f9d46e3614d9aba3e0238c0d5a39096e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835214", "to_ids": true, "type": "ssdeep", "uuid": "d6e00c33-b449-40cd-99fc-554c29dac740", "value": "24576:ARhO/xOxiMVEnRz+BxVLFICtpVxx1FhUlR2ksT:MgCvORkx3ISpVv1/eR+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835214", "to_ids": false, "type": "size-in-bytes", "uuid": "3f954000-8459-441a-8a9c-816add55c0a4", "value": "1228515" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835214", "to_ids": true, "type": "vhash", "uuid": "6852e43a-05c4-49f9-a8de-017e15620663", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835214", "to_ids": true, "type": "filename", "uuid": "e2238446-3787-4231-85db-0380006a89cd", "value": "GlodEagl_03456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835214", "to_ids": false, "type": "text", "uuid": "4c23d28f-42ab-41dd-a18d-364e66f18b61", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835236", "uuid": "8ebe73cf-1e10-4436-8453-58854566b532", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835236", "to_ids": true, "type": "md5", "uuid": "1de9a33e-444c-4db2-b575-26c0d1793960", "value": "151d5c66486c254f89e60d5a76b0c184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835236", "to_ids": true, "type": "sha1", "uuid": "0f70c0e5-cd97-44dc-bd31-23cdd2c1e139", "value": "df5d3987300f0af79538aaa0a4b198a9ff2ebabb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835236", "to_ids": true, "type": "sha256", "uuid": "06575a65-a563-4fb6-b70d-e52ea0d7989e", "value": "afa865f2302cbfcd7e5b5b720c08ecd1ee804120359a4f8f0e5a12ac20d8ef14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835236", "to_ids": true, "type": "ssdeep", "uuid": "0629ba4b-4399-45fd-b91f-905372592383", "value": "6144:WDlweCsHtnThIjZ9VkGn70mrc8wcACtcFC1Lyvck/ftRGQ0/HKbSujT4hvYmyXq9:IuKTS9PnS8wbicFlckX3VSYiv9yXqJS2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835236", "to_ids": false, "type": "size-in-bytes", "uuid": "07164867-f088-4fa2-b997-7b6d11f6c0bd", "value": "411639" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835236", "to_ids": true, "type": "vhash", "uuid": "0dc641bc-826b-465e-a2cc-5e12d36ceb35", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835236", "to_ids": true, "type": "filename", "uuid": "3f4802bf-57f1-4330-a14e-4581c2fb45fd", "value": "GlodEagl_0356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835236", "to_ids": false, "type": "text", "uuid": "d31897cd-77b1-4376-9706-8e6c976d4d20", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835257", "uuid": "a8d49eb2-09cb-45ec-82a0-360475e904f8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835257", "to_ids": true, "type": "md5", "uuid": "1957c831-e55e-43d8-b7c3-8c203e289e83", "value": "36cecd15453d06f9384b68b5c63288ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835257", "to_ids": true, "type": "sha1", "uuid": "d52d4440-57d3-4c51-89f5-8bf26f8251ca", "value": "ee4b079cea13caae3148ec9b09e26f6f1f6f0f1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835257", "to_ids": true, "type": "sha256", "uuid": "e8abc757-ed42-4d46-bae2-76b3b607bc6d", "value": "3822a97c86073b233664fa4452b211c7f60a3d0b8a7abad9572bdc844a93378f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835257", "to_ids": true, "type": "ssdeep", "uuid": "3533baaf-1faf-4448-b232-7ec0f5e21e4a", "value": "24576:2DkyH4RbJm3E4Xni8k4sgmdwDkHVreCLXm/iaMeTG+YqOS2m:ckyiA3EwE4rmHhhC/iaLG+K3m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835257", "to_ids": false, "type": "size-in-bytes", "uuid": "1028aba5-6323-48a8-8d36-819f626c0d82", "value": "1227385" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835257", "to_ids": true, "type": "vhash", "uuid": "3b56608c-fa8c-454a-89ec-cd7745c84ceb", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835257", "to_ids": true, "type": "filename", "uuid": "0d6703b1-57a3-4d19-833d-9db521a37637", "value": "GlodEagl_04.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835257", "to_ids": false, "type": "text", "uuid": "b4e2dddb-bd53-4272-b447-735eb444fcee", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835279", "uuid": "0e6f9e5e-5b2d-4c20-ae06-3a404ac10906", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835278", "to_ids": true, "type": "md5", "uuid": "b9504ed0-8091-4bd4-b335-ec560e3611c0", "value": "a036b696af94a4b050bf37288e993d5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835279", "to_ids": true, "type": "sha1", "uuid": "ea6f8170-82af-4f15-b448-1e1931661881", "value": "1058b7a3535e379967e673bc68193fb980d8795b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835279", "to_ids": true, "type": "sha256", "uuid": "04ed6b40-136b-4b3f-bbf8-bee99c1ef39a", "value": "940d86d0810b061d7b2359448417a97a0fa7a6ce0c2cab1e211ad049d30babda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835278", "to_ids": true, "type": "ssdeep", "uuid": "7fc5000b-cd09-433e-8977-6a35dea0c358", "value": "24576:wF2xXhEpSwhBVIIu8Bzx9U7UmP9JDXYD51cbzRe+jgG:wqEpF9tPn51css" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835278", "to_ids": false, "type": "size-in-bytes", "uuid": "34b7ce08-8870-4a28-8acc-d1374ae13fd9", "value": "981163" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835278", "to_ids": true, "type": "vhash", "uuid": "ba2d7f8f-dfd1-4ca9-83f7-934a8c2f92d5", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835278", "to_ids": true, "type": "filename", "uuid": "70763d8b-f734-46bb-bccb-67f086755fe7", "value": "GlodEagl_0156.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835278", "to_ids": false, "type": "text", "uuid": "eaa2237c-0765-4e82-b7c8-59fc1e9a1167", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanDropper:Win32/OverJoiner!rfn\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835300", "uuid": "62240528-2cae-4e3a-a664-5fd401c21998", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835300", "to_ids": true, "type": "md5", "uuid": "304c4185-03d9-48cb-8dd0-4b4ad201d09f", "value": "8a41de96484ed984ef996dc1d653f37e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835300", "to_ids": true, "type": "sha1", "uuid": "eca8c579-4496-45be-82f6-414939ab0685", "value": "7ff6003ac49832f9b64f7916a975a58552153181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835300", "to_ids": true, "type": "sha256", "uuid": "740a3dbd-e8b0-468c-a114-27e9e6352446", "value": "d90641de2a38b0fa0adcfc8f3114dca9d28a4a6c09740b839696ff1336d94dfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835299", "to_ids": true, "type": "ssdeep", "uuid": "81431ad7-e1ad-4de2-b226-d3dbd1d7107b", "value": "24576:L5D+mifE3f6EVdGF/rznboJngml/BOXXnRqmfOBELC:L5D+mifEP68OoJn//Q3ABEO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835299", "to_ids": false, "type": "size-in-bytes", "uuid": "35a053fa-a7f4-4d09-a871-d39201567af3", "value": "983993" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835299", "to_ids": true, "type": "vhash", "uuid": "8f402e0f-d855-4b1c-b771-b763726982fb", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835299", "to_ids": true, "type": "filename", "uuid": "c50b4b56-b3a4-4d93-a586-189a0471982e", "value": "GlodEagl_0125.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835299", "to_ids": false, "type": "text", "uuid": "270b0945-e64f-427d-9734-8f0d9bee1b02", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835322", "uuid": "fb2ee84a-a6a1-4b6e-baa5-621fe06f31a8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835321", "to_ids": true, "type": "md5", "uuid": "6fb29125-f3c0-49d6-9e59-e4afb75464f8", "value": "8e5e5cbe6db77cdd60c44f304cd377f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835321", "to_ids": true, "type": "sha1", "uuid": "f6ea99b1-13a0-48c0-bb14-0292a020be8c", "value": "e8350dab4dd59b5c3d312a50c1f46e577ce348a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835322", "to_ids": true, "type": "sha256", "uuid": "e0617658-cac0-4c55-bd2f-55f0b893e1e3", "value": "2a9883f38b68ed99150abf131e8f46c54a63e28fae5a43a2f4095f17fae2d6cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835321", "to_ids": true, "type": "ssdeep", "uuid": "669ba00b-e494-4bd7-aa59-552c036b6f64", "value": "6144:XDlweCsHtnThIjZ9VkGn70mrc8wcACtcFC1Lyvck/ftRGQ0/HKbSujT4hvYmyXqP:RuKTS9PnS8wbicFlckX3VSYiv9yXqJSQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835321", "to_ids": false, "type": "size-in-bytes", "uuid": "1d4d2597-b488-4df5-8b7e-37817b299d90", "value": "411951" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835321", "to_ids": true, "type": "vhash", "uuid": "af0ef18f-9db6-40fb-ad5a-ad9a9a5311ce", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835321", "to_ids": true, "type": "filename", "uuid": "a4e27576-5b8c-44ab-9580-b91224431706", "value": "GlodEagl_035.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835321", "to_ids": false, "type": "text", "uuid": "c9e98996-2470-411b-a5ba-cd59cab693cf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835343", "uuid": "7076f2d1-698e-44ed-b94f-b6d0f97c8777", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835343", "to_ids": true, "type": "md5", "uuid": "07b69798-b72a-415e-840a-da0ec633c889", "value": "582ca7f02731d35196a89c0774ddb5b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835343", "to_ids": true, "type": "sha1", "uuid": "56343910-ca02-4cd2-820b-3ee9f3c4e32e", "value": "bbab22444ea4f26dff2cd63a75a12d09296aff0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835343", "to_ids": true, "type": "sha256", "uuid": "9a0b94a2-9583-4af6-8f07-365b51a08d10", "value": "7cfcb91b09be19d0ed1750a724b1fb4598546e5a70182cb153d8bd2c8560277e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835342", "to_ids": true, "type": "ssdeep", "uuid": "e225f7d3-ff14-437e-a0b3-6e720ebe7994", "value": "24576:ARhO/xOxiMVEnRz+BxVLFICtpVxx1FhUlR2kska:MgCvORkx3ISpVv1/eRNa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835342", "to_ids": false, "type": "size-in-bytes", "uuid": "19ab9f78-7a0b-4351-b0df-04510062057d", "value": "1238124" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835342", "to_ids": true, "type": "vhash", "uuid": "b1fe2e5a-0a6c-494f-8b1e-0b7fda14d0af", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835342", "to_ids": true, "type": "filename", "uuid": "64b11c40-a7ca-4b0b-b1d4-1250e251a8dc", "value": "GlodEagl_0346.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835342", "to_ids": false, "type": "text", "uuid": "29970690-0ec8-452c-b810-5a08cdd079bc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835364", "uuid": "2e066dc0-63ac-411d-9c2d-8b5e02ac301a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835364", "to_ids": true, "type": "md5", "uuid": "4b9ee067-332a-4ef5-be10-978a647ce035", "value": "8ba56503a0ce4e81ae88c4b33d823482", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835364", "to_ids": true, "type": "sha1", "uuid": "861103f1-9138-42e4-9e8c-b26fed57dc5f", "value": "15c195a3d76241990730ee6eb7e96a944a70a1a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835364", "to_ids": true, "type": "sha256", "uuid": "1d13b35f-533a-46fe-8f8a-6a08a905a167", "value": "db230e64b4385ba09358d23a7a4a8b7d5f9e0036ce80f835a77cd1c951715d1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835364", "to_ids": true, "type": "ssdeep", "uuid": "86a1dba6-4b19-47c8-b323-52c85487de89", "value": "49152:JJ2k6RYIpYymc0UFoQ8M+iFtyQ+Fc8dsAKGOjzZ:JJ2k66Iphmc0UFoQ8G/J+gAKFjN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835364", "to_ids": false, "type": "size-in-bytes", "uuid": "9429f871-f940-4e6d-bc33-f6c027527132", "value": "1817917" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835364", "to_ids": true, "type": "vhash", "uuid": "725ca2f5-60fa-4c03-af21-9b5fe8b15ee1", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835364", "to_ids": true, "type": "filename", "uuid": "e24df38e-6140-421c-9acb-0821a72e3f00", "value": "GlodEagl_0124.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835364", "to_ids": false, "type": "text", "uuid": "ae3b9492-7ad3-4c64-baa5-2c620c5c76b1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835386", "uuid": "cf894830-10c3-41e6-90cc-20b96df1e1e8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835385", "to_ids": true, "type": "md5", "uuid": "9aeccc9a-3c98-4150-a0de-be81a3f8cee5", "value": "f1b1becfa415c966a6dcc8d927135510", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835386", "to_ids": true, "type": "sha1", "uuid": "9d1c4f90-2ed7-4f34-9bc4-43a3b8e3c2cc", "value": "232438aa4b1c0249c2df7f02c8698710351a3b61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835386", "to_ids": true, "type": "sha256", "uuid": "da8edca8-3dcc-426e-b653-e764543590cb", "value": "619c8d4f9f5a7a06cdaef1ba47ab50fe1cb75d7484c0f0209cedefaeef68fd8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835385", "to_ids": true, "type": "ssdeep", "uuid": "dc929d4c-2013-4b6b-a086-28c2e0625450", "value": "49152:cWn6Lvk//PfvV3qX1q+x2fPXuAw7dr6DlzA4:cKekHHvobxQuAw7dr2h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835385", "to_ids": false, "type": "size-in-bytes", "uuid": "79300ac7-f27a-407f-84fb-cde436f0ed71", "value": "1813843" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835385", "to_ids": true, "type": "vhash", "uuid": "e46bc5c0-edcb-4470-b98b-f55fe02a20e2", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835385", "to_ids": true, "type": "filename", "uuid": "c3760b50-aa15-4ba9-8164-d54c5d848f81", "value": "GlodEagl_014.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835385", "to_ids": false, "type": "text", "uuid": "25fc1f35-e873-48c1-9bfd-dd479f55cf83", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:32/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835407", "uuid": "69f50c0a-ccf2-4af8-8c20-5b38f3c8d452", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835407", "to_ids": true, "type": "md5", "uuid": "ea24a23f-0a5d-406b-9155-b20041ab0b35", "value": "7444a58a6d1a7837e876c7dd31f63e8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835407", "to_ids": true, "type": "sha1", "uuid": "f606b714-91fd-4701-aed6-97b7932cbe67", "value": "50b5afc9fab03542884e14fcb82bd3b68dfa89e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835407", "to_ids": true, "type": "sha256", "uuid": "f1cdd8c0-a3c6-4421-b8fb-c8277dc21286", "value": "21503f37f5aaa2ef207271f281d63a41a16fbaa62dbd88c28b4e5c82cfd18ab7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835407", "to_ids": true, "type": "ssdeep", "uuid": "82bf8b20-f4a2-4aeb-84a7-b9cf382d8e8e", "value": "24576:wzQyPrQHOogEQjJsq1ANUMCXWls0CFe0mH90IMm49q:3u51sAANfk50P0OSIw4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835407", "to_ids": false, "type": "size-in-bytes", "uuid": "92998a1d-a0fd-40a9-9fc7-1be6b4416c58", "value": "1222579" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835407", "to_ids": true, "type": "vhash", "uuid": "5d106043-8490-4d99-8118-4887c6e8494d", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835407", "to_ids": true, "type": "filename", "uuid": "366d5e15-a078-43c9-b0f7-e25c8a27c2a3", "value": "GlodEagl_02456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835407", "to_ids": false, "type": "text", "uuid": "fe06099a-19a0-47d0-830d-0046003e2d84", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835429", "uuid": "a9ef52d7-3139-40f8-8dcc-28ed813ddc88", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835429", "to_ids": true, "type": "md5", "uuid": "6189039a-133d-4840-ac57-5b68bc0e96b0", "value": "647e25de819350a360308d0a39e75f64", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835429", "to_ids": true, "type": "sha1", "uuid": "be09b38c-528f-4a5c-b937-b3ea7f5ce7b7", "value": "d080a46a6e49588e6e90bac4d1d5aa7b9c4fc5c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835429", "to_ids": true, "type": "sha256", "uuid": "177a0419-ac25-4a8b-b536-c40f2d54fc4f", "value": "0dca913ad1c4aedb8f9116162c567d53853ef7ec5f8aaa0fc4c281631dc10b6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835428", "to_ids": true, "type": "ssdeep", "uuid": "d7c5b648-9f8d-43de-a45f-2b3fba4a1b8d", "value": "49152:SemLKQXc/QLXWWBX/lSLwitgNqGfxa+tNMX:SeJQaQLWWBcE0GU+/MX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835428", "to_ids": false, "type": "size-in-bytes", "uuid": "11703964-5570-44a4-ad2c-3a041eaa7959", "value": "1812093" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835428", "to_ids": true, "type": "vhash", "uuid": "8879ee25-f7d8-41c6-aecb-6fa3ffe670c5", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835428", "to_ids": true, "type": "filename", "uuid": "12a69860-0cce-4190-9047-f723bdca6830", "value": "GlodEagl_01345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835428", "to_ids": false, "type": "text", "uuid": "3b1c7ad6-b5a5-4158-9d3a-0995af66a487", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835450", "uuid": "bed71d21-f637-4624-a18c-f418c5ff1c56", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835450", "to_ids": true, "type": "md5", "uuid": "c8289ace-7b4b-44e2-8842-d211a57d2548", "value": "6d36d16820f7287d6e4d5a8a1eebd1a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835450", "to_ids": true, "type": "sha1", "uuid": "01c1c3ac-462f-44ba-b95e-dad1a4b5e9cd", "value": "7508df4a81b705139786611a6c8f962428dc0677", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835450", "to_ids": true, "type": "sha256", "uuid": "96b452a0-04b7-4b5c-b313-a22b16095b8d", "value": "24ae8d7973bbf4b7443bf6d143a299245b5d7e0a080e779450ec0d62630e07f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835450", "to_ids": true, "type": "ssdeep", "uuid": "cd891b1c-3a8f-45f1-a514-6bc3b11022d8", "value": "12288:RuKTS9PnS8wbicFlckX3VSYiv9yXqJSEM:RuZo8wjlck1hi1sEM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835450", "to_ids": false, "type": "size-in-bytes", "uuid": "b4b8c91c-7ac7-478d-a1df-3989ce116bbb", "value": "421560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835450", "to_ids": true, "type": "vhash", "uuid": "a7f01d2b-c2e9-496d-9522-d485fe231e0a", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835450", "to_ids": true, "type": "filename", "uuid": "4a1fdee4-d331-43bf-b593-8b941bfbfb7c", "value": "GlodEagl_03.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835450", "to_ids": false, "type": "text", "uuid": "8b787091-2b32-4746-ae7d-7769c7e3c300", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835471", "uuid": "80aa677a-b053-4fbb-a7be-d29c3b65bca3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835471", "to_ids": true, "type": "md5", "uuid": "9d958a77-2330-4cef-9e3d-f30fa22c2d0c", "value": "a6e614a3ce99993f09faeef6d7e648f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835471", "to_ids": true, "type": "sha1", "uuid": "7efd4f50-f3ab-4928-bc9d-5ea6adb74d88", "value": "b461d8a51b72f3b1ffad020a43e673f5a94abb04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835471", "to_ids": true, "type": "sha256", "uuid": "04c1d312-ca4b-4e09-9dc6-eef7a85332cf", "value": "c16a342171b88032117471d2a749f8764c87b9776c9459690c5c5220e0babee6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835471", "to_ids": true, "type": "ssdeep", "uuid": "bf836f46-62ab-49d8-95b2-9b4b9cafe0e2", "value": "24576:kP3gc179RIhbnaWNYc9Nj+NfScgM1FAVnqM3ajMC:g3gMIVnaWP91efScgM1FAVqMqAC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835471", "to_ids": false, "type": "size-in-bytes", "uuid": "73ccbe3f-8c40-4f05-82b2-7f72b1dc4efe", "value": "992976" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835471", "to_ids": true, "type": "vhash", "uuid": "39cbf5d2-5186-41be-b647-50957efcf8b3", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835471", "to_ids": true, "type": "filename", "uuid": "34b92642-c644-4c53-932d-80a801c3fc0f", "value": "GlodEagl_013.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835471", "to_ids": false, "type": "text", "uuid": "680b78d2-2e32-4378-93e0-74c4cf4e6466", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Skeeyah.A!rfn\nVT Total Detection:25/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835493", "uuid": "cf9ba5f7-edc9-4e7b-961d-5079963127dc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835493", "to_ids": true, "type": "md5", "uuid": "f37aa7c0-e87c-4ae1-ac34-bc2f6ef7116a", "value": "4977ab33689e5072b000c80e52fa0a84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835493", "to_ids": true, "type": "sha1", "uuid": "b0832b36-ff88-4708-a3e6-b264c550011e", "value": "b308aff1b23eb41fbd747c9944fb8c59427b5fa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835493", "to_ids": true, "type": "sha256", "uuid": "10e0f59f-69c2-4631-a53f-72bf3d60e683", "value": "585339716973cb76b5c261a6c54cf2f9d6836d83e552b290138c490bc584e009", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835492", "to_ids": true, "type": "ssdeep", "uuid": "75ae02a3-d1a9-43df-9172-869f83586071", "value": "49152:QG4GRiDWv3te2bR+ObMlakDwW/662w+6lQo/0Ta:QGKSv3D+T3y6dlQje" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835492", "to_ids": false, "type": "size-in-bytes", "uuid": "94104e64-d769-4c69-8326-11ba3fb0e9ab", "value": "1822077" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835492", "to_ids": true, "type": "vhash", "uuid": "3654fbe5-ebf5-4ff3-aceb-2856483d4846", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835492", "to_ids": true, "type": "filename", "uuid": "9a39112d-8648-422d-b8be-7364a4593d0f", "value": "GlodEagl_0134.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835492", "to_ids": false, "type": "text", "uuid": "dcbf7f15-372b-4f5d-b290-9deb9366207e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835514", "uuid": "d6eb0c31-950f-4e28-b476-9bccfb4ccf0a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835514", "to_ids": true, "type": "md5", "uuid": "7ad4ad0f-01d8-453e-a7f4-dbc2baef0d87", "value": "39524be6ab441551c01a3ccfd6659d9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835514", "to_ids": true, "type": "sha1", "uuid": "526d67ca-3157-4b8f-8a03-54c3dda6f27b", "value": "f87aa4a5a85406d64ec16687fbce4a80f4e5cd93", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835514", "to_ids": true, "type": "sha256", "uuid": "22420979-8b90-42c8-bbf5-ee1d9ce524c8", "value": "1e88357f92bf22a710df7321db4056696c5c755406c16d1cce02cea3c5c41f13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835514", "to_ids": true, "type": "ssdeep", "uuid": "bd723431-b44b-443a-b554-3e15be557a5d", "value": "6144:i4Eaba48eTHvf1SHc4gE0Jq8z4qd1svFMcI76YJt1cRJ:iQ7fJ4gEqivFQ7PYJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835514", "to_ids": false, "type": "size-in-bytes", "uuid": "9b1a219d-0f62-4a30-ab52-882e63113b46", "value": "284273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835514", "to_ids": true, "type": "vhash", "uuid": "4b871022-2dfa-4d36-95df-e1462c207585", "value": "bbf592a52ffbc2e18ddc3262d3594f8a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835514", "to_ids": true, "type": "filename", "uuid": "3ac9fdbc-15bb-4647-9c9a-6d3af05e9015", "value": "GlodEagl_2356.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835514", "to_ids": false, "type": "text", "uuid": "cdd3a94d-550f-41f4-a286-47ef63e71273", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835536", "uuid": "ca83a877-ba0d-48b6-8be2-2047d945db8b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835535", "to_ids": true, "type": "md5", "uuid": "4daa2351-91bc-4bde-b271-faee8c45ac24", "value": "d5181e527e9697a80f0eb09d1ff1a939", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835536", "to_ids": true, "type": "sha1", "uuid": "e3697168-e05f-49b1-98a4-eb09eb9733fc", "value": "2c936843de3dffb5578dce3a278bdead3a5e7f27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835536", "to_ids": true, "type": "sha256", "uuid": "2aab7208-ae70-430b-9b38-0b83fe47ddeb", "value": "b827e24f8ef6d55cdd21a5e84567c4a0365adc644e0143952d037800db5f0732", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835535", "to_ids": true, "type": "ssdeep", "uuid": "2359a969-3a6c-475f-b732-02f5b04f4e01", "value": "49152:HSl1jsRLEyo6QkK63vcFIyuss5C7U9Av9nyo:HGJsZFGIyuRSZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835535", "to_ids": false, "type": "size-in-bytes", "uuid": "ee52e90d-b961-40b7-a379-6091fdd5564d", "value": "1803864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835535", "to_ids": true, "type": "vhash", "uuid": "528623bb-9ee9-44ee-bf42-668723c21bec", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835535", "to_ids": true, "type": "filename", "uuid": "346c3f58-fac9-40ad-84a7-1388c7dd66de", "value": "GlodEagl_01456.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835535", "to_ids": false, "type": "text", "uuid": "8bf1ab2c-4e58-43b0-b9d1-9dd169135afd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835557", "uuid": "5f434921-607a-4ec8-9c11-bab30912c212", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835557", "to_ids": true, "type": "md5", "uuid": "6de223c3-2cb2-4eb3-b3cc-996b057e03e6", "value": "30140030cca5ed9f935acc63e66ff4d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835557", "to_ids": true, "type": "sha1", "uuid": "0c58369c-a952-4a7c-91ab-4ddaa8a7d353", "value": "99a73d0a3e456edfb62d2a28010da77124460990", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835557", "to_ids": true, "type": "sha256", "uuid": "ca155587-8d93-4768-adcf-31140e49ddb9", "value": "03442f83b1336f94da80bd835e6ecbcf387027056ffbf67ee69aea8807865bfd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835557", "to_ids": true, "type": "ssdeep", "uuid": "8746bbd0-d342-4523-979b-43e7e963318d", "value": "12288:59Ex5Ba0yJ/tbOkhmc1wyJFlumCZ39VJ3:Twtkb1wyJzk3933" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835557", "to_ids": false, "type": "size-in-bytes", "uuid": "aec12d6b-2125-4301-9d22-bb73e1ba970a", "value": "408370" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835557", "to_ids": true, "type": "vhash", "uuid": "f1a1dba0-d272-4001-80c9-af3e9f04ea07", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835557", "to_ids": true, "type": "filename", "uuid": "da0136f6-513b-4061-9098-7b10e138ed07", "value": "GlodEagl_025.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835557", "to_ids": false, "type": "text", "uuid": "aff6b520-505b-4167-b1ed-10a3e441c842", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835578", "uuid": "ef867745-23ac-485a-917d-b5ab4a83b46c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835578", "to_ids": true, "type": "md5", "uuid": "3e310b07-67b1-4b59-95a2-1e7bb9f9d1dc", "value": "c7a69d05dfed3020482caa983990d558", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835578", "to_ids": true, "type": "sha1", "uuid": "039d229f-03e0-4fcd-861d-8c13f680ef2b", "value": "6041d1c59b8047fb75595cbb52a9bdd27b596e01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835578", "to_ids": true, "type": "sha256", "uuid": "ab6846ff-832a-47ff-92d1-4c07ae196991", "value": "a9e02c1a6cc9deb854d8e56d5e33d83074d88c3d804bbdc8e8bfd991553f998f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835578", "to_ids": true, "type": "ssdeep", "uuid": "d1f803e2-0152-43e7-b6c6-a1a6b96a38f8", "value": "12288:39Ex5Ba0yJ/tbOkhmc1wyJFlumCZ39VJcG:twtkb1wyJzk393cG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835578", "to_ids": false, "type": "size-in-bytes", "uuid": "4436c249-e1e5-49d8-829f-5d5655ded232", "value": "417665" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835578", "to_ids": true, "type": "vhash", "uuid": "f9870f25-21ba-4453-a42e-32f9c596b9b6", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835578", "to_ids": true, "type": "filename", "uuid": "22a24588-9225-453f-8265-bad8e04f7f06", "value": "GlodEagl_026.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835578", "to_ids": false, "type": "text", "uuid": "67a6165c-d6b7-4d22-83c8-2f5708bc3d0c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835600", "uuid": "3f114acf-f896-437e-9d70-b5fc5129852d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835599", "to_ids": true, "type": "md5", "uuid": "5c7c88a2-6ac8-467c-87fc-4f6960b7b6ae", "value": "b13533fd0532049f0593a8b177a04891", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835600", "to_ids": true, "type": "sha1", "uuid": "ffd5a678-9852-457e-aa37-38bbc1feb8b8", "value": "b2540b61cc6ee8fe461195655722cb4792933931", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835600", "to_ids": true, "type": "sha256", "uuid": "686ddc8f-750a-418e-8ef2-553561263d69", "value": "f7bcd0bfee2c1a4589843c3523c3e17e647ecaeffee02f3e08d71fb334655e0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835599", "to_ids": true, "type": "ssdeep", "uuid": "7993ecb6-2567-48c1-98c4-0ac8b81f1675", "value": "24576:uK6Qlt2UvB6AVEIw5MyvXIKJpn0PCOoOdWYbhhVzaaHuV6he+ICi:uzQltBBJVAFXPznXOpM4hhqVLgi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835599", "to_ids": false, "type": "size-in-bytes", "uuid": "fe4c053d-2cd6-4c20-bfc6-6cd211185bd6", "value": "993056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835599", "to_ids": true, "type": "vhash", "uuid": "295f35e1-b8da-450d-8eab-ed7a02c3d9a4", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835599", "to_ids": true, "type": "filename", "uuid": "6dbcbe6b-4661-4444-aaf5-3dc16f8bae7a", "value": "GlodEagl_0126.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 03/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835599", "to_ids": false, "type": "text", "uuid": "ed30d155-7a68-4733-9a12-ee7d16af0111", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835621", "uuid": "a7c696bd-68f7-4515-bfb3-3007c4b36675", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835621", "to_ids": true, "type": "md5", "uuid": "e6b5701f-e3a9-4fae-86e6-4cd10a2162bf", "value": "fe86756dd59aa9232ccc9a8a5fb1eeac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835621", "to_ids": true, "type": "sha1", "uuid": "721f82f8-8cf4-4ea2-9b74-c4714c0968ed", "value": "3da569af4f955eff3479e0fbdbfaa1907048482f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835621", "to_ids": true, "type": "sha256", "uuid": "db31f520-ed4c-4452-8d3a-7e0d40afefc2", "value": "e49d40feda384468be14d38d6c504695f135a7ef1606d4ddf9a6cd85dbee8514", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835620", "to_ids": true, "type": "ssdeep", "uuid": "2c43ad99-7d0b-4b55-b250-de3f9a3c0008", "value": "49152:R+qL+q/9S/6Qn2d6B+Fil0zbUoL9tLkz6wP75gs8AQjtZ0pFuf:R+q+qc/6Q2d6rl0z4oL9xnegsfQjtZ0k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835620", "to_ids": false, "type": "size-in-bytes", "uuid": "00a7708b-c72e-4cf6-a6f8-893f7eed0e7f", "value": "1813485" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835620", "to_ids": true, "type": "vhash", "uuid": "68cc822a-9097-4211-a86d-c8192c8ab928", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835620", "to_ids": true, "type": "filename", "uuid": "556258f1-da3e-4dde-bbee-b98bba397052", "value": "GlodEagl_0146.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835620", "to_ids": false, "type": "text", "uuid": "748b029c-55a3-49ed-96d4-4ccc839f848a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835642", "uuid": "edaea2f4-a2ac-4516-acab-1271cb2d2d40", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835642", "to_ids": true, "type": "md5", "uuid": "988f40c8-1816-4183-ba19-069133a7cfb6", "value": "f9a575f91e85d38ae23580b4353e23bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835642", "to_ids": true, "type": "sha1", "uuid": "ad0f039f-77aa-4861-a0b5-4049ffae3779", "value": "15b541fc86b8decabcdff13fe6cdf0d445df639e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835642", "to_ids": true, "type": "sha256", "uuid": "5db59e31-e35c-4bb0-bd35-20ac820561e2", "value": "6e0c424ece75a34d2dfb0c019afe5925ea8e5960c84731276ad665e7d1ce1bbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835642", "to_ids": true, "type": "ssdeep", "uuid": "b869384b-b04a-42ed-90b0-d94647fe505d", "value": "24576:xbhhWrh0QuOIczbBDUp4Zja+kMa8t4umYOaff7IS5U:xbItDIUbep4Zja+ket4umYOaXte" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835642", "to_ids": false, "type": "size-in-bytes", "uuid": "9b4f9b6a-8da7-4898-8626-65f08a32668a", "value": "983277" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835642", "to_ids": true, "type": "vhash", "uuid": "34bf7fc6-4d33-4485-b777-f35c98c59157", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835642", "to_ids": true, "type": "filename", "uuid": "d8ddcfa0-f243-4da1-981f-bec5c288257b", "value": "GlodEagl_01256.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835642", "to_ids": false, "type": "text", "uuid": "780db49c-98ac-4e73-a249-70813e3aec1c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/FakeInst.I\nVT Total Detection:32/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835664", "uuid": "e47d8053-7b05-4c4a-925e-46cea388343f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835663", "to_ids": true, "type": "md5", "uuid": "1da54425-658d-49bf-86c9-068c4c412db0", "value": "e916371376eb19fd0cb4933d70876586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835664", "to_ids": true, "type": "sha1", "uuid": "68ee79a4-b2c7-4a32-b70d-5505afce9b65", "value": "caceb51d372534be8891f11848a2b170d5982590", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835664", "to_ids": true, "type": "sha256", "uuid": "12af936f-3e01-4660-999d-ea30cb4c3232", "value": "e009b7411aec79fdfa30ea3fe4d32c4e456295b495a029ac4bab21c65aac2439", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835663", "to_ids": true, "type": "ssdeep", "uuid": "7a5a7e8f-fd09-4abe-a535-63ca2daa9db7", "value": "24576:saRIB/gqH1G13wR3kA+V2TyaQH0PbKi+RJvpm++JAufQ6g:1RS9s3qkA+VEjKqrUJvR+Gyg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835663", "to_ids": false, "type": "size-in-bytes", "uuid": "1933a3aa-0b89-44e5-93c3-290cd3411d74", "value": "1231885" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835663", "to_ids": true, "type": "vhash", "uuid": "cf5ab3aa-65cd-4c69-bc93-273c850476ce", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835663", "to_ids": true, "type": "filename", "uuid": "e3d044bc-5956-494b-b0ec-f45c8fd5c354", "value": "GlodEagl_02345.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835663", "to_ids": false, "type": "text", "uuid": "45a96fbd-2c07-48f2-bd3f-b3e6e7df3556", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835685", "uuid": "cd886e86-1137-46ef-b4cf-ec93b00cc84c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835685", "to_ids": true, "type": "md5", "uuid": "6c24c577-4743-4c23-91b9-58917bffc10c", "value": "e5cb518f171fd92874c0655d3ed2cadf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835685", "to_ids": true, "type": "sha1", "uuid": "ab8fe5a6-9608-41c7-a3da-f48be6e0f4c7", "value": "4133e41f0ebfa36b8f6439476bb12652f8f941f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835685", "to_ids": true, "type": "sha256", "uuid": "718a537c-ae6a-4c35-a929-fea0396609f7", "value": "d5c205c914dfbb83de8718a8e61193d2a8e84b5d4b1b975a0cad7a7126a4e128", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835684", "to_ids": true, "type": "ssdeep", "uuid": "48854420-cf80-4ac2-a484-3738e17e1703", "value": "49152:imcpXK1jO1msv8IfRM6mPBF9k7JyarXhOtaKmb7gwstiL:imA6jC82LmT9i4taKCyA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835684", "to_ids": false, "type": "size-in-bytes", "uuid": "a44fcf2c-db4c-454e-bcda-a3a2c751000f", "value": "1817661" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835684", "to_ids": true, "type": "vhash", "uuid": "b9bdfa50-6a20-435d-9284-c619bac4e3d5", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835684", "to_ids": true, "type": "filename", "uuid": "36b0aaa9-5cc5-40f4-8fb3-effed507c775", "value": "GlodEagl_01246.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835684", "to_ids": false, "type": "text", "uuid": "3f72d6d7-aede-4601-b459-3175db22965f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835706", "uuid": "f8c653a5-5298-46ca-aa0d-42ec7ca2b6c6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835706", "to_ids": true, "type": "md5", "uuid": "54dbd445-96d6-4c3c-b512-59f5e8dc31aa", "value": "2d14758ced0dd3761366d9400e3b9dc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835706", "to_ids": true, "type": "sha1", "uuid": "acd071a0-947b-44e2-a2ae-f997ac9f37a2", "value": "473eb02668f42faff3f617ec6bc96ec05b9deda6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835706", "to_ids": true, "type": "sha256", "uuid": "29b23092-6fd7-4292-b871-e6fc9c61e5e3", "value": "c3b312d77991e5f5d20926311c989ed1642f8ac14a4a3c5462ec85cdd35d99f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835706", "to_ids": true, "type": "ssdeep", "uuid": "587d77c7-e539-4ac2-8faa-394f6883ef0f", "value": "12288:gcZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9aMVXb6fq02clmeFzSW63:1ZmPErHbcf/vJYsf5KURV62cmIzSX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835706", "to_ids": false, "type": "size-in-bytes", "uuid": "aa4ac5cb-92d7-49d1-a322-0a3b2362e701", "value": "872232" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835706", "to_ids": true, "type": "vhash", "uuid": "208af4cd-2ee7-4bca-bde7-287e73013038", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835706", "to_ids": true, "type": "filename", "uuid": "00aa9805-4152-4e03-8739-f011562930ed", "value": "2d14758ced0dd3761366d9400e3b9dc0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835706", "to_ids": false, "type": "text", "uuid": "ad99895e-a8bf-48c4-8b82-5b35bcf7fba5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835728", "uuid": "82e8e66e-6c00-450a-a629-76972d5fa02e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835728", "to_ids": true, "type": "md5", "uuid": "c84ee35e-91d9-42f2-a341-b09b605a575c", "value": "71d5310ea108b0de095ab0b894fb614f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835728", "to_ids": true, "type": "sha1", "uuid": "e98993ce-4ec3-4013-b5f9-9802acbd50dc", "value": "fa5e44c7b039899ea518dba45f420861114abecb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835728", "to_ids": true, "type": "sha256", "uuid": "6278607f-7840-4661-9fe4-8e7c9f5903c4", "value": "0f2b148fcac1a9b0562ab73f4a1ac37782c918542e36710faf7a408022b57fc0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835727", "to_ids": true, "type": "ssdeep", "uuid": "3c022339-b8a6-49f6-a0b6-6ca0cdd2f7f3", "value": "6144:I9kSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs54:IvRIKiDQM6tQ30fTviiX4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835727", "to_ids": false, "type": "size-in-bytes", "uuid": "20577095-6dd8-4957-9b9c-8026ce60a697", "value": "247716" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835727", "to_ids": true, "type": "vhash", "uuid": "5436b1d0-c8e8-4b64-bbe9-28a3dd3d4ab0", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835727", "to_ids": false, "type": "text", "uuid": "93793014-7f1c-4abc-9450-32a72ed43e9d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835749", "uuid": "4b20f2bb-b9df-456b-a839-4ba6a4aeabcc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835749", "to_ids": true, "type": "md5", "uuid": "19aea7f5-4617-4144-9681-30bf387e0551", "value": "9fa636e75df22396e660d4463f359010", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835749", "to_ids": true, "type": "sha1", "uuid": "2bb3fee9-ce39-483a-8882-7dd073a180cd", "value": "bbb9842680a7f87bc2518adf0d5caa980395c107", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835749", "to_ids": true, "type": "sha256", "uuid": "e1d09766-1a4e-41fb-93c7-681cf5a2a732", "value": "44117c405a8f67eea15fe850c758a8a79d1dd97e95e6600f18d41ab8269c674e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835749", "to_ids": true, "type": "ssdeep", "uuid": "abcbbb09-98d3-44ab-aba3-b99aa9f538a9", "value": "6144:k/iVdmWs+Uuz8STq+mfuCQgWqFrZxmx4alhTlutOaYb:bda+tzD/m2kWqJZxxelwQb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835749", "to_ids": false, "type": "size-in-bytes", "uuid": "23f853ec-085d-4ee1-9bc2-83626fdabcac", "value": "290350" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835749", "to_ids": true, "type": "vhash", "uuid": "85776856-086a-4552-b39f-cd2e2c299f93", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835749", "to_ids": true, "type": "filename", "uuid": "0608ff8a-12e3-4a01-aacd-68555766c650", "value": "9fa636e75df22396e660d4463f359010.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835749", "to_ids": false, "type": "text", "uuid": "b08619ce-2fdb-4980-bf2a-eb71a2d9e92d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835770", "uuid": "16d154db-ed70-4081-acd9-30cfc2eebb3d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835770", "to_ids": true, "type": "md5", "uuid": "166725f0-e884-431c-b81d-d1239584fdc2", "value": "70b45b153f1b9a8957f023c2db30acb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835770", "to_ids": true, "type": "sha1", "uuid": "ea493752-0250-4853-b045-82305cbafb4f", "value": "5824e9b11bf0fbd0b6993438d46082a975297deb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835770", "to_ids": true, "type": "sha256", "uuid": "74e9fc8f-4c20-4d73-8299-6b7e9b0b5f92", "value": "c95368a49196c74f5cd5bc2387e990fc863a16aca66dc6f4efe1829c38a5e343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835770", "to_ids": true, "type": "ssdeep", "uuid": "b3493257-5cc1-4de4-bf9b-c39f1b5b7b13", "value": "24576:5nlzF/4ZJgE/P6wPbwbkdXF3tdn/PwyjhBvMEHPcEAVeW:HWgIP6wPbHnXfjDdvcEpW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835770", "to_ids": false, "type": "size-in-bytes", "uuid": "8d0bccaf-3897-4011-bf31-bd7248e3867f", "value": "1050946" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835770", "to_ids": true, "type": "vhash", "uuid": "8aaba8b3-84f7-429b-8ba6-97c6be507e1b", "value": "bd0301e49a9091f8daca332b1caf74b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835770", "to_ids": true, "type": "filename", "uuid": "2636cd29-dc92-4860-8d44-ef26a4bc018b", "value": "mal4053_patch.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835770", "to_ids": false, "type": "text", "uuid": "bab03653-b41d-4631-ba31-04b24cf816f1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835792", "uuid": "fbd60a8a-bb1a-44ec-bcdb-e03abaec62c8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835792", "to_ids": true, "type": "md5", "uuid": "d8614b86-a15a-4cde-a4f2-6df7b77f4acd", "value": "8ac962f390a9bba89a2098874cba76e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835792", "to_ids": true, "type": "sha1", "uuid": "3352f27f-37e3-4d9f-bfdf-36b1a2ca834e", "value": "dfba4a6bb90517e2471dbc037f662af09de760e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835792", "to_ids": true, "type": "sha256", "uuid": "0582e005-d5ae-4905-8269-65373c95fbbb", "value": "daa62eb058ca2c7e7bf9555dbadd81ebf82b3be9638bacde6d343395bd97eb4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835791", "to_ids": true, "type": "ssdeep", "uuid": "5aec6fb7-9271-4a5a-8b48-bcdad89f327c", "value": "49152:TuI4pzaht48sAb4boVPv9/jYZNFqvLQtfV5WAIh/:Mpz+bjPV/jyNJt95M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835791", "to_ids": false, "type": "size-in-bytes", "uuid": "7dc77ab5-a5ea-4670-86f3-0d1be2e7d9fd", "value": "1876275" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835791", "to_ids": true, "type": "vhash", "uuid": "b6789d45-b310-4bcd-9936-7cd965e58be5", "value": "1e2d0ac0c5078d4ec84b6aaf31b2cef1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835791", "to_ids": true, "type": "filename", "uuid": "05827645-cc30-496d-9a5f-5575f1b01273", "value": "8ac962f390a9bba89a2098874cba76e8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835791", "to_ids": false, "type": "text", "uuid": "41a8e0ed-1e9f-46a2-8333-fa73e4bfe198", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835813", "uuid": "6987d250-0e30-4ea4-b6aa-e0a0b12245ec", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835813", "to_ids": true, "type": "md5", "uuid": "e04e16d1-b6f6-4e58-b86e-e8b8b1e22588", "value": "2ec968b1dd3f3f1b439c9bf0ff053749", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835813", "to_ids": true, "type": "sha1", "uuid": "8c10ebb3-5cec-46f6-9c7e-e43a676aba5e", "value": "92a5e7bc4777d7813927b62fbac7330694f82416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835813", "to_ids": true, "type": "sha256", "uuid": "903b6bc0-aec1-4ad6-b041-710acd3fce8a", "value": "109aab035235e3bed1148e924e5ec81b7cd82e35456a1cc07448c2712f4acbf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835813", "to_ids": true, "type": "ssdeep", "uuid": "9c559d60-7d7e-47c3-a42b-124d6adda0fe", "value": "49152:uZrZCkqrshPdW64PP+7sTwWHtNxwltTVfmaN53o5iSAIhZ:WtwrYPdW64O1kh+JuaL3o5l" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835813", "to_ids": false, "type": "size-in-bytes", "uuid": "326f6080-be47-4130-9381-0eb1c29d85a1", "value": "2010131" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835813", "to_ids": true, "type": "vhash", "uuid": "b6ff8b63-745e-4cd1-91a6-bcac07eec8e9", "value": "1e2d0ac0c5078d4ec84b6aaf31b2cef1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835813", "to_ids": true, "type": "filename", "uuid": "aca7ae4d-b43c-4390-8723-b7be3e0fa6d2", "value": "2ec968b1dd3f3f1b439c9bf0ff053749.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835813", "to_ids": false, "type": "text", "uuid": "b65afa9a-9302-46b9-82b3-24e14bcee1f3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835835", "uuid": "751bbd9a-d661-4e74-bffc-fd96d55c6cb9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835835", "to_ids": true, "type": "md5", "uuid": "cb05cd8b-d566-43f2-9540-eecbac37aea1", "value": "50909c7011dddebd5cfd45e31c1b2c76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835835", "to_ids": true, "type": "sha1", "uuid": "0de6d59c-70bc-4e4c-aed2-dbc0dc254668", "value": "df1b85273c182b8227d96f8473c48b6c42a4b478", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835835", "to_ids": true, "type": "sha256", "uuid": "f7667865-1d75-4700-9bb5-900c80dfd0d0", "value": "cb8dc4914b0b61e4a384221101b8ec4a04b91199a744534fda2bab3bca2dcaa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835834", "to_ids": true, "type": "ssdeep", "uuid": "f2d5d31d-eb12-4669-88c0-8b26ac71f98c", "value": "24576:LqXZBwfgOFDVNdptRpgzy4VnrkZNPvSJWD:mJGfgAxDu9VrkZNPkS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835834", "to_ids": false, "type": "size-in-bytes", "uuid": "4d5fab99-d1ca-4579-bc75-792fac1bb8ea", "value": "820804" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835834", "to_ids": true, "type": "vhash", "uuid": "5dd4c7eb-262b-4cfe-a29f-60b4689d6aa8", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835834", "to_ids": true, "type": "filename", "uuid": "36a36612-933f-486b-ba57-f46b839f4297", "value": "50909c7011dddebd5cfd45e31c1b2c76.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835834", "to_ids": false, "type": "text", "uuid": "6705d9e2-4e8d-4856-b3e1-d199b778d46a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF0\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835856", "uuid": "38ef1d3b-f416-4c59-a298-880af612ab05", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835856", "to_ids": true, "type": "md5", "uuid": "f78c275f-cc88-42e4-92e6-3e133f64a13b", "value": "61f4d694680cad8428a8969e249c713e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835856", "to_ids": true, "type": "sha1", "uuid": "62224bd0-51e0-4379-98d1-d045d3647cfd", "value": "5e63d9b60fc57bfff0db524e0a9adb47e5dc32e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835856", "to_ids": true, "type": "sha256", "uuid": "fbbc555f-2aaf-4f4f-91d1-3b1ef752cd35", "value": "c7f48e605c30db42c82afc1ae1d513d1017e9a45a720da5edd818bea514e7390", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835855", "to_ids": true, "type": "ssdeep", "uuid": "5ca30da8-23c3-49b7-8108-87b1a6cdb16c", "value": "12288:tSIuxK/MCa720sMAUcgJwqh6Rx+5QJB81AHmtrwePQKd5li/l3f2JpLPW:sLI/4CFMF5h6XTo4mtrNoK6eDq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835856", "to_ids": false, "type": "size-in-bytes", "uuid": "07f18ab8-0160-4617-b07c-24c080396a2a", "value": "747479" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835856", "to_ids": true, "type": "vhash", "uuid": "3dbf5f1c-1928-49a9-96a3-f2d1918506f2", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835856", "to_ids": false, "type": "text", "uuid": "cbe1d044-5cdb-4b83-95d0-59ce46c9fcff", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835877", "uuid": "f202e539-ff61-47a3-a183-70d391cb2d60", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835877", "to_ids": true, "type": "md5", "uuid": "cc7e012b-6db1-46c7-821e-3b2ed8fedf1b", "value": "4df2cbf20a7bcdbac9ff4bd0d353b79c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835877", "to_ids": true, "type": "sha1", "uuid": "69cde4b4-7320-494f-b5e0-873cf3b70691", "value": "aa271a7b07a9233a7d5682c5d58a86b5e7c93709", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835877", "to_ids": true, "type": "sha256", "uuid": "82a7ad99-f4b6-4638-b739-564ae16628ee", "value": "17f1b7064e8e2d3abd3b068e12182314d1749c167454af2c589c1192b6eaa63d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835877", "to_ids": true, "type": "ssdeep", "uuid": "76475fb1-9692-409b-994b-fdaf72531edd", "value": "49152:6NcKxvJydOgUumQfQ0PIqq+bzgDFFH+N7IqNPnaNL0myu03FPVgzJN6Q2V2VChkZ:6+mvwdXUuwqdzOF5+VhNT73AMr44Gh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835877", "to_ids": false, "type": "size-in-bytes", "uuid": "34f1772a-152c-4954-aec9-2d6b07fc0f3d", "value": "3890633" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835877", "to_ids": true, "type": "vhash", "uuid": "3da9464a-2301-4b43-b0d1-35e210714589", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835877", "to_ids": true, "type": "filename", "uuid": "480f73cc-387a-48c1-a056-f0f947bc9cf7", "value": "4df2cbf20a7bcdbac9ff4bd0d353b79c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835877", "to_ids": false, "type": "text", "uuid": "90a12966-5945-40bf-bdb9-b8d763003d64", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835899", "uuid": "60a32581-1304-4439-933d-85068fd617ad", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835898", "to_ids": true, "type": "md5", "uuid": "dd04ac4b-ccdf-4249-8524-c118c49b45f3", "value": "e298aee0ee3c5eb128d3121e4b21cf7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835898", "to_ids": true, "type": "sha1", "uuid": "40a61260-ad9a-483e-8775-223a1aa1383a", "value": "ef12316e639a38a76f152f4eb1cbbe680ea1e6ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835899", "to_ids": true, "type": "sha256", "uuid": "4284de2d-452d-47ea-9a4c-16d185ed4422", "value": "a317602c512fa5c6fc43006e4acc4f79a65106eeec72202eac7079b78d1fead7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835898", "to_ids": true, "type": "ssdeep", "uuid": "865e8fae-982c-43d3-84a7-da6149503282", "value": "49152:KOcQX697dZeXumQfv0gXYq+bzgDFnd+6oRFNEeaNLlmyu03FPVgzJN6Q2V2VChkI:K/a61dcX3eYdzOFd+paDT73AMr44GRK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835898", "to_ids": false, "type": "size-in-bytes", "uuid": "ffb93d2a-f7d5-47de-b58d-0f253b953029", "value": "3889998" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835898", "to_ids": true, "type": "vhash", "uuid": "a73fe5ed-ced1-4a55-91a8-3029ff7ea6f2", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835898", "to_ids": true, "type": "filename", "uuid": "ef053319-4b03-4dac-87a4-e685d1938ef9", "value": "e298aee0ee3c5eb128d3121e4b21cf7d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835898", "to_ids": false, "type": "text", "uuid": "1ada59f3-37ea-4dbb-a0ec-dcea174dfcb8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835920", "uuid": "d2e02c27-f9d5-4077-a5e2-2996945c4bd4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835920", "to_ids": true, "type": "md5", "uuid": "73db9bf2-abfa-4dfb-ad5e-99e9f4492945", "value": "aace4e9bd2e231621c3d2a2283f54b06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835920", "to_ids": true, "type": "sha1", "uuid": "c7296d11-b0d5-4d99-b1d1-a25d30c2ce48", "value": "6cd80fbe743278ecbe8816d3f8f7b81d944fac25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835920", "to_ids": true, "type": "sha256", "uuid": "a72d20e9-70fe-4e4d-81e7-97249a604fc3", "value": "f6015191969a80a443fb4b2708fe48cbe7d1b9b024e56e78cf87fdfea6a7fbb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835919", "to_ids": true, "type": "ssdeep", "uuid": "406d0f33-764b-4945-a89a-e419cca66393", "value": "24576:UZmPErHbcf/vJYsf5KU17HbVGx238cwGN:UumQfb77VQ238cwGN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835919", "to_ids": false, "type": "size-in-bytes", "uuid": "16fbe3f9-f83e-4868-97d0-f592b1372905", "value": "874088" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835919", "to_ids": true, "type": "vhash", "uuid": "e09215d7-f49f-4d77-be30-c4f7d83a766d", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835919", "to_ids": true, "type": "filename", "uuid": "6881c7be-90f2-4879-b188-df640636adfa", "value": "aace4e9bd2e231621c3d2a2283f54b06.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835919", "to_ids": false, "type": "text", "uuid": "d2cad701-2144-48b8-962e-f88eed7dffe6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835941", "uuid": "8183b958-50cc-4fd6-be5c-1122f7227ab9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835941", "to_ids": true, "type": "md5", "uuid": "e4bba1ea-7510-4bbb-90a1-8e797e06903a", "value": "43885d9b120f2c9c029e47f629865d3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835941", "to_ids": true, "type": "sha1", "uuid": "de9be49b-2497-4743-878a-a7d0949fdbcc", "value": "d307c30d503ff15f74406fef70e548c653fd9714", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835941", "to_ids": true, "type": "sha256", "uuid": "4140b84d-5b49-4970-bd4b-5f61c8e3c9dc", "value": "c81ed5aa762d20808f3d6aa63caa2e61b87ebce25ca0911c058b085328687321", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835941", "to_ids": true, "type": "ssdeep", "uuid": "b9fdb8e2-2e62-43b0-b9e3-2bc3cfe83919", "value": "98304:n/mvwdXglwuqdzOF5+R5rc3WGz0HfARITIBfIDbg:/mYdngF5+R5x3/sIyQDM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835941", "to_ids": false, "type": "size-in-bytes", "uuid": "bccad331-c8c5-4808-859d-5e15d21e4777", "value": "3971474" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835941", "to_ids": true, "type": "vhash", "uuid": "9387bd9a-062c-4bff-b066-1484aad8acad", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835941", "to_ids": true, "type": "filename", "uuid": "c6ccce26-8aa1-4cc8-b068-36fa79c33cbb", "value": "43885d9b120f2c9c029e47f629865d3c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835941", "to_ids": false, "type": "text", "uuid": "e3241db2-0d22-42c0-9b9c-11dbfb644332", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835962", "uuid": "5116a1fc-468c-4c05-9424-842b4dfc9d04", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835962", "to_ids": true, "type": "md5", "uuid": "388188fb-08b6-4632-b1e2-ff057ea260a8", "value": "04670b11127f3bfb276e47163e8e4c82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835962", "to_ids": true, "type": "sha1", "uuid": "e789962a-9998-421c-959f-9b06f3de20e9", "value": "d5fa5c9f8bcb34dff4d2632e48a2b23c129207e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835962", "to_ids": true, "type": "sha256", "uuid": "04366354-1a06-45a0-8538-91ef9ba4efdf", "value": "8b36ab5376fcadb0a4954dac0e7bc4475999363815da2a285e5d75a2ba2abbe5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835962", "to_ids": true, "type": "ssdeep", "uuid": "25b8a909-9320-4be9-a31e-ae47dab687b3", "value": "98304:Jka61dcLfzTYdzOFd+W3zc3WGz0HfARITIBfIDUG:GaG2XnFd+WDx3/sIyQDN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835962", "to_ids": false, "type": "size-in-bytes", "uuid": "2a208be5-e062-4471-97c1-459844ae206b", "value": "3970812" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835962", "to_ids": true, "type": "vhash", "uuid": "3c26bbb4-70f0-415f-b500-0ff495463337", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835962", "to_ids": true, "type": "filename", "uuid": "c9cd8433-420b-4846-8314-1bd92aab06b0", "value": "04670b11127f3bfb276e47163e8e4c82.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835962", "to_ids": false, "type": "text", "uuid": "b5de9a1c-8e8c-4866-863c-0df977814114", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740835984", "uuid": "9469758f-829f-475b-a18a-b7005d3c1637", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740835984", "to_ids": true, "type": "md5", "uuid": "9990e20d-05f6-45b7-99a4-dd17e2edc44a", "value": "a1dc489c529d9653828e59be21707aad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740835984", "to_ids": true, "type": "sha1", "uuid": "a6a5f9ab-816c-4a20-8a80-11f43861ccf2", "value": "1d8227b33517e82dc61035954a4664f7af0166e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740835984", "to_ids": true, "type": "sha256", "uuid": "64c9ce22-a97b-405b-afee-39aa93685aca", "value": "cd31b90ba18b990e6966357f759494d78d7c5b71a8e531e0ff966040a7ad3a71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740835983", "to_ids": true, "type": "ssdeep", "uuid": "f21c4e2b-a54f-4fc5-acc6-0729c2cb46cd", "value": "49152:O+cQX697dZefumQf/0o7Yq+bzgDFnd+68RFNrVaNLlmyu03FPVgzJN6Q2V2VChkb:Ova61dcfLeYdzOFd+91qT73AMr44GT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740835983", "to_ids": false, "type": "size-in-bytes", "uuid": "462832dd-6676-44f3-8214-e0118fd3ae8c", "value": "3889971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740835983", "to_ids": true, "type": "vhash", "uuid": "9f14dadd-a896-4cb2-b79d-8d71f53ccde8", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740835983", "to_ids": true, "type": "filename", "uuid": "fa3be988-805c-4224-a680-0f01ee5ea94c", "value": "a1dc489c529d9653828e59be21707aad.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740835983", "to_ids": false, "type": "text", "uuid": "dd9bca9f-8db2-45da-a57d-b48e37d8399a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836005", "uuid": "580d5575-9790-4faa-8564-e208f7b9d0fc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836005", "to_ids": true, "type": "md5", "uuid": "96853ab0-615f-43be-9823-e45489493a5a", "value": "04eb3d4ba633a0a5275d169da592d97e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836005", "to_ids": true, "type": "sha1", "uuid": "0f5efcf2-f684-438d-af1e-e46f3a0138a9", "value": "46090f7c1017c6b6ab67cac741dbea4e1e8fb6f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836005", "to_ids": true, "type": "sha256", "uuid": "d51d1213-68ea-4030-9dec-69989308453e", "value": "1aee8506916f1ed8546230e5c54f81b6ebb4ae96f8c543871270b1b5cb11192d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836005", "to_ids": true, "type": "ssdeep", "uuid": "e9b5db87-80c9-434e-b9fd-3474d98f1b09", "value": "49152:JyJDjAIhQl5VXAE4dQee2kg8D+UPYdEzHQjh2IAS:J0D4TwceiL+dyQ2IAS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836005", "to_ids": false, "type": "size-in-bytes", "uuid": "beac380b-8017-4ba3-8541-227f4d5d7979", "value": "1896772" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836005", "to_ids": true, "type": "vhash", "uuid": "f941a06f-3836-4e02-b031-83c3761fa392", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836005", "to_ids": true, "type": "filename", "uuid": "054b1572-15b0-425b-ac36-f924a960ef71", "value": "04eb3d4ba633a0a5275d169da592d97e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836005", "to_ids": false, "type": "text", "uuid": "260ff89d-0cc7-43b4-977b-e5640b0921d2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:20/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836026", "uuid": "980fb6ed-fb23-4183-b3f0-61226e9d21ac", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836026", "to_ids": true, "type": "md5", "uuid": "cd3b3f45-89bd-4bd3-9236-78374672e190", "value": "3b7cabaca423b0d0b6a30771e6f9c53a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836026", "to_ids": true, "type": "sha1", "uuid": "07a4f1e3-5d4a-49de-8440-32a314bab136", "value": "69319dc0d420418722aa9accb6a8be15fc61de2b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836026", "to_ids": true, "type": "sha256", "uuid": "345b851f-19a2-4902-958a-6cf3370a65ec", "value": "f7d82b39eab5f1615532837d843a1bf507226a2a3dea0efa3bde149a3c4cd835", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836026", "to_ids": true, "type": "ssdeep", "uuid": "0ea53732-b509-4128-a0be-78e1d25daba1", "value": "49152:5rDJ+jAIhA/MvZb99G02lag+bXc+KeFRWRE:NF++/MvZb3GJlag+bs+KSQq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836026", "to_ids": false, "type": "size-in-bytes", "uuid": "e0ecc908-4a8f-493b-8e00-5c6343ac281e", "value": "1896864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836026", "to_ids": true, "type": "vhash", "uuid": "92208dda-8acb-49b8-922e-e96a9504a2c5", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836026", "to_ids": true, "type": "filename", "uuid": "89836d67-7d1f-49fd-9435-c1f3046826c4", "value": "3b7cabaca423b0d0b6a30771e6f9c53a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836026", "to_ids": false, "type": "text", "uuid": "7e052ea2-c6ce-4988-b88c-1464d2876da6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836048", "uuid": "ac6edaef-ea18-491d-8fe0-50acf3238e6e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836048", "to_ids": true, "type": "md5", "uuid": "0cdd84f6-2b07-48ff-b217-e0d61304328f", "value": "1174cebcdf48c7f89dc4aadc975197b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836048", "to_ids": true, "type": "sha1", "uuid": "877ee4dc-42d9-4f5d-9502-3da8ccd9f59f", "value": "310b0e416d8ff5438e3255d23b281398988db52f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836048", "to_ids": true, "type": "sha256", "uuid": "817363f0-e26a-4750-99fc-09e3a9220949", "value": "aae331c73f43cf8a3e0ff4737e081c835825f9c5403f3f839affc0ae34b982d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836047", "to_ids": true, "type": "ssdeep", "uuid": "a494be0e-63cf-4f5b-b377-898cec50d632", "value": "49152:cOWjtAIhxCB9f+yxoBHvw0t87ft4Ci+hMgFC8ivmHOS:cjjRg9ffOBHI0S6wCbvy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836047", "to_ids": false, "type": "size-in-bytes", "uuid": "118c3d1c-5e19-4d22-be17-b1a03a58f6a9", "value": "1899649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836047", "to_ids": true, "type": "vhash", "uuid": "d0655624-4320-4e6c-8c76-1ab8272b13ff", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836047", "to_ids": true, "type": "filename", "uuid": "dad9d11c-d9fa-4d68-8990-b0c22f3ff60d", "value": "1174cebcdf48c7f89dc4aadc975197b8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836047", "to_ids": false, "type": "text", "uuid": "25c7c616-288c-4384-ac1c-bfbcf963abcc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836069", "uuid": "ab8cfa66-e93b-4795-a19c-ff728faa95a1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836069", "to_ids": true, "type": "md5", "uuid": "17781bab-0b5c-4c80-a506-53e27ba62238", "value": "09eb2f9270292eb635e37e378e34c0bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836069", "to_ids": true, "type": "sha1", "uuid": "3064c3a6-7a86-415e-8b62-618c80a496cb", "value": "faf494ad90d851ed9229f0866f7c377c99cc2f08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836069", "to_ids": true, "type": "sha256", "uuid": "7b1c43ed-204b-487b-83f9-9b93fa2b2c8d", "value": "ea40040cafc27a03dcdca2333334b3c9dd8f91c7fd3029b3f06f2ffc2cf7769f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836069", "to_ids": true, "type": "ssdeep", "uuid": "fdd75d3b-46d2-4909-b688-d8910906cc02", "value": "24576:9dKSpuU97AIhXA/xMepzHcdmoVrmzrzIAt0Vb2HLOB/ZtGusm4bJxbvbf:zpuUtAIhWagz1OaXzIMnLOB/ZtGaMbf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836069", "to_ids": false, "type": "size-in-bytes", "uuid": "10d3c493-e970-4f28-aca3-a42097d6e179", "value": "1899446" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836069", "to_ids": true, "type": "vhash", "uuid": "bc1fdc5b-f2e6-4289-9248-7b755dd9c2c0", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836069", "to_ids": true, "type": "filename", "uuid": "891d2867-1ab1-4ed1-a775-febac312b86a", "value": "09eb2f9270292eb635e37e378e34c0bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836069", "to_ids": false, "type": "text", "uuid": "4800ea70-6b3a-43d5-8390-2dcd7385792d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:22/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836090", "uuid": "ee33f92e-2bb9-40ca-8bb2-fb035f6a09a8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836090", "to_ids": true, "type": "md5", "uuid": "6cd96180-8c77-4263-9ece-8a3eaa20dea3", "value": "87c87229b2e1b0aea4c3708aca8ba302", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836090", "to_ids": true, "type": "sha1", "uuid": "43c737ea-f6f6-4893-90c3-39b869815efa", "value": "ea38afb2e11ed913e9246e262db3268bda25e843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836090", "to_ids": true, "type": "sha256", "uuid": "9f7cf26c-4500-44d0-9894-b86fd722c605", "value": "d930af093701c19391d16a8b191b08c6f79517f5b64e8c83eabc7d1042da0a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836090", "to_ids": true, "type": "ssdeep", "uuid": "a2d4478f-771d-49df-8370-a4995fb48620", "value": "49152:o12otAIhBr/7oNU7IUWFSpmZl/q3oaKKw8:o8ohr/cND/FSI/qVK6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836090", "to_ids": false, "type": "size-in-bytes", "uuid": "da6b1b17-8360-40c2-bbe6-7ad7b6c3ea85", "value": "1900655" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836090", "to_ids": true, "type": "vhash", "uuid": "407e8c98-cefa-47ea-94c8-dbf2629032ae", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836090", "to_ids": true, "type": "filename", "uuid": "f3de9cad-b401-4f4e-98fa-80a5fe78dbb7", "value": "87c87229b2e1b0aea4c3708aca8ba302.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836090", "to_ids": false, "type": "text", "uuid": "6fd30b63-6fc4-4482-8d07-5483e6ec097f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836112", "uuid": "3fe64abb-19b7-43dc-a541-9bc5c2571588", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836112", "to_ids": true, "type": "md5", "uuid": "28d7755b-6a44-4524-81f0-80efae32bb7c", "value": "7fdd8e4fe794ff38c80d6e210f40bfa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836112", "to_ids": true, "type": "sha1", "uuid": "baae58a7-aab5-4e49-8558-1ac23d4f55d4", "value": "437360e0c4c68f9dd124a0770af94334a39861fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836112", "to_ids": true, "type": "sha256", "uuid": "57d6e1d2-6039-41bd-96fd-280b4c181d16", "value": "7bd75a9efe3257f7ae0240d74ba20545458688cfd79722a0100d7f0877295d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836111", "to_ids": true, "type": "ssdeep", "uuid": "ad7b9aeb-cf5e-43f7-82a6-d4c0d002d8e8", "value": "49152:SYattAIhIbzlcmrymOJToBHLutRb6jxsn6WuL7I/eoFysf:SZtaNcJsBHLuyjxs6WhGax" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836111", "to_ids": false, "type": "size-in-bytes", "uuid": "960ccbe0-a8be-47b5-b63d-b38ba74c615a", "value": "1897730" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836111", "to_ids": true, "type": "vhash", "uuid": "aa43045f-b967-4e41-ad4b-0a64d3d571f5", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836111", "to_ids": true, "type": "filename", "uuid": "4a821707-8a94-441a-9273-d8071097b49e", "value": "7fdd8e4fe794ff38c80d6e210f40bfa0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836111", "to_ids": false, "type": "text", "uuid": "e416938b-bedf-40f3-9bd9-92138777e1cd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836133", "uuid": "e38a822e-ca7a-4af5-b4d7-c59fb1880ac2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836133", "to_ids": true, "type": "md5", "uuid": "675e6a7e-4abd-4773-a969-fbb0ffc35e8a", "value": "91ff09fef161b8d502161c8d277dd75d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836133", "to_ids": true, "type": "sha1", "uuid": "941e9357-1dfa-4449-8856-25718cecc0a4", "value": "382f0fc2fa3e9d023b127c4f8612eeb562af48ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836133", "to_ids": true, "type": "sha256", "uuid": "76082718-630b-414c-8c35-47faa2d170ac", "value": "d70f63c7cdef2a23c8983d88b20ca43b74485f77d448c989553c6117c22525e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836133", "to_ids": true, "type": "ssdeep", "uuid": "ec2f7b78-5919-4079-b15f-9d2a610d7d26", "value": "49152:TE1VjAIh70xhJ8bsu2jA2rA8oLKGB7miEqj9rSrd:T2V9kJqX2029oLKGEWSR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836133", "to_ids": false, "type": "size-in-bytes", "uuid": "8f9767ea-cc33-4bca-bf3a-53d35219e99e", "value": "1899097" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836133", "to_ids": true, "type": "vhash", "uuid": "a4c7cc69-a2f4-44db-84a3-b64500a9555e", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836133", "to_ids": true, "type": "filename", "uuid": "abdd84f1-daae-4cd2-9249-d8b366358986", "value": "91ff09fef161b8d502161c8d277dd75d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836133", "to_ids": false, "type": "text", "uuid": "38889b89-0496-4b50-9b63-7c787faf62e8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836154", "uuid": "315aa466-a32f-4983-a13d-cdd98044510b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836154", "to_ids": true, "type": "md5", "uuid": "15bafdc9-af97-491e-9a74-0a0e48b4b6b4", "value": "b67907a69df32b7ac68d6d44f5c3b91b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836154", "to_ids": true, "type": "sha1", "uuid": "94c83a64-dc2e-4ae0-81d3-408af35ac915", "value": "792c071c605512588284ce35178e9b0b67d34852", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836154", "to_ids": true, "type": "sha256", "uuid": "9ac19f97-6846-4206-bd37-0add0248c373", "value": "08825b6f2550dd174d8d9b2d0c9e91d51f90f8f99888ccb21b2db7dcee95b0a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836154", "to_ids": true, "type": "ssdeep", "uuid": "a8ed651b-49e2-4bbc-ad3f-8566f92239e4", "value": "49152:5Wl/jAIhTz10czelR1Ezr+H36t7EA8JjlkuByq:5E/Nz1de70rY36t7ETJprBx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836154", "to_ids": false, "type": "size-in-bytes", "uuid": "d920879b-8ecf-4f08-b532-e69278cbc260", "value": "1899771" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836154", "to_ids": true, "type": "vhash", "uuid": "d5699974-6fc9-4c7f-992e-aed73c81a53d", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836154", "to_ids": true, "type": "filename", "uuid": "5d17aeec-8c12-4063-85ef-36d2bec87905", "value": "b67907a69df32b7ac68d6d44f5c3b91b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836154", "to_ids": false, "type": "text", "uuid": "dcd8a997-c616-4c8b-b335-91316b9bc2f5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836176", "uuid": "4d1bb07f-f971-4159-a93e-23d892b025e0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836175", "to_ids": true, "type": "md5", "uuid": "7876edfb-bf06-4db0-bac5-296b50b2a349", "value": "95b16db1b21ae251ce40804a70f35bb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836176", "to_ids": true, "type": "sha1", "uuid": "1b91dbc9-9e39-4a95-bb07-540da542b613", "value": "317b07e0fedecbfe0b4fedece93b86363db245b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836176", "to_ids": true, "type": "sha256", "uuid": "d9256a2a-69f5-4131-9965-4ec40a55d216", "value": "d2b51aac701e623a622e95bc9a8b17fb8e5e554ae0a3016d9bebb4ab5b0af0c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836175", "to_ids": true, "type": "ssdeep", "uuid": "f43b7dff-0a58-4809-9565-d411030be9cf", "value": "49152:+LSOtAIhCaO691dUe2nsrusedoC3CMLTJrNqWzEIfkyx:+OO1l91Gt0u/SIfku" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836175", "to_ids": false, "type": "size-in-bytes", "uuid": "7363c5ca-8efb-40d0-aadb-7ab048f8b46e", "value": "1898146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836175", "to_ids": true, "type": "vhash", "uuid": "275af0fe-5802-4dd7-a24d-b2f6c4b00b6d", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836175", "to_ids": true, "type": "filename", "uuid": "864dbbe9-6e91-480f-bdf3-6285c4e7d2cd", "value": "95b16db1b21ae251ce40804a70f35bb3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836175", "to_ids": false, "type": "text", "uuid": "8716e1ac-2b09-4e40-8e4d-daf202cd299c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:21/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836197", "uuid": "01cb3824-e287-462b-bbb7-c71e2231d676", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836197", "to_ids": true, "type": "md5", "uuid": "85edc0c0-b0d3-4dd4-a0a5-18b43f4f6ec7", "value": "a248f774de1399ec634c93b37bda15fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836197", "to_ids": true, "type": "sha1", "uuid": "9ac6e2a0-434d-48c0-975c-f5bdff688d8a", "value": "05e450f452576e270a0cb48f9b0d7b715a7ef257", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836197", "to_ids": true, "type": "sha256", "uuid": "17b84a8c-433c-4c28-90df-d9c8b2998601", "value": "686cf19960ad6cbbb449c9226efd8a2e10027cc6c4b9efa9a43afed58df6c20b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836196", "to_ids": true, "type": "ssdeep", "uuid": "7ff94078-674c-4d3c-bced-b28661c5dc09", "value": "49152:qz+WtAIhgMZDwJfV9vsyx8p+D7qGOaHXJSUQ:qSWAoDwtVCyy+/qGOa3U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836196", "to_ids": false, "type": "size-in-bytes", "uuid": "f8407778-e3c1-4c0e-8399-38cb3b7c3c1d", "value": "1901912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836196", "to_ids": true, "type": "vhash", "uuid": "b8f25b64-3365-401e-bc1a-469537103d96", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836196", "to_ids": true, "type": "filename", "uuid": "f46c8a26-c2ad-430a-bfd2-01aa59479d84", "value": "a248f774de1399ec634c93b37bda15fd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836196", "to_ids": false, "type": "text", "uuid": "25ca4382-02aa-4503-af63-e7f2c994205d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836218", "uuid": "68af1aba-b17e-418c-9a1c-5446d11a9f30", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836218", "to_ids": true, "type": "md5", "uuid": "87e27358-2190-4914-9221-37e5d5a6c3f4", "value": "daa46677c4443346192a7105744a7bcb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836218", "to_ids": true, "type": "sha1", "uuid": "9f4062c6-8678-4575-93db-7a9130616a45", "value": "552f9444b7657a7c96a8c0a7c022ce401889c54e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836218", "to_ids": true, "type": "sha256", "uuid": "e02e594a-2682-47dd-a5e8-f0255f634d69", "value": "a206aacb7f8aa5ea7be27975d57249011945aca4a10a04a994ff9277a91c2fff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836218", "to_ids": true, "type": "ssdeep", "uuid": "385ede7b-c46b-4dd5-b726-303812b14648", "value": "24576:UdESP+K97AIhXA9ZXGezwxjzo1U/z5l+Q859du8QoQ0D55T2jycuES6h+c5p2HqA:IP+KtAIhhjSE5EQgdu8Lzijo3WD3Fm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836218", "to_ids": false, "type": "size-in-bytes", "uuid": "5b35d36d-f8ec-4167-b43d-33ae7ef7fd01", "value": "1901916" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836218", "to_ids": true, "type": "vhash", "uuid": "1fa1db98-b3d2-45d1-8efd-c328f6963c53", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836218", "to_ids": true, "type": "filename", "uuid": "20dc747a-c70b-4184-964c-6365524604ef", "value": "daa46677c4443346192a7105744a7bcb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836218", "to_ids": false, "type": "text", "uuid": "e3b80391-da2b-47ea-a823-60349488ec9c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836240", "uuid": "d146f6bf-64ff-4626-9485-3a5f101b8eac", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836239", "to_ids": true, "type": "md5", "uuid": "b3e1a2f5-e5f6-487f-b84f-4b307f87bfa5", "value": "85f08d219b2d94a054539a73c395e607", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836240", "to_ids": true, "type": "sha1", "uuid": "e143e3b6-eefb-4382-a929-d989271848e6", "value": "9ab1a92e58b4e20b0bdaf3d14e6e3793fcec5538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836240", "to_ids": true, "type": "sha256", "uuid": "d1989dc5-7df2-4135-9923-dff4dba51cf1", "value": "081294dc040ceeba62f8505df2fb705ac2436a021605fc4eae01d87896a25616", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836239", "to_ids": true, "type": "ssdeep", "uuid": "98911e20-eb5d-4295-9f7b-830db9488544", "value": "49152:MUnmatAIhd/MvZb99G02lag+bXc+KeFRWnZ:dma9/MvZb3GJlag+bs+KSQZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836239", "to_ids": false, "type": "size-in-bytes", "uuid": "15609c8f-d21e-4cd0-8384-f5f789928485", "value": "1897190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836239", "to_ids": true, "type": "vhash", "uuid": "92a7582d-7a6b-491d-9b7b-a44297c453c4", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836239", "to_ids": true, "type": "filename", "uuid": "01eb18d2-8324-48f5-8347-7bbdb5d406a5", "value": "85f08d219b2d94a054539a73c395e607.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836239", "to_ids": false, "type": "text", "uuid": "201fc089-d0d8-47f7-bc6d-c3c9bf769f34", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:20/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836261", "uuid": "9b4ea06a-36a5-4835-b766-8042d31ae886", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836261", "to_ids": true, "type": "md5", "uuid": "099e0e17-fd92-424b-a0db-c603b8e9262f", "value": "17bdd2bae752a88073aa485618f1ebee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836261", "to_ids": true, "type": "sha1", "uuid": "b94a2f58-4c60-4dba-91fc-61f281c70a8b", "value": "95a65ad4bd25e0bb90ee9d57e18bd5398df96c30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836261", "to_ids": true, "type": "sha256", "uuid": "27aae370-5263-4902-96ea-47a67da6e9d9", "value": "42ccd969db9d18c2a41bc3b2d6a2d851cbb549eda844168aea49a312bd01f633", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836260", "to_ids": true, "type": "ssdeep", "uuid": "9ee0a8a3-67b8-45ca-8454-a37da0bc14e3", "value": "49152:OwOFtAIh/0xhJ8bsu2jA2rA8oLKGB7miEqj9rS4A:OFFfkJqX2029oLKGEWSl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836260", "to_ids": false, "type": "size-in-bytes", "uuid": "65b624dd-ac62-4d85-aaab-9f29a52c77a0", "value": "1899423" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836260", "to_ids": true, "type": "vhash", "uuid": "d10e1cad-54c2-4d6e-a91d-71e7366d241b", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836261", "to_ids": true, "type": "filename", "uuid": "5e518cd7-b724-4f5a-bd23-35bd26ea1199", "value": "17bdd2bae752a88073aa485618f1ebee.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836261", "to_ids": false, "type": "text", "uuid": "fadb1052-9f38-4d72-ad74-8b67365b60e1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:22/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836282", "uuid": "d31a9edd-a8cb-42d1-926a-c5c137e45531", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836282", "to_ids": true, "type": "md5", "uuid": "062be87d-fc45-46c9-a015-dbceaaa9d528", "value": "f4529a32f35394ba779f149d31747f2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836282", "to_ids": true, "type": "sha1", "uuid": "3ddf339c-1244-4682-8d4f-fce40c755bc6", "value": "0d84e1ff51fe5bf07189a2c70055d8d52ea51739", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836282", "to_ids": true, "type": "sha256", "uuid": "504f4b5a-5ac6-465c-87eb-e9fd4734415e", "value": "f599ded3883bb5ee479fa33f59947eea1347c391ee8703ac474b0eb74c4fbaf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836282", "to_ids": true, "type": "ssdeep", "uuid": "bb1fddd5-68f9-4512-8ad4-514c215c8950", "value": "49152:x4lFjAIhDXEIuNDI3TmclwHtXIpHwBOsSaF3rpuIVPly4:x6FFEIcIsypHwBOOtuYlT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836282", "to_ids": false, "type": "size-in-bytes", "uuid": "2ced566e-4e05-4d90-9837-54b7d1ab6645", "value": "1897399" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836282", "to_ids": true, "type": "vhash", "uuid": "c74841c7-e08c-4901-9aaf-addd39b01ae3", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836282", "to_ids": true, "type": "filename", "uuid": "3cdc05b4-2063-4ac8-9eb4-ac3061ef2f06", "value": "f4529a32f35394ba779f149d31747f2d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836282", "to_ids": false, "type": "text", "uuid": "044d6771-231a-4a3c-8554-04869db4fabe", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836304", "uuid": "c833dd8c-7afd-43ac-a5f2-e28dd637d943", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836303", "to_ids": true, "type": "md5", "uuid": "3bb211d7-1bb6-4852-92d7-364b86a9a5d5", "value": "d82bb78f33710eb19880cb5f01700904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836303", "to_ids": true, "type": "sha1", "uuid": "76fb9541-8dbd-40cf-811e-08fc51d777e2", "value": "4b3300c498cc222d1e299c3313e3f4c5f482510d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836304", "to_ids": true, "type": "sha256", "uuid": "6979f75d-e359-42c5-812f-8379e5e85b1c", "value": "64e79231a1ac68df08474a35949758f8b90f328dfca36dd0074f567dc897e42e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836303", "to_ids": true, "type": "ssdeep", "uuid": "57e2f5fd-7672-4368-b857-752d8a33909d", "value": "49152:hapvjAIhICB9f+yxoBHvw0t87ft4Ci+hMgFC8ivmHg+:hUvOg9ffOBHI0S6wCbvc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836303", "to_ids": false, "type": "size-in-bytes", "uuid": "ca564425-940e-4fc7-9d8e-676c1edac9ba", "value": "1899323" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836303", "to_ids": true, "type": "vhash", "uuid": "2d89dd22-3f0e-44d8-af87-b9a1c62cc0a7", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836303", "to_ids": true, "type": "filename", "uuid": "0ac69ac1-fcbb-4cc8-b131-223e8d9ced8c", "value": "d82bb78f33710eb19880cb5f01700904.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836303", "to_ids": false, "type": "text", "uuid": "1c0e9da0-bdc5-4246-96bf-156076ea3d58", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:20/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836325", "uuid": "64fa52fa-99d1-46a1-8be2-58aed255920a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836325", "to_ids": true, "type": "md5", "uuid": "84bc0e00-d836-4629-91dd-f30e4cefbc90", "value": "4de9a4b00ea72a0c40c74a3067de49a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836325", "to_ids": true, "type": "sha1", "uuid": "9d60c8d9-65ba-4909-a187-7e8905289c31", "value": "3cda106c00fc8cb6fb595271a8405557d135d830", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836325", "to_ids": true, "type": "sha256", "uuid": "88a294cc-f902-43c3-99ef-419147dbd595", "value": "1876ee5f773baaa0e250b161e917e9c5cdfd146920c1ca3f7ab52c48ef342a7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836324", "to_ids": true, "type": "ssdeep", "uuid": "3a4c07b1-7394-492b-87e4-f9e3fb6094c3", "value": "49152:VAOVtAIh0XEIuNDI3TmclwHtXIpHwBOsSaF3rpuIVPMyd:VdVsEIcIsypHwBOOtuYMu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836324", "to_ids": false, "type": "size-in-bytes", "uuid": "7e9dbc3d-740a-4ce9-994f-4cbdcb707906", "value": "1897723" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836324", "to_ids": true, "type": "vhash", "uuid": "d8cd71aa-c939-4134-b2ab-366b3d5a816a", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836324", "to_ids": true, "type": "filename", "uuid": "ba52bbd2-9cfe-483e-aff8-8904c3312589", "value": "4de9a4b00ea72a0c40c74a3067de49a0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836324", "to_ids": false, "type": "text", "uuid": "f086f066-9e37-4b07-89a3-9d04398a7425", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836346", "uuid": "08f9ac3c-f1e1-4df7-8ac4-03205529ad9e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836346", "to_ids": true, "type": "md5", "uuid": "4825585a-d83d-4507-8a0c-81539a75308d", "value": "b947c5b82b3d4d187a02a75144246e15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836346", "to_ids": true, "type": "sha1", "uuid": "d0b771b6-3c4a-43fb-b7fb-23eead072631", "value": "2e1000d3e0cd33b56a717d1144b64dc46c78b60e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836346", "to_ids": true, "type": "sha256", "uuid": "8031309f-533e-4c42-b03f-429f3af8ee4c", "value": "b3141630df3dcaaa37917d5015a4ba3a15b1c04b2d20a1b0026e14ef11344969", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836346", "to_ids": true, "type": "ssdeep", "uuid": "6b264484-a87e-4705-84e7-be69c1bd0f65", "value": "49152:YE+htAIh9tyhN7+1MYzN4FMJr/zo44avAOUk8p:YhhduN7GN4FMJr/z1AoA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836346", "to_ids": false, "type": "size-in-bytes", "uuid": "332927e3-3c39-413d-ab35-dedeacb3bdee", "value": "1900427" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836346", "to_ids": true, "type": "vhash", "uuid": "d17622ef-ac2e-4c0d-a497-f6b8f492f6fe", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836346", "to_ids": true, "type": "filename", "uuid": "5865f30a-2e18-4ad9-9aab-51c0b9ae99d4", "value": "b947c5b82b3d4d187a02a75144246e15.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836346", "to_ids": false, "type": "text", "uuid": "8e7209b5-81f1-46e1-889e-905519e74b36", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836368", "uuid": "07d626c0-4d45-4367-8671-5ab1f84ca0af", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836367", "to_ids": true, "type": "md5", "uuid": "48c6ffbe-e9e5-4c1e-b751-33e327f5cd21", "value": "39989cb145cd49a17ca458b532782926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836368", "to_ids": true, "type": "sha1", "uuid": "2cc15ec1-1db3-4fbb-9e79-a76112c54db2", "value": "940ba46ce833f5d2823718a9ff8b5af90c82f61c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836368", "to_ids": true, "type": "sha256", "uuid": "957f7065-cafe-4baf-9e8e-805e01428325", "value": "5a510a57be231f54cc5ad686a543291376f17a3b2215944220c3ab788e71a5d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836367", "to_ids": true, "type": "ssdeep", "uuid": "0d76204b-e408-47bf-96bf-ef9b4a7054a6", "value": "24576:FZmPErHbcf/vJYsf5KUaTvfwLPwEvTARXQ/z5d1:FumQfVgG5T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836367", "to_ids": false, "type": "size-in-bytes", "uuid": "387476bb-d2da-4d8f-a55b-614ef008768a", "value": "874157" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836367", "to_ids": true, "type": "vhash", "uuid": "2b7206a2-3837-48d9-be92-aebba75aaf90", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836367", "to_ids": true, "type": "filename", "uuid": "0ce44312-3427-4c37-ba99-e295d8e976bd", "value": "39989cb145cd49a17ca458b532782926.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836367", "to_ids": false, "type": "text", "uuid": "a227c45c-6d56-4e29-bf04-2b1da6e2982d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA5F\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836389", "uuid": "60ed9ec8-c1a4-4117-9f4d-75316e9a287f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836389", "to_ids": true, "type": "md5", "uuid": "2bfe2c36-3bba-4c5c-89e1-19b6b78dd175", "value": "9d4b05b0a5a6706e24640999385521ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836389", "to_ids": true, "type": "sha1", "uuid": "cfc2381b-366a-408e-8cd2-9778349150fc", "value": "f514dd1199dda25bf703358747c77843fd68309d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836389", "to_ids": true, "type": "sha256", "uuid": "0133a320-1434-4f33-97ba-10304deecd26", "value": "7cc166a8e8b454eb316c13c4c301ca188f3cf38368aff28e0e47f030c7ac2271", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836389", "to_ids": true, "type": "ssdeep", "uuid": "5bfdaa41-cd4e-4d2b-82a2-114eba60b9f9", "value": "49152:U5RMjAIhlVl+8gMmNKu9tGiorV6F1t0tR+tyc:UXMtYrwunGiKU/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836389", "to_ids": false, "type": "size-in-bytes", "uuid": "e3d251b4-33f9-40ef-a52e-31fab63b31b7", "value": "1897082" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836389", "to_ids": true, "type": "vhash", "uuid": "8e16963f-74c8-4db7-a502-e04e84e5aec5", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836389", "to_ids": true, "type": "filename", "uuid": "def5f93e-6f71-48dd-96e9-71e443cf9f4d", "value": "9d4b05b0a5a6706e24640999385521ff.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836389", "to_ids": false, "type": "text", "uuid": "a667f2a4-a49e-4c17-9527-c710d5866ca9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836410", "uuid": "22a2642a-1d40-4178-a929-d3d56bbdb535", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836410", "to_ids": true, "type": "md5", "uuid": "61130a9a-fafe-4e53-abec-6d61c192d39f", "value": "d46019392d32511d61806e45cad57866", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836410", "to_ids": true, "type": "sha1", "uuid": "7b0145c7-cc70-464d-a7d1-5da4c9dfb700", "value": "4ab9374ef42ac6d2a728e66242096e54c6bbcc4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836410", "to_ids": true, "type": "sha256", "uuid": "658a837f-05d7-427a-817b-b28b393f755a", "value": "2173bb26b382be69ba61b3986222c3c79f682947c3780b777600fd029f0a60a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836410", "to_ids": true, "type": "ssdeep", "uuid": "82460118-ac8a-45ba-88f9-350bdf047701", "value": "49152:xXmitAIhZiSrIZkLJRwGVpTRV/Ou4ufcW:xWiYSrYk5J8ufl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836410", "to_ids": false, "type": "size-in-bytes", "uuid": "80a9bfb6-1f6d-486c-aa9b-bfb8954d32fa", "value": "1899327" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836410", "to_ids": true, "type": "vhash", "uuid": "b4c564f6-76ee-458b-bc22-85f2b5adbf35", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836410", "to_ids": true, "type": "filename", "uuid": "353e12e6-1049-4696-83f0-a3cb4b2a6829", "value": "d46019392d32511d61806e45cad57866.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836410", "to_ids": false, "type": "text", "uuid": "f3e2ad5e-18df-4c5f-9149-9c6c2047a230", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836432", "uuid": "16390482-8066-437c-9142-2019ac41cd2a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836432", "to_ids": true, "type": "md5", "uuid": "40a75260-268a-4552-9bcf-6b205f051dce", "value": "2d2c0b3e3e17371accd4022dc3513d47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836432", "to_ids": true, "type": "sha1", "uuid": "1c1385af-62fc-4945-afc9-608c13aa26f9", "value": "4fb499dfd20c3771af957b87dbe2537d2d6034e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836432", "to_ids": true, "type": "sha256", "uuid": "eb261670-3d3e-4439-a192-decfcb7e70c0", "value": "5f85aad970b1fdec3d6ead979874205c1cd04fb111a28902162ee965ef63cd8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836431", "to_ids": true, "type": "ssdeep", "uuid": "e47e3871-f909-4477-9a46-a4d8d1c97a1a", "value": "49152:97FmjAIhXJGNtp4Gi4MUgryRaftRW9E6kGA1:9ZmTyz89yMuS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836431", "to_ids": false, "type": "size-in-bytes", "uuid": "a36c1356-a178-4d41-bb7a-190313441f4c", "value": "1901181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836431", "to_ids": true, "type": "vhash", "uuid": "dfca99bd-d846-4075-813d-51f9fef57b48", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836431", "to_ids": true, "type": "filename", "uuid": "7857568d-8669-419e-9485-11fbb713f1e4", "value": "2d2c0b3e3e17371accd4022dc3513d47.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836431", "to_ids": false, "type": "text", "uuid": "91843b2d-ac5b-4151-aa28-e564914cbf36", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836453", "uuid": "9b1ab063-0d71-44d3-8864-f48949da3bd6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836453", "to_ids": true, "type": "md5", "uuid": "97bd358d-8040-49bc-a6b3-2b233a15dd53", "value": "276c5ef2b3a6b4ee4874f5993008434a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836453", "to_ids": true, "type": "sha1", "uuid": "5b88c654-0e19-4003-ac00-27383f08ba37", "value": "02ebb441b2f667a03df24b2bd39f6d765aec8fdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836453", "to_ids": true, "type": "sha256", "uuid": "068d1639-5490-44ac-9faa-9e51bc973065", "value": "66ef36188c2c13dd4b1934bfc99e45b9877c177c98c3ba0360a61508d7233038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836452", "to_ids": true, "type": "ssdeep", "uuid": "825230a1-ec25-4c5e-82d8-6f57875b353d", "value": "24576:XZmPErHbcf/vJYsf5KU+G9hcxvqHs7oqow+Nzvu+LKZ:XumQfAG/cxvsyD0k" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836452", "to_ids": false, "type": "size-in-bytes", "uuid": "a880e047-322f-4310-b501-ea8f4614bbb4", "value": "874079" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836452", "to_ids": true, "type": "vhash", "uuid": "d0847302-3b01-443a-a22a-981bf426ac74", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836452", "to_ids": true, "type": "filename", "uuid": "98a90241-9c95-41c1-bee9-885c736066fb", "value": "276c5ef2b3a6b4ee4874f5993008434a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836453", "to_ids": false, "type": "text", "uuid": "b8fb58dc-b0c4-4f5c-a4b8-ce27a499734f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836474", "uuid": "abe804c6-fda1-4e09-86d5-581725c883ae", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836474", "to_ids": true, "type": "md5", "uuid": "f48aa1b4-4782-4815-9dbd-01e281858df1", "value": "fdff83f0d0d89daa98dedc3689376a53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836474", "to_ids": true, "type": "sha1", "uuid": "fd5ba993-f7dd-4133-82ab-0096b49c7815", "value": "30dabf1c4275c5de94c3128d6b882d6123ea2ed1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836474", "to_ids": true, "type": "sha256", "uuid": "991332c8-d6d1-48bc-806e-8a5780b561bc", "value": "fda6f6dd11ec771a7a47f16aaafd0d6f226be78c9fa77443c609494853ff3822", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836474", "to_ids": true, "type": "ssdeep", "uuid": "dd0233f4-8ea6-41ef-be92-b51e00ca20c2", "value": "49152:VvZ2jAIh5a97CunLkBrDE8bbGFMEPi1Mxe/XGQu49k6Xv+Lm:Vh2Dm7BLoP1bbGCEqAWXv/9k6XWi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836474", "to_ids": false, "type": "size-in-bytes", "uuid": "ced40695-e48c-44c1-90da-50aff056840b", "value": "1901495" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836474", "to_ids": true, "type": "vhash", "uuid": "007b2054-568b-4008-8075-309a5e8afbcc", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836474", "to_ids": true, "type": "filename", "uuid": "50bbba72-466d-4990-8e3e-af0509d84fcb", "value": "fdff83f0d0d89daa98dedc3689376a53.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836474", "to_ids": false, "type": "text", "uuid": "c8315bee-40f9-43b0-aea1-41865c7ae585", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836496", "uuid": "4dab2135-e719-46a0-846b-7320cb6cdea8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836495", "to_ids": true, "type": "md5", "uuid": "3529dc8e-7513-4c10-bdb8-875d127431a7", "value": "eab397fdcc5a53809237bff7d2b5a2eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836496", "to_ids": true, "type": "sha1", "uuid": "2de60c9f-d19f-4e18-aa04-769adca2b68d", "value": "5cde5ad71f1c6f09b84de0899bfaa007788b108a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836496", "to_ids": true, "type": "sha256", "uuid": "a616b70b-d0e6-492a-9387-b4ef9ec40e78", "value": "4e8c0a4c125879ff679f5c61cb294408a7189bc596147597b8695c9194563ba7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836495", "to_ids": true, "type": "ssdeep", "uuid": "5df6910f-17a9-4d79-84f4-1eda771ca031", "value": "24576:aZmPErHbcf/vJYsf5KUzG9hcxvqHs7oqow+Nzvu+LK3:aumQfZG/cxvsyD08" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836495", "to_ids": false, "type": "size-in-bytes", "uuid": "68d8b0fb-9097-4e15-bda2-c2fd9d105cea", "value": "874081" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836495", "to_ids": true, "type": "vhash", "uuid": "1d5d2e1a-b8a6-43f3-8954-68f71cebe120", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836495", "to_ids": true, "type": "filename", "uuid": "fe9d8ff2-660a-46c4-9f59-af5ae14f489e", "value": "eab397fdcc5a53809237bff7d2b5a2eb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836495", "to_ids": false, "type": "text", "uuid": "aaf9eed6-83f9-441e-91b0-d0174a0e65b0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836517", "uuid": "877e7820-bf8e-429d-ad71-fbd89be2701b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836517", "to_ids": true, "type": "md5", "uuid": "3194ea5e-7b82-49c6-a01f-7c7aa5ba3551", "value": "acc1fd99f43f8eca8382b34a168a94ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836517", "to_ids": true, "type": "sha1", "uuid": "03ff7bdd-827e-48d2-ae7b-14293a57cc6b", "value": "3941cadaf4f05bd4101299a74a8dabf8ea19e1a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836517", "to_ids": true, "type": "sha256", "uuid": "64a0208e-ca84-4e8a-b6f2-01a8f044b873", "value": "01f972fe8d708dda403a425a2d7f298c22055ee61874f7d6f02fa0705e381c2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836516", "to_ids": true, "type": "ssdeep", "uuid": "c2cdbed0-071c-4872-a969-330d3be81c74", "value": "49152:HHGytAIh5a97CunLkBrDE8bbGFMEPi1Mxe/XGQu49k6Xv+29:HmyZm7BLoP1bbGCEqAWXv/9k6XWu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836516", "to_ids": false, "type": "size-in-bytes", "uuid": "b6b67cb4-2996-412b-91cd-321e7d52329a", "value": "1901820" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836516", "to_ids": true, "type": "vhash", "uuid": "1a657ab3-0a72-4493-bf17-9ff8cae4ba22", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836516", "to_ids": true, "type": "filename", "uuid": "8de3c8e6-9dfa-468f-b57c-2860b1e03888", "value": "acc1fd99f43f8eca8382b34a168a94ae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836516", "to_ids": false, "type": "text", "uuid": "28ddfb20-b97e-4130-a622-19573f285c56", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836538", "uuid": "bb2d101d-4f07-4cc7-be22-56e2a12e5fb7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836538", "to_ids": true, "type": "md5", "uuid": "de0ca1dc-2254-4d5a-8c53-d701975fca5a", "value": "ae2882ca5ead99eb97d6db71b8116834", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836538", "to_ids": true, "type": "sha1", "uuid": "c6d78729-7196-4357-9765-127a35e41a5e", "value": "3102c7c9c4ea34b64f817547260378e086a07e30", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836538", "to_ids": true, "type": "sha256", "uuid": "1d5f9bcd-7ffa-4f52-a65a-7f4ab39aada2", "value": "3a571914b7276ac6300b3c31982b377264bea25fbc82e5b4c1c47e92daae70ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836538", "to_ids": true, "type": "ssdeep", "uuid": "d4e5af7d-5c0a-4405-9216-cb6abfa44f95", "value": "24576:kjNLptM9lAIhXAtxMepzHcdmoVrmzrzIAt0Vb2HLOB/ZtGusm4bJxbvRj+:qptMjAIhMagz1OaXzIMnLOB/ZtGaMRj+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836538", "to_ids": false, "type": "size-in-bytes", "uuid": "50b79461-a4e2-4de8-ab92-2e7a4e569f26", "value": "1899120" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836538", "to_ids": true, "type": "vhash", "uuid": "54c6cf18-a57d-4c33-86b3-86d85b63d0f3", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836538", "to_ids": true, "type": "filename", "uuid": "c9a59c02-9f2a-4413-a0f4-431ed9dd6b66", "value": "ae2882ca5ead99eb97d6db71b8116834.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836538", "to_ids": false, "type": "text", "uuid": "d3080307-cc1f-457c-8c61-bdad7f4a5892", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:21/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836560", "uuid": "2acb29f7-05c2-4b6c-b9c4-ab4f149bc788", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836559", "to_ids": true, "type": "md5", "uuid": "2c9f1a0a-50f2-4d37-be62-3cc9133d55ce", "value": "f78a90c56e006a0c13e2f856526feb2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836560", "to_ids": true, "type": "sha1", "uuid": "db59d76f-ec35-433c-8b74-67524acec01a", "value": "a7885770f762e31a1883f0b1af4e079ec1f0dd51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836560", "to_ids": true, "type": "sha256", "uuid": "c7327423-9416-4b5a-a38b-baa65cd133d9", "value": "8652127c6cd11de2b375e463cdde811a46f9959f19cf0ef0ab4dd50af5fec8c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836559", "to_ids": true, "type": "ssdeep", "uuid": "4e26130d-fe9f-47c2-8bc6-f2f6c23ac828", "value": "49152:mF98jAIh6U17iIYwAPKqtEJ8rBAK0IPiNQJJySb++1uoEyF:mX8ZtXYwAPKqgun0q6GJ3bt0oEW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836559", "to_ids": false, "type": "size-in-bytes", "uuid": "4f9eac0a-8348-4a13-8dee-bfea4405c525", "value": "1900500" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836559", "to_ids": true, "type": "vhash", "uuid": "b3396992-9bcd-4c0b-8d35-20539e09f33b", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836559", "to_ids": true, "type": "filename", "uuid": "7e1d2d43-53e2-4c8f-8316-b97622a2622c", "value": "f78a90c56e006a0c13e2f856526feb2e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836559", "to_ids": false, "type": "text", "uuid": "76172301-a6b8-454b-b399-769058691ec2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:18/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836581", "uuid": "1098f40e-89ae-45aa-ac97-84807c79291c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836581", "to_ids": true, "type": "md5", "uuid": "132432cd-ec72-4aa5-a5df-0a308bcc037a", "value": "eb970c281b63a5008c18e4835590a508", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836581", "to_ids": true, "type": "sha1", "uuid": "f5e0ffd7-9e84-4e0f-97ba-2018330e724e", "value": "bd14054affdb00f14392dfb9f37136f875a0306a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836581", "to_ids": true, "type": "sha256", "uuid": "26529033-6f8e-478d-a2b7-45e49df2cbde", "value": "e31c0e156a6aac0f6e5e5579ced7ebc6b1be686f3fa52eefd587b9914c0321fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836580", "to_ids": true, "type": "ssdeep", "uuid": "bfe7f806-dfa4-4bfd-8820-4129b74aad88", "value": "49152:SwaltAIh4qb9aF7hFwXCt0FdafaQ903BZ:SZl/9w7hFwSt0SRI3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836580", "to_ids": false, "type": "size-in-bytes", "uuid": "b712379e-fc92-4187-8920-cac006d8b66c", "value": "1899245" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836580", "to_ids": true, "type": "vhash", "uuid": "0d5f95dc-e9e1-49fa-bce2-703e9af59495", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836580", "to_ids": true, "type": "filename", "uuid": "63a6fadc-5121-4249-ad59-b7a125c5bb4d", "value": "eb970c281b63a5008c18e4835590a508.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836580", "to_ids": false, "type": "text", "uuid": "4be9586f-0ca5-4d40-822b-47e7af016689", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: DoS:AndroidOS/Multiverze\nVT Total Detection:22/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836602", "uuid": "c2e15d19-0db8-42a5-996d-0107ac2e3912", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836602", "to_ids": true, "type": "md5", "uuid": "6b598f27-3017-4faa-9f47-69e109cc7fa5", "value": "6361a0cf719ba905393dc2746f564887", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836602", "to_ids": true, "type": "sha1", "uuid": "9a055b93-128c-49f4-b5c7-878520b21442", "value": "c4dbfa8ef6842f56c2748a9d3c05b9d2a0cb7f5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836602", "to_ids": true, "type": "sha256", "uuid": "9ffa5153-d300-47c6-ae67-ed5e35a83a00", "value": "ae7abfbafadc0cd7014c14102a25d07f7c5517c6da6b352f2e6638c4a08cb7ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836602", "to_ids": true, "type": "ssdeep", "uuid": "eb7585fc-0e9f-42c9-b63f-079eedcb5408", "value": "24576:yj3L3Ze9lAIhXAwZXGezwxjzo1U/z5l+Q859du8QoQ0D55T2jycuES6h+c5p2Hqx:W3ZejAIhqjSE5EQgdu8Lzijo3WDNGg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836602", "to_ids": false, "type": "size-in-bytes", "uuid": "1b07d4f6-b8b0-4504-86df-a2fd147e7812", "value": "1901591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836602", "to_ids": true, "type": "vhash", "uuid": "0129a7f6-bbbd-40da-a622-24045cdc8c48", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836602", "to_ids": true, "type": "filename", "uuid": "63aeace8-bdd8-4b6a-9172-4cde3034a54e", "value": "6361a0cf719ba905393dc2746f564887.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836602", "to_ids": false, "type": "text", "uuid": "54881574-6e47-4191-ae81-3ff1e4824b25", "value": "GoldenEagle\r\nType Description: Android\nNone\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:21/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836624", "uuid": "2f92a714-7c0e-4f07-8ad1-272f3de06abf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836623", "to_ids": true, "type": "md5", "uuid": "aa95b927-9aab-40c2-8a06-8fc9c1961f69", "value": "d0180e504ae33b240aadea9c10265331", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836623", "to_ids": true, "type": "sha1", "uuid": "74a26eb3-5c19-4f6c-bcfb-5909ac22aa5f", "value": "22c2a60f7ea317b06ec572984ef69d6f0013e9f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836624", "to_ids": true, "type": "sha256", "uuid": "36a020b1-45ab-4fd0-8f70-09a4dede86fd", "value": "280c99bf63400bf5bf25ed71732e338ebe21db42383c591c2d4fbb609030d4b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836623", "to_ids": true, "type": "ssdeep", "uuid": "a52a0ec2-42e2-482f-8f17-0b7f3f2bb0a3", "value": "49152:VTpOjAIhhMZCewx2WQV0xh1PaDXUgugykPiZO:V1OnoCx/Q6xHsXUgugyMl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836623", "to_ids": false, "type": "size-in-bytes", "uuid": "2d406e57-6eb7-4f8d-ad71-2770ae7d2f5d", "value": "1901932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836623", "to_ids": true, "type": "vhash", "uuid": "eee56da7-3bdb-4226-81c1-5d75f8ebb958", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836623", "to_ids": true, "type": "filename", "uuid": "639175d8-c030-43b9-a253-583c4e5e1dd5", "value": "d0180e504ae33b240aadea9c10265331.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836623", "to_ids": false, "type": "text", "uuid": "0b8592e3-0861-46ba-9635-e275348a7ead", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:17/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836645", "uuid": "b17a1470-4c8f-4fbd-94d2-23b9227c5764", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836645", "to_ids": true, "type": "md5", "uuid": "367e9241-e4dc-4363-8563-f3336d93f8af", "value": "1cb2954ac01b435019022a0d8f804d4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836645", "to_ids": true, "type": "sha1", "uuid": "fccfd598-1c96-492d-9d10-7626bef196bb", "value": "f56606a3ac5a9082b09b9e07867364d598570f07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836645", "to_ids": true, "type": "sha256", "uuid": "5d104069-de2c-4b61-ba44-744f27190fbf", "value": "01b2e2bf33a425d1468c355fc6eb5adf1e4c0b75c15141d0d2804028fcafdaef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836644", "to_ids": true, "type": "ssdeep", "uuid": "b9cb9c35-9896-4ea7-a2a0-d77a8e2eb9bc", "value": "49152:YpVkjAIhPVawzsDrvkJoiVKGL2KAQ2wzxX+bKmyyq:YbkNVaRDzpiIGL2fQ/XrjN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836644", "to_ids": false, "type": "size-in-bytes", "uuid": "4faefc50-2cc7-483e-9ddd-de7cb3f6da89", "value": "1897330" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836644", "to_ids": true, "type": "vhash", "uuid": "37768f3e-bbcc-4a2f-af31-0482380d1fbe", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836644", "to_ids": true, "type": "filename", "uuid": "b2bc1d94-a23c-4a2f-86e0-843ec0645609", "value": "1cb2954ac01b435019022a0d8f804d4c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836644", "to_ids": false, "type": "text", "uuid": "292f05d4-c831-4abe-8bfa-82489743bcac", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836666", "uuid": "72578673-24a5-4d8b-a44c-897603b8f73e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836666", "to_ids": true, "type": "md5", "uuid": "d298b8f0-a745-4411-b132-cb3dd8adf46f", "value": "fffe060a60d7b7ca3e4e1f1ce28e4e4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836666", "to_ids": true, "type": "sha1", "uuid": "157b78cd-e7a7-46ee-8761-d48935f95ca6", "value": "ca5add44b56ab6cded0afc6a2dbc4ba954dd04f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836666", "to_ids": true, "type": "sha256", "uuid": "8cb6be05-c442-4030-94a0-367df2320ec3", "value": "de17aa4c87d9f5b67ea1dbb427ddc1a74cccb1a6dd71d5341e0a18c9be40794d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836666", "to_ids": true, "type": "ssdeep", "uuid": "9fa93827-8cc3-49ab-9418-526af92ba3ef", "value": "49152:mQBxjAIhCbzlcmrymOJToBHLutRb6jxsn6WuL7I/eolyhz:m2xiNcJsBHLuyjxs6WhGay" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836666", "to_ids": false, "type": "size-in-bytes", "uuid": "01c47ff5-1d07-4d5c-8815-5798b44bd0e5", "value": "1897406" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836666", "to_ids": true, "type": "vhash", "uuid": "1ab08a47-3737-4ed5-b8da-77b3e7b7fe36", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836666", "to_ids": true, "type": "filename", "uuid": "044d3f50-28ce-4964-9b89-45903930267e", "value": "fffe060a60d7b7ca3e4e1f1ce28e4e4e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836666", "to_ids": false, "type": "text", "uuid": "d315a4eb-e235-4688-a688-150926d33a22", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:21/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836688", "uuid": "26ce525c-5bd3-4244-b65a-0dc4b624488a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836687", "to_ids": true, "type": "md5", "uuid": "244129ac-a85a-4007-a009-dbabe2e8e781", "value": "f3c92e3317767b703490f32bc1e74141", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836687", "to_ids": true, "type": "sha1", "uuid": "6488a31e-fa2b-4530-a911-90d73544a98c", "value": "c724a3c1308e5602049536d7025b2a4eaafe17ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836688", "to_ids": true, "type": "sha256", "uuid": "bab850ec-951b-4fb1-b767-0f6a2f5f84cd", "value": "6a2931ae505a976cf8689715c723deac99400122abf41ad552434671b72628b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836687", "to_ids": true, "type": "ssdeep", "uuid": "7f5ae090-a996-41f9-b26d-d9864b517244", "value": "24576:GZmPErHbcf/vJYsf5KUlc4j5/S7oltsISkLr:GumQfIC/S7o5n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836687", "to_ids": false, "type": "size-in-bytes", "uuid": "e600826e-aae7-434c-8bb7-7e9c0c50b13c", "value": "874146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836687", "to_ids": true, "type": "vhash", "uuid": "3ac6cb1c-3648-4e89-a858-493b12d4f1d0", "value": "a9bb7ccdcf1a421d6630a58750c582b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836687", "to_ids": true, "type": "filename", "uuid": "96c1c3ea-192f-48df-8b73-04631ace0737", "value": "f3c92e3317767b703490f32bc1e74141.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836687", "to_ids": false, "type": "text", "uuid": "682acfa7-29dc-4c74-a161-fb0f9c9a26ed", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836709", "uuid": "e5ddb9ba-28a8-4e50-b318-aceb2c8c2fc5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836709", "to_ids": true, "type": "md5", "uuid": "45690c11-d889-4a67-8381-d85f21fba4fd", "value": "96e58afe59e91c1efb6ae539c222ef00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836709", "to_ids": true, "type": "sha1", "uuid": "e4696156-dcb1-4371-a179-8c033abaf32e", "value": "8c994e3384f9a943e32796d745f32f895c9adea1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836709", "to_ids": true, "type": "sha256", "uuid": "b4ff067d-e131-4489-8a84-8047082e4761", "value": "51b7a93080b66b9758330e35bcfc824a411af7d6ffdeae863c43b990ed7d1b84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836708", "to_ids": true, "type": "ssdeep", "uuid": "2667b86a-2387-4ad9-b6bb-7a5ed8a90d0b", "value": "49152:VbmutAIhb8D8k9pMSCeGxrmYbbFHlN7/8AixHiV8KTdeXD5YSo+V:Vyu+H9pMSCBaY3pb70AAMkXDzoq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836708", "to_ids": false, "type": "size-in-bytes", "uuid": "9838ef6e-795d-4576-9d87-754410c37558", "value": "1900070" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836708", "to_ids": true, "type": "vhash", "uuid": "4b675024-7965-4a53-9c3f-d0a5f9c2329d", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836708", "to_ids": true, "type": "filename", "uuid": "a222c17c-4b68-414d-a071-14af761928ba", "value": "96e58afe59e91c1efb6ae539c222ef00.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836708", "to_ids": false, "type": "text", "uuid": "86ef90f3-85d3-445a-9d9d-c9442e7f6dae", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836730", "uuid": "b4c532d0-038e-4ef9-83a1-643f0406447c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836730", "to_ids": true, "type": "md5", "uuid": "e989e838-47e6-4f9c-9004-7af413da408d", "value": "eed96667af0f959490bb616834903e71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836730", "to_ids": true, "type": "sha1", "uuid": "8d08668c-2c38-4168-bb6d-b87ce6bcfede", "value": "5e5b329bcbe757e77048cc285681ea130c489171", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836730", "to_ids": true, "type": "sha256", "uuid": "7b71c01f-d643-4489-b78d-5b55b5b33eef", "value": "9981ec83f4f42c42eda6f239b7083e77fbfe54bfb27888132c30ea6088ee5a2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836730", "to_ids": true, "type": "ssdeep", "uuid": "261c466f-cf56-485c-a478-1b5a9c166af1", "value": "49152:IvJGjAIhviSrIZkLJRwGVpTRV/Ou4ufyW:IRG8SrYk5J8ufH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836730", "to_ids": false, "type": "size-in-bytes", "uuid": "da655899-5c0c-4a93-8eaa-13261c4faae9", "value": "1899001" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836730", "to_ids": true, "type": "vhash", "uuid": "e101d1b9-e5b1-40bf-aa25-c5212cd1b3ca", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836730", "to_ids": true, "type": "filename", "uuid": "291c8a80-e115-4aa7-a962-6bd0f2ce2eb1", "value": "eed96667af0f959490bb616834903e71.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836730", "to_ids": false, "type": "text", "uuid": "f6330c75-dc25-429c-97bc-2008f97f8e02", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:20/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836752", "uuid": "1d97ab8e-89cc-4dda-b0af-1b6d742e36eb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836751", "to_ids": true, "type": "md5", "uuid": "6bffb37f-61fa-40a5-bc8e-3b9dcd52c7d7", "value": "bfe940ebbeb6ca13b0bbefca78693f55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836751", "to_ids": true, "type": "sha1", "uuid": "4f0b0889-82e9-48e0-beae-60f01db1d8c8", "value": "59d1ad3ffd92049df277f7ac9a3f476c87a36ed3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836752", "to_ids": true, "type": "sha256", "uuid": "e6e12037-761f-4e81-bc6c-9f4da02c63f6", "value": "b37ce68112feff1fa56d4a60b1f52ea23a728862279b9356d164ac11ccfa7d55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836751", "to_ids": true, "type": "ssdeep", "uuid": "b061df3f-ac50-4352-b2ad-d7ed6502e6a2", "value": "24576:0jJLF9A9lAIhXAYGt/JcRDtBnAvaE+G754xpDDGBF3uVTvd9Euwr:+F9AjAIh+JcRDXNE+tvGBtuVTl9Xg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836751", "to_ids": false, "type": "size-in-bytes", "uuid": "59754046-c074-4865-bd47-308ed5530754", "value": "1900580" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836751", "to_ids": true, "type": "vhash", "uuid": "7bd08236-13f9-4d3d-b0aa-616a1341c1b7", "value": "d951a077efebf34664a704793bb72c84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836751", "to_ids": true, "type": "filename", "uuid": "ea05a710-bf23-4bff-afa8-e4f5a224160d", "value": "bfe940ebbeb6ca13b0bbefca78693f55.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836751", "to_ids": false, "type": "text", "uuid": "91bb17ec-dd5d-421c-b8fd-f04efaf0935d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:19/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836773", "uuid": "572d5653-96ac-4893-942c-14d041de8288", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836773", "to_ids": true, "type": "md5", "uuid": "e8e2437c-6a4f-4d19-95b4-7429982ce1e1", "value": "26d58f58d265d0179862d18aac447290", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836773", "to_ids": true, "type": "sha1", "uuid": "d0472464-ca1d-44ef-a83a-2d9807aada58", "value": "4455a6ac1deedc9ae296e2f1159f121c6e5a6780", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836773", "to_ids": true, "type": "sha256", "uuid": "2ca72ca6-9c55-464b-87f3-a4a083ed6d27", "value": "10ec3ff7506413ce8cdb8d8bc6aff0ff993e755bb0cc8c9c9acfb9946366c6a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836772", "to_ids": true, "type": "ssdeep", "uuid": "87e6af16-2f79-462d-b4ab-21a081c21b95", "value": "24576:nZmPErHbcf/vJYsf5KUeG9hcxvqHs7oqow+Nzvu+LKa:numQfAG/cxvsyD0d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836772", "to_ids": false, "type": "size-in-bytes", "uuid": "66c9b89d-5bfa-4aa7-9262-cbb2ad22efc3", "value": "874092" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836772", "to_ids": true, "type": "vhash", "uuid": "39639d6b-f81d-437d-8cd3-38b4e74556d9", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836772", "to_ids": true, "type": "filename", "uuid": "ea6959b6-8f58-4d7a-ac2e-4e6e11d469df", "value": "26d58f58d265d0179862d18aac447290.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836772", "to_ids": false, "type": "text", "uuid": "104473fa-d0ac-402f-9440-94981e4eee08", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836794", "uuid": "802bb1f0-331b-416c-8aed-05c2e1020564", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836794", "to_ids": true, "type": "md5", "uuid": "1fd9e609-a2de-4e37-b48c-101fbf879115", "value": "3769f0933512df4bbbd07f62a3c3e5cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836794", "to_ids": true, "type": "sha1", "uuid": "d0e9a6f0-0887-49fe-89a3-56715cf3ae69", "value": "9dd9d90a0dd5096c231ef2b989fdae577b04a477", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836794", "to_ids": true, "type": "sha256", "uuid": "63a0f17c-0e24-449e-9854-cda3fddec61e", "value": "e6f668d5f3557acac3cea907f14a88f9f0f47e550c2ccb0dc910833e52b61e5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836793", "to_ids": true, "type": "ssdeep", "uuid": "92153a80-af46-4a10-8743-aedd9144009a", "value": "49152:ApO8tAIh6VawzsDrvkJoiVKGL2KAQ2wzxX+bKmYym:AQ8aVaRDzpiIGL2fQ/XrFZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836794", "to_ids": false, "type": "size-in-bytes", "uuid": "49d3e73d-8ff3-4360-b7c7-2ef3e62475e0", "value": "1897654" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836794", "to_ids": true, "type": "vhash", "uuid": "d2779a15-6924-4cc3-addc-5fef8fd8e692", "value": "7d67991bb96e8a074ff95bfe41c2f2be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836794", "to_ids": true, "type": "filename", "uuid": "7154486f-0dec-4b56-8e81-4aab430c2e65", "value": "3769f0933512df4bbbd07f62a3c3e5cf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836794", "to_ids": false, "type": "text", "uuid": "b9f9403a-b54f-4c91-a145-0715e10c30a4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:22/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836815", "uuid": "05295cbc-4a6f-46cd-ac11-09df6360abed", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836815", "to_ids": true, "type": "md5", "uuid": "7e8a765a-cb25-4bd5-85bf-215e40082786", "value": "2dc5d809d52c9dad20ac9db590929081", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836815", "to_ids": true, "type": "sha1", "uuid": "3ff191fa-4641-4c31-899d-311fb5badd30", "value": "f93eef54800d557af9cdc3eee5526e11b5ae6a67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836815", "to_ids": true, "type": "sha256", "uuid": "a8b8bf37-bf89-4d00-a241-877c2d806fc2", "value": "23d0ba0f612bc052fa94f80480ab22be459ee4534c8871892f0d051b23aa0b59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836815", "to_ids": true, "type": "ssdeep", "uuid": "a101bcfd-49d0-4f29-92b4-55d2a60330b9", "value": "393216:4piu1TZCFefIxQUzdNS5rQkFLPO8T+JItxjuN:yNaeERdNSBVFLPE6xaN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836815", "to_ids": false, "type": "size-in-bytes", "uuid": "7f13569e-ce99-4a07-a25d-8b5644b23ef2", "value": "16412099" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836815", "to_ids": true, "type": "vhash", "uuid": "38b8d731-e635-44ea-a841-04c2c3eea2fa", "value": "97f3ba2b7eb12d623ec32c64e8d4fb18" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836815", "to_ids": true, "type": "filename", "uuid": "f264d81a-40e4-4f63-a7b2-e667711af16c", "value": "2dc5d809d52c9dad20ac9db590929081.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/10/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836815", "to_ids": false, "type": "text", "uuid": "8df5603a-cab0-418c-b824-3eb91e7149bc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836837", "uuid": "17583134-d27b-468b-9b84-bd24521115fd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836836", "to_ids": true, "type": "md5", "uuid": "6f91134e-a1dc-4f59-9904-c4f8cea48ce1", "value": "f04c22f6dc7f67778b3a28fe63f4d121", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836837", "to_ids": true, "type": "sha1", "uuid": "25e66a37-1e60-40c3-9c3e-cfccaf0c7a28", "value": "8d771da0d0ea7431c4a2026462d2c27e5ee8e4a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836837", "to_ids": true, "type": "sha256", "uuid": "348fb1e9-938b-4af2-bf1c-d08a5dd6eba2", "value": "29df3ea6c10fd2327eca65bd3037e1083bc6b1feccc65c3fe95733f54015edbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836836", "to_ids": true, "type": "ssdeep", "uuid": "60f6d11b-3290-4461-8ac7-bc80a097a4c6", "value": "196608:IwAFPoF9b4CqWdv25chcc6JR0o9Phyyv3KS27ZMeuj0X24p:IwiKb4eYcnS6Q3KS2puQX/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836836", "to_ids": false, "type": "size-in-bytes", "uuid": "b1482823-dcc1-4d5b-9501-00516b7e3d43", "value": "12240561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836836", "to_ids": true, "type": "vhash", "uuid": "6f33aa3c-f38b-4719-afea-6cb109b53f35", "value": "8501dddfe374977f5ca2c644eb581eea" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836836", "to_ids": true, "type": "filename", "uuid": "b3d29701-64c0-45ec-9da0-ab51e0202332", "value": "f04c22f6dc7f67778b3a28fe63f4d121.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836836", "to_ids": false, "type": "text", "uuid": "6b75b45f-6403-42f6-b0ea-b2adfd50d06a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA33\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836858", "uuid": "4d1a4c52-fc90-472e-bb3a-ecd2ad441369", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836858", "to_ids": true, "type": "md5", "uuid": "c0e4ea72-3b53-4fa3-a626-7bbb04dc92d7", "value": "2f5b9feb04410d2765f0e771f838f384", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836858", "to_ids": true, "type": "sha1", "uuid": "992b39f5-eea8-4e2b-9594-15c2b68e6cb3", "value": "86c9bf97eb7526399bf48d328803a7e515d098d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836858", "to_ids": true, "type": "sha256", "uuid": "3bfd71d8-911e-4b54-a2fa-bcfc22aaca46", "value": "41f7be7c68e6b72a4eaac285041a32cae933ea55393cc4cd35d4e6d20492ee3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836857", "to_ids": true, "type": "ssdeep", "uuid": "5818c869-d5c3-4d4e-af0b-f6eddcd426c3", "value": "98304:09ByscC+owzU/7Mwv09BFbYUQfdFz93CsBUAOJSrsQtl1cMF5e7dugmsUqHOlnHt:0/yscC+oB/7MB/QdRGJ21Qoo5+HvV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836857", "to_ids": false, "type": "size-in-bytes", "uuid": "2367c359-33d6-45d7-8036-fceefff366f7", "value": "5793657" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836857", "to_ids": true, "type": "vhash", "uuid": "cb69ca9d-49f2-4191-817c-de4414ee4a32", "value": "14b5040fbfc90eccde6529b9504c7c50" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836857", "to_ids": true, "type": "filename", "uuid": "ab8b8112-492a-433f-9970-d4cbd1e27c7b", "value": "2f5b9feb04410d2765f0e771f838f384.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836857", "to_ids": false, "type": "text", "uuid": "09708ca1-3d09-4211-a499-2c76ad181819", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836879", "uuid": "93886c42-265c-41ac-9765-3ff8e34cfcb5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836879", "to_ids": true, "type": "md5", "uuid": "1287369d-8303-4cc0-b6c4-3db3fb2c0c85", "value": "ea7434be17c89cdcea09aa8fc0d88be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836879", "to_ids": true, "type": "sha1", "uuid": "8771ed76-157f-4601-b15f-e9c5720898da", "value": "74aa41840a2484b7769131c1d49aecbddbc9a2e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836879", "to_ids": true, "type": "sha256", "uuid": "c0066e0d-0829-460a-81e9-4d41bc46bea1", "value": "e50e9d9502f059900ca7b375d2059a19a0dc934a72425f8de3248de1882251f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836879", "to_ids": true, "type": "ssdeep", "uuid": "e8b1ded7-3d78-4f24-a05e-c817979c8d74", "value": "196608:AUb4vdnCvE8RefAvZ+ObYtNnqlh96pLXxAwlaWu8e67wDOqEeP5DXLZ39axC0N:j4vdnaE8ofABLYHbbFXu8e671FQ5DXLk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836879", "to_ids": false, "type": "size-in-bytes", "uuid": "4a11e207-1d5b-4b61-8ad5-07231e815375", "value": "10798798" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836879", "to_ids": true, "type": "vhash", "uuid": "af41ae29-ac3e-4294-87fa-28a3bc758d2d", "value": "19456f091670d0254d7d611419fa3385" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836879", "to_ids": true, "type": "filename", "uuid": "5fa980c0-83de-4bdc-95cb-8c07bf51005f", "value": "ea7434be17c89cdcea09aa8fc0d88be2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836879", "to_ids": false, "type": "text", "uuid": "5ea150a9-0ee7-4944-b8a3-d7a95573354c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836901", "uuid": "fa6c8235-900b-481f-b119-a4e1210a670e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836900", "to_ids": true, "type": "md5", "uuid": "ad10326b-494d-46db-b779-977e816a4e56", "value": "60ab0cd2661d531fdc1bf8e0b960d717", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836901", "to_ids": true, "type": "sha1", "uuid": "710cab38-fe47-4a9c-8aa7-2c7000731fbc", "value": "92382d223a64554522cd4a07e0012d85341e9afe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836901", "to_ids": true, "type": "sha256", "uuid": "dc177bc7-64fa-4fe6-b5bf-0b8adc234829", "value": "ecd7bdefd369e02712b7ee01542ff9106ac4e5593cf7b445d71f9ede88df3641", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836900", "to_ids": true, "type": "ssdeep", "uuid": "c59a04f3-0147-411c-806d-47ab7035f181", "value": "393216:M+XouQOh4kj74EZbvsN+mI9vegtU6kkoMc8:MpuLuO4EpvsN+mOfnc8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836900", "to_ids": false, "type": "size-in-bytes", "uuid": "589baf91-9ee1-4535-9f27-ca1a11d3cf0a", "value": "12660639" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836900", "to_ids": true, "type": "vhash", "uuid": "688714d8-62a0-416d-aa55-f23d06ac7c96", "value": "baac7a7cbed0ede3e55827e89ba197b3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836900", "to_ids": true, "type": "filename", "uuid": "1b2913be-552a-4550-b417-44a4c584c5b8", "value": "60ab0cd2661d531fdc1bf8e0b960d717.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836900", "to_ids": false, "type": "text", "uuid": "04edbc32-51d7-4021-8e55-7d1ddc7cfd4d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836922", "uuid": "b6cb7ffd-f81a-45ab-ad9b-112671e0eafa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836922", "to_ids": true, "type": "md5", "uuid": "e475768f-8a3b-42f1-ab53-149f69e2a4a3", "value": "d82f5cd58b3a866acb7d93f995d0eceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836922", "to_ids": true, "type": "sha1", "uuid": "cd4a64af-8f8e-4eff-9be9-350800a73b9e", "value": "89272d2be2db5c77afc4456a7c8270e349d4cce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836922", "to_ids": true, "type": "sha256", "uuid": "6e6bbc6d-0b32-4146-a834-81965607f36d", "value": "706c9739261e32192a9ea5dd50ea6a93857cafd42c2c784c302712057eb1c7ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836921", "to_ids": true, "type": "ssdeep", "uuid": "dd6c584e-beb8-49f5-91fc-46f873e6c21e", "value": "98304:faLEbLmegPr9mZvL6hSmKe5HH5Jc/NESk+cUIY9yTRMjh98FA:faobL8PJMDY1ZJc1ESr3ISgOjz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836921", "to_ids": false, "type": "size-in-bytes", "uuid": "f33ae30b-471d-4ec0-abcf-ee5b08ff688f", "value": "4876790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836921", "to_ids": true, "type": "vhash", "uuid": "1cb9d948-55aa-4b28-b2ba-8d4b238b293e", "value": "8f14a96bbf6d32f494934830de97bc4f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836921", "to_ids": true, "type": "filename", "uuid": "cde44b46-7671-4a99-8363-e8d0f82801be", "value": "d82f5cd58b3a866acb7d93f995d0eceb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836921", "to_ids": false, "type": "text", "uuid": "b06bf2d0-36e8-458f-80c1-dbb1b16c9ed5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836943", "uuid": "7845c53a-b769-4e26-9523-6c033ecf9e7b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836943", "to_ids": true, "type": "md5", "uuid": "8aef0993-c207-4259-b96b-fdc13c832c70", "value": "0b9f863683044f0c5fd322a9c83a967f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836943", "to_ids": true, "type": "sha1", "uuid": "336a7264-8bef-4e63-ad5e-252921b740f2", "value": "7e7d59f2227c7e280f875779f6e80bd019df175f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836943", "to_ids": true, "type": "sha256", "uuid": "7d436a16-b5cc-4d35-826e-26fc65b98d1a", "value": "3667c6ce48cbeaddca5885d6f7708983b719506e49039acb59de8c9e25ee658d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836943", "to_ids": true, "type": "ssdeep", "uuid": "47d737f2-6580-42b7-8876-5cb85ffeb8d6", "value": "98304:5NJWVkfLXrKofJ9oeEAdF0+8uIFaokWwg6:5myj5ldF0+xzonwg6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836943", "to_ids": false, "type": "size-in-bytes", "uuid": "f90295b3-f06c-4942-9b22-662f9072f379", "value": "4277568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836943", "to_ids": true, "type": "vhash", "uuid": "ee2a289f-6471-437d-8100-96cdd0505643", "value": "e0aa9a0bf410a9469696a9cf8763183b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836943", "to_ids": true, "type": "filename", "uuid": "a9ec2579-528a-4f23-b0ea-bf52f4cf6d18", "value": "0b9f863683044f0c5fd322a9c83a967f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836943", "to_ids": false, "type": "text", "uuid": "fe91d744-0f87-4333-994f-c25dfeaf133a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA3C\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836965", "uuid": "0543c34f-f4a0-472c-bae6-81eb402eb773", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836964", "to_ids": true, "type": "md5", "uuid": "c67b92ff-9776-4ce0-833c-4ccf1bc6b981", "value": "b8f2381e97ddf14aa78a83bfe6b1c165", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836964", "to_ids": true, "type": "sha1", "uuid": "35d23f55-24fe-40d6-9b17-79c7d82d2e2b", "value": "557d60c116a83844123fb1f7b344bbce468894c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836965", "to_ids": true, "type": "sha256", "uuid": "32ea7821-4be1-4cce-9b4f-6643aecfff8c", "value": "38212737ed9c5c5bf93b2925252e059047a4b56dc8fe215da7d0e588664cb75b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836964", "to_ids": true, "type": "ssdeep", "uuid": "7d2bd6f2-9756-4e59-9419-532ade27097f", "value": "98304:hSGGSOf3c7XdlRr+KXiNK+5iQPD7nUXT1p20k56:hSGGSOf3qdfXiNNPvUTTk56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836964", "to_ids": false, "type": "size-in-bytes", "uuid": "fb3b42ff-4623-4e7d-a2ab-d9c7f35593b0", "value": "4396038" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836964", "to_ids": true, "type": "vhash", "uuid": "c6f9e9a5-5e3e-411f-8f12-b4b85c7648f0", "value": "0459b1d95dce6aed81227676a0081bb4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836964", "to_ids": true, "type": "filename", "uuid": "ac1df8e4-2d01-4c4f-9e0a-8dcd7bc35356", "value": "b8f2381e97ddf14aa78a83bfe6b1c165.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836964", "to_ids": false, "type": "text", "uuid": "c15e8b40-eda8-4f08-ad1d-dd8ce2790b17", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740836986", "uuid": "0fc459a8-aff8-425b-95f7-fcafa442db00", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740836986", "to_ids": true, "type": "md5", "uuid": "e07b9eb3-7e0b-49be-a687-598d292e1411", "value": "5dce6545acb7cb924b8ec5ff3bb359fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740836986", "to_ids": true, "type": "sha1", "uuid": "1c405eb4-de51-4d1d-8e38-2c3952cb6f69", "value": "45c1948631265bad60c44706e30c89449fa020b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740836986", "to_ids": true, "type": "sha256", "uuid": "8ce586b7-a741-4781-b281-dae51dafaf72", "value": "d502bc13ee909861bb55efb09dc4b6d6e7229c17d0f35dcc6355d7284e2c0145", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740836985", "to_ids": true, "type": "ssdeep", "uuid": "de0cb96c-ba7f-4dc2-b14d-1b25af997222", "value": "98304:FyRx7gMZgDvECyxc+etiIFS+82I0RduI7RZfJzfkqi2nUgBJB69:UEAiJcm7FS92RII7rfJzsq1g" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740836985", "to_ids": false, "type": "size-in-bytes", "uuid": "145a2193-696e-4c7a-8cb3-7b9813910722", "value": "5089302" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740836985", "to_ids": true, "type": "vhash", "uuid": "6efb3ce7-d902-46d5-bb2f-17f147f77aee", "value": "877f12374a467b7414080972f3103f5b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740836985", "to_ids": true, "type": "filename", "uuid": "92f2b362-6553-42fb-892a-27c72887c5ca", "value": "5dce6545acb7cb924b8ec5ff3bb359fb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740836985", "to_ids": false, "type": "text", "uuid": "296b3bf4-1015-46b2-a1e9-ae73daa0cda3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837007", "uuid": "c6dfac9e-761d-4610-b248-db3eb04452c1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837007", "to_ids": true, "type": "md5", "uuid": "ed99e5c1-0363-40bc-ae66-101283b70d7b", "value": "b5948547dc41537b6eb5ff0be5a69d1d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837007", "to_ids": true, "type": "sha1", "uuid": "5b0352b4-a359-4124-8f2a-056951c3709c", "value": "75162d480f720f17f69109065aae8f42660dcab5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837007", "to_ids": true, "type": "sha256", "uuid": "bf827bf0-8b84-4588-8269-6dc02e60e30b", "value": "05ac2811251963c8b47ddcd1da2677d8d844e2322fa4e302d3fc54b57266db78", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837007", "to_ids": true, "type": "ssdeep", "uuid": "cff81df4-3b6b-42ed-831d-a376460df910", "value": "49152:SciOumQfvXRRDd0WeEq+bzgDFsw12NlVaq3QFYbGjdHiHruLuBBAeYntvys:7ryabEdzOFgb5CdHKuICeYntqs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837007", "to_ids": false, "type": "size-in-bytes", "uuid": "c36f459d-485b-4768-9584-fbf411063010", "value": "3052930" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837007", "to_ids": true, "type": "vhash", "uuid": "904c553a-bb3f-4b8f-bbf1-8894f3eaabcb", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837007", "to_ids": true, "type": "filename", "uuid": "404dd21c-16fa-4ccb-aee8-d0371dac138e", "value": "b5948547dc41537b6eb5ff0be5a69d1d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837007", "to_ids": false, "type": "text", "uuid": "86a4aa05-11a3-490c-9f94-359a7c066ec5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837030", "uuid": "5ed8ae98-7f92-4c13-97bf-7fbe5a4b9d5a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837029", "to_ids": true, "type": "md5", "uuid": "7df7a612-ef22-4987-bef6-61f1e52fed99", "value": "e4c83d1a10c6242b0d9a98046b461acf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837029", "to_ids": true, "type": "sha1", "uuid": "3ef9c667-3cd9-4c0e-89c4-ddaf823eef7b", "value": "71ee2262b534dbde0ccc1d319b031ac277af7090", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837030", "to_ids": true, "type": "sha256", "uuid": "3ebb9fa1-78a1-4a89-8f59-fe468f6ccc57", "value": "806510eb2997abbffa05d3c7d7fb2a84affe7d61ad76d6c9757e9e63f2787a10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837029", "to_ids": true, "type": "ssdeep", "uuid": "13f0aa66-c52a-4faa-b0f3-1bbde2c1fdf4", "value": "98304:K9da59UnwJKkWgftNBZ9U3cvHSC516XRkAfQjfFmgH+t8SUY6cHWzKdXDvirjO6E:wdoqn1kvjy38t76XeAQLFmP6Iirfuw6B" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837029", "to_ids": false, "type": "size-in-bytes", "uuid": "69d89b07-213a-43ef-9721-83fc4bec7bd1", "value": "5132845" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837029", "to_ids": true, "type": "vhash", "uuid": "f2267e42-d841-40d4-9e0c-5eed5ec0f973", "value": "281fa66473e11aef68612462c10fead5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837029", "to_ids": true, "type": "filename", "uuid": "3b7400c9-9eb4-413a-9934-c5368a0e3c14", "value": "e4c83d1a10c6242b0d9a98046b461acf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837029", "to_ids": false, "type": "text", "uuid": "0f443012-56c3-4e7c-a7a4-d364d54906ea", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA02\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837051", "uuid": "6c09790d-ca23-4836-a61c-78ebb0530c64", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837051", "to_ids": true, "type": "md5", "uuid": "293c6c8e-04f2-49cf-99f0-61840d450fd8", "value": "e3ea9edfc51a657abf5135e66e0f8581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837051", "to_ids": true, "type": "sha1", "uuid": "c929af15-4ec0-48e0-a9ec-c0ab01f4be14", "value": "17ee0259ee253a615e074bff1529f1dc6ac80ae3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837051", "to_ids": true, "type": "sha256", "uuid": "8d3332da-c4b9-4696-8f86-f7bd8b3d7279", "value": "37fb7e6a22630ece6dc579943062c5e17df823aba026e4f169b560c29f9109fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837050", "to_ids": true, "type": "ssdeep", "uuid": "b5f39c01-85b2-42ca-ba5d-38f4debf3297", "value": "98304:WFZ++kSVTZKlcUma/8Bg0P647aTUz3mEaXUTjhrir3UwKA:CZ++vYTt/ig0pEavdjkrkg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837050", "to_ids": false, "type": "size-in-bytes", "uuid": "e8381769-dbfe-4257-b01a-ea9d3490cbc8", "value": "5438535" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837050", "to_ids": true, "type": "vhash", "uuid": "ba223e9b-40f7-4826-91ae-c43ada9fdc6f", "value": "5b1d8f9481f7449f5bdc3535e0adee42" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837050", "to_ids": true, "type": "filename", "uuid": "4bb53d45-f1fd-4c18-93b6-be7d04212145", "value": "e3ea9edfc51a657abf5135e66e0f8581.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837050", "to_ids": false, "type": "text", "uuid": "02eb01e2-e8e1-4e09-96fc-b1643c86a5fe", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAC2\nVT Total Detection:27/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837072", "uuid": "de74c2a8-592c-43f8-a58d-3652bbaf40b5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837072", "to_ids": true, "type": "md5", "uuid": "ec3d8014-f6df-4de9-bc43-f0de54eaac71", "value": "d6cddecd563170c7e3f842ecdbf8911e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837072", "to_ids": true, "type": "sha1", "uuid": "1b701cb6-ae48-46fa-9826-a073e2ce4f51", "value": "9b384dba5b39e9d1cf5dc741d19fea66c162f9c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837072", "to_ids": true, "type": "sha256", "uuid": "24dc1bf2-b6df-448e-ab33-9c64ce477e61", "value": "35bbaa5b25655f2b2493b4145edc2773f88c12362f460f0b0a8bb73b67da8528", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837072", "to_ids": true, "type": "ssdeep", "uuid": "13f06f19-30ef-4740-aa04-5752249d4ec7", "value": "24576:lufLbl4cb74N00RxYxKwjctv/8rpmo2u2mI5kgLLxd+tsx0eY2aFQn2jQyCW+2AO:lufLbl4cbEN00RuytX8rp7cmI5kgLLDg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837072", "to_ids": false, "type": "size-in-bytes", "uuid": "3e352d4a-155b-46e6-b8d2-daaa9f2eada7", "value": "1469103" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837072", "to_ids": true, "type": "vhash", "uuid": "bab18159-425a-4e20-95c9-fcb832d3136d", "value": "2b0aec17ecc3bfb331b965b42ca4dde8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837072", "to_ids": true, "type": "filename", "uuid": "03aefdef-3f1b-4db6-8d73-603047ab7f04", "value": "d6cddecd563170c7e3f842ecdbf8911e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837072", "to_ids": false, "type": "text", "uuid": "e00f5a59-3833-4467-9ab5-d1874ee78b8d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837094", "uuid": "d96a0eef-0125-4fb4-bd79-1cd68730e71c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837094", "to_ids": true, "type": "md5", "uuid": "fe852371-e7c4-4943-874e-4887c617af05", "value": "6055d0ec37405ac0939cec81340d16ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837094", "to_ids": true, "type": "sha1", "uuid": "fa782da8-f2fc-4335-8635-4f468d831f70", "value": "5a1fdca8dc82778c50cff9b8c7cde6c0ba661a18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837094", "to_ids": true, "type": "sha256", "uuid": "e2fbd9f0-1e09-4fab-bb60-b096976a9d46", "value": "51fda9d0e339f48e74a5d2346d0043d0897ce830252b4bfee0734a4b3f611f34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837093", "to_ids": true, "type": "ssdeep", "uuid": "cd21d771-daa7-44ae-8576-90fd8caa0384", "value": "98304:TeyjExu75ei8VU5c5IyfOUlnhfF8b2AHw+D0r:T7jBdeHq0LF8di" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837093", "to_ids": false, "type": "size-in-bytes", "uuid": "b703c909-3d61-41f5-9a0b-3eb5bdaf3d91", "value": "3750970" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837093", "to_ids": true, "type": "vhash", "uuid": "d523137b-66f4-4eca-9ceb-b44e76364271", "value": "b25666e800cfe5658f34d341eb4ee25c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837093", "to_ids": true, "type": "filename", "uuid": "34920d4b-a279-48fc-936b-3ad9e49bd1aa", "value": "6055d0ec37405ac0939cec81340d16ac.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837093", "to_ids": false, "type": "text", "uuid": "f076a1aa-5562-4918-9f6b-bcfb8fad7eef", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837115", "uuid": "e678c930-f32b-4c00-8d38-bd469580dae8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837115", "to_ids": true, "type": "md5", "uuid": "01e92e72-85cf-42b6-b968-88aabe574aa1", "value": "a006d77e3f69aa7e23d1cad5e8d2342b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837115", "to_ids": true, "type": "sha1", "uuid": "c8c35e04-d3a1-43ed-9da4-5abf22964fc8", "value": "ef93c323f2a6cf8aa53e9f5c9a6a0c8024b31fab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837115", "to_ids": true, "type": "sha256", "uuid": "647e53d8-4212-4273-9cc7-69a43cfeccc6", "value": "23e7e7e4a46fda1f1b362e463a65423f6bd990160522e74292890c54e03171d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837114", "to_ids": true, "type": "ssdeep", "uuid": "81292061-3bdc-4749-97e6-5c0a0c6bd4c8", "value": "49152:1pfqkMoyXzaGePeRsgHOBlEUcpfq9fqmK14vpM:1pfKfGGePeOgHOnepfQfsuRM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837115", "to_ids": false, "type": "size-in-bytes", "uuid": "2c752c05-8d0b-4912-a777-34b431a70fc0", "value": "1633198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837115", "to_ids": true, "type": "vhash", "uuid": "fce527ce-f1dd-4de2-85c7-0d44bd8859ed", "value": "c8813110af9aa4c68a74cb1c71f13068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837115", "to_ids": true, "type": "filename", "uuid": "cbed3f5a-c35d-42c9-805c-20a1e24e3db3", "value": "a006d77e3f69aa7e23d1cad5e8d2342b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837115", "to_ids": false, "type": "text", "uuid": "1919589a-189f-445e-9d49-116bd4216fea", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837136", "uuid": "ca6f892d-705c-4952-9cd5-4328a72c7666", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837136", "to_ids": true, "type": "md5", "uuid": "306cd9a2-4669-43b2-9cba-ac1889bb6c68", "value": "4c8318dc7e6933598b08c68e9f916a02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837136", "to_ids": true, "type": "sha1", "uuid": "4638713f-88fc-429e-97e5-a2ec99769027", "value": "ae79ce15047daa2d6f597795f79505e1ef08d642", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837136", "to_ids": true, "type": "sha256", "uuid": "4157d7f4-a28c-4bed-8bb2-a12f540616ba", "value": "bd48bf3141ec132a9f8e6ab2701078926990744d858b282da800da9672e59e59", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837136", "to_ids": true, "type": "ssdeep", "uuid": "028ff4b0-e65a-4bea-8a56-99d0f4aa4d7c", "value": "49152:ijcmaumQf1XRRDd0kCWq+bzgDFJTuiNdW4BQkLL+TD3ubylviJq5dJ2XpeXOfc4x:iw52aDWdzOFvHETDSylj5dJWvfrGw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837136", "to_ids": false, "type": "size-in-bytes", "uuid": "9206ced5-0ec9-49b3-9714-d641855ec615", "value": "3179044" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837136", "to_ids": true, "type": "vhash", "uuid": "cf2c41dd-54d6-4a26-bc80-104089a30a70", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837136", "to_ids": true, "type": "filename", "uuid": "111dc934-c76d-4d9d-a3fb-f6fc6522db26", "value": "4c8318dc7e6933598b08c68e9f916a02.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837136", "to_ids": false, "type": "text", "uuid": "52705279-7bad-4238-8c34-a70acf355598", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837158", "uuid": "b265df4f-43a5-4c4f-9e13-06f9023e7425", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837157", "to_ids": true, "type": "md5", "uuid": "8363fa73-653a-497c-a87f-4a339a8ce6e3", "value": "88fd2823b6e768c50dea31a5d4d742b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837158", "to_ids": true, "type": "sha1", "uuid": "4b94a1fc-3f1e-4593-b14b-13f2445af188", "value": "ed1acc367691a8318dfebde6b9feb81fbccaeb39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837158", "to_ids": true, "type": "sha256", "uuid": "3afa569a-5ee2-4da8-ab71-294231227e58", "value": "146799741ef55e06f53ab768826fe82dfaad6b6255f9f45519390633a41a2ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837157", "to_ids": true, "type": "ssdeep", "uuid": "818407cb-2b67-4c57-9cf9-8f33a8a412dc", "value": "49152:KchUumQfcXRRDG0Dpwq+bzgDFTGHfpNe+yjN3D81muDFVBdjkJd0yGFfHy:ji9r9wdzOFO4dWDbBd4/0yG9S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837157", "to_ids": false, "type": "size-in-bytes", "uuid": "2fb819b9-6ba0-4a95-bfb9-6c07b752ef66", "value": "3175449" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837157", "to_ids": true, "type": "vhash", "uuid": "e89ee050-c030-4ce8-9856-a52989ca8fb3", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837157", "to_ids": true, "type": "filename", "uuid": "e530bf1d-66a9-4068-8eeb-c0e0c5524809", "value": "88fd2823b6e768c50dea31a5d4d742b9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837157", "to_ids": false, "type": "text", "uuid": "e4380572-8003-4f4a-aa94-60854d8b1bd7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837179", "uuid": "b3745c30-3506-40fa-892f-ffd710c54868", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837179", "to_ids": true, "type": "md5", "uuid": "2111b1e0-9f47-40e2-9506-56b471689f5e", "value": "e2eb88f9ea5891af3868d6fb0a8fdd10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837179", "to_ids": true, "type": "sha1", "uuid": "a6feedf6-d66f-4180-897e-af138095a9f7", "value": "c0eb3e60595b5c9361d6ec209286eb31d70ffe08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837179", "to_ids": true, "type": "sha256", "uuid": "4f6b9247-db65-44a2-af80-ab6a5c5ee586", "value": "cfbea3de06b72045014a8781e1d95fd19e817dbfdfdb3919c6027423be3e21e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837178", "to_ids": true, "type": "ssdeep", "uuid": "7e1ba4ce-4792-4471-a83b-755c988f8f4b", "value": "49152:sCcAXumQfYXRRDU0x9Gq+bzgDFWHhqNMp4BQQJWyC1BevSwawJjiQtpJj8JJ:sraj9/GdzOFhWcWde3DpcJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837178", "to_ids": false, "type": "size-in-bytes", "uuid": "b2d1a8ab-cbea-4e41-8807-cd62736c2c89", "value": "3178121" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837178", "to_ids": true, "type": "vhash", "uuid": "4edf72db-4d2f-47d6-a9bd-1b8fe2159973", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837178", "to_ids": true, "type": "filename", "uuid": "d5fdcd18-ee94-4c85-ae7f-38831e023cbe", "value": "e2eb88f9ea5891af3868d6fb0a8fdd10.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837178", "to_ids": false, "type": "text", "uuid": "a908c7a4-25c1-4c8c-8a60-7826b5e724d2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837200", "uuid": "31850a9a-4f93-421f-adb8-cdff7c9ca27c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837200", "to_ids": true, "type": "md5", "uuid": "f41d73ec-9f36-4216-a42b-c738ae30a41e", "value": "aa3b85fb075f79a43acd23d81329750b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837200", "to_ids": true, "type": "sha1", "uuid": "a4af1bb2-53d8-4016-850e-eb6dfdb58c3a", "value": "43f46b9ca29bdc976012469f158ea7fc5f17830d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837200", "to_ids": true, "type": "sha256", "uuid": "839fee1c-e4e7-4d3a-b286-f564ef59fd68", "value": "d920b8b6feea43c1805cebf3c9011ffb50cd496bde099fa1a72976e96375852e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837200", "to_ids": true, "type": "ssdeep", "uuid": "98cda4d8-22f5-4c1a-9053-6e124da884ae", "value": "24576:6ZmPErHbcf/vJYsf5KUapQEDGrfGobjWnkflN:6umQfkQ9rfxWu7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837200", "to_ids": false, "type": "size-in-bytes", "uuid": "7144aff7-f4f5-40d5-bddc-c8d89302b1e7", "value": "874456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837200", "to_ids": true, "type": "vhash", "uuid": "8c2780f9-4813-4044-9bbf-38dfdcc55d90", "value": "4a1d181642d9d9f41b3cfe991817aaa4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837200", "to_ids": true, "type": "filename", "uuid": "e809bebb-8510-4f5e-8620-d04cc206c252", "value": "aa3b85fb075f79a43acd23d81329750b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837200", "to_ids": false, "type": "text", "uuid": "e055664c-87b1-45c5-9970-2a3b1c5746ca", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837222", "uuid": "5e32ca40-1df6-4c75-a61c-3a15ab908946", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837221", "to_ids": true, "type": "md5", "uuid": "5fbd0f5b-54e4-438c-9f12-909343d0b199", "value": "53d6f5bf21aa4e876584f02d4b731bea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837221", "to_ids": true, "type": "sha1", "uuid": "20a7c8e4-de10-4b4d-8943-a925c72ed9c6", "value": "00809f74188056d9c2befff624d6c429e1389fe2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837222", "to_ids": true, "type": "sha256", "uuid": "07c090d3-a20c-4133-b644-0bf982cbe9f4", "value": "66f87c8fb91e79f0eabaeb847c2a07113880e9c4e942aa22260b2695e37a1604", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837221", "to_ids": true, "type": "ssdeep", "uuid": "a8dfd899-61b3-4a0a-a868-7335ae2d4d60", "value": "49152:GciyumQfvXRRDT0mbEq+bzgDFsuW2NVIaq3XooTUoU+oX5OLcrjsUArIQi/qmgVx:nfycoEdzOFLXKTIbJObUA0P/qmWk56f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837221", "to_ids": false, "type": "size-in-bytes", "uuid": "1cf98d14-512f-4c10-8c69-4423c2223997", "value": "3050924" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837221", "to_ids": true, "type": "vhash", "uuid": "c6e9204f-fb60-4397-8a57-0e6b8ca9d8b3", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837221", "to_ids": true, "type": "filename", "uuid": "f9596296-2997-4870-a3bb-d53c74ddb6a7", "value": "53d6f5bf21aa4e876584f02d4b731bea.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837221", "to_ids": false, "type": "text", "uuid": "9d3a7580-167d-414a-b3e9-7c3a917e8a57", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837243", "uuid": "dda247f2-b07f-4ab9-9f1e-ed5390f70eba", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837243", "to_ids": true, "type": "md5", "uuid": "4165b8ee-1bb3-4dd2-b79e-365b56c2b29b", "value": "70f34cdc77ccad859c23393b03bfd9d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837243", "to_ids": true, "type": "sha1", "uuid": "e989db4d-cbf9-4f6b-b6bb-29536f50cab3", "value": "ac565e76a573adc9c4fe66a7320bf6bbebff4757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837243", "to_ids": true, "type": "sha256", "uuid": "507e3c73-3a71-4de8-996a-a0aa945d8600", "value": "a884bc2d1dfca0afef31c6143b8ece7801795d2a3b567fb79fc5715928828e4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837242", "to_ids": true, "type": "ssdeep", "uuid": "030809e1-cea2-4f5f-8a88-6c619e4e6495", "value": "24576:3inxg3GVmtg3Xh2mGPJq6Hs8EmXTRioxFO4O1OFsJ9NPv:3ina3GV5Xh2mGPdHsnKZ6fMFoPv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837242", "to_ids": false, "type": "size-in-bytes", "uuid": "aa6e1fc6-7dca-406a-81f8-f0e04908fc94", "value": "991403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837242", "to_ids": true, "type": "vhash", "uuid": "e22c11bd-07bb-41a9-ac39-2953c050669a", "value": "5b1fc016572de8c9020d0e709eaa65df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837242", "to_ids": true, "type": "filename", "uuid": "e9bf1cd7-d8ff-466d-bbbf-df2ebd62b1c6", "value": "70f34cdc77ccad859c23393b03bfd9d9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837242", "to_ids": false, "type": "text", "uuid": "25774664-25ee-48ad-b108-cd8e614c35a4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA15\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837264", "uuid": "d142617e-a254-4263-ac03-fffc7286c355", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837264", "to_ids": true, "type": "md5", "uuid": "62631beb-9309-454f-ad49-fa7cc7ef4ee0", "value": "e8498ba4894033fa885b1a3a792397c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837264", "to_ids": true, "type": "sha1", "uuid": "d02fc9da-6920-49c8-bde1-8e96fc8d90f4", "value": "7618b38ea8ab7604d11a1e0086945688a619aef9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837264", "to_ids": true, "type": "sha256", "uuid": "6b17ecae-e9cc-450d-8e9f-7bfa5a0b560c", "value": "ee9bbaf4ed9cd71c9f240c3570a9d94044d151282e22b541ddf14c2cfb57311c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837264", "to_ids": true, "type": "ssdeep", "uuid": "182cd5cc-5351-4219-98be-4f026490da25", "value": "6144:Dmb6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6tR:DaButmuqjsT6T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837264", "to_ids": false, "type": "size-in-bytes", "uuid": "127a157e-7530-44ac-b93a-f884c7cf46d0", "value": "248486" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837264", "to_ids": true, "type": "vhash", "uuid": "5512debb-1351-4511-98b7-925fc93d1d41", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837264", "to_ids": true, "type": "filename", "uuid": "a9b3568e-9b07-4681-ae9f-ff786cdf8469", "value": "e8498ba4894033fa885b1a3a792397c0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837264", "to_ids": false, "type": "text", "uuid": "f7d95174-47a4-478c-9b18-4484a47f674a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837286", "uuid": "69dece9e-fa33-4c5f-9576-ead964cbe3c8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837285", "to_ids": true, "type": "md5", "uuid": "7e2ee102-2ea0-463c-9b93-ae6738069c21", "value": "993644618c1d19657fb19bde7347557a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837286", "to_ids": true, "type": "sha1", "uuid": "41289bc8-2415-4a44-aa80-db25aabb8185", "value": "38b8a22b4e3a8803abf437916e39be0de22eea95", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837286", "to_ids": true, "type": "sha256", "uuid": "9be21f1d-747c-418a-958e-19dd079901f1", "value": "c3d33938977028c2fb03ae6f91ce70f436a5b114cdd1fd1887b0a96aed601569", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837285", "to_ids": true, "type": "ssdeep", "uuid": "73322759-ad6c-418d-baac-e7ff5587596d", "value": "24576:JnlvOCnlmc/kBhFl9TBvHMx0iKfNDMaFw4goc1KSpd5+Kfs/iJEtQnRR:JUCQcKvrHBfBrgoAp/+y5JdR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837285", "to_ids": false, "type": "size-in-bytes", "uuid": "e6cd871b-ccb5-42b2-8600-1172d01fe11c", "value": "1728508" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837285", "to_ids": true, "type": "vhash", "uuid": "9119c932-2074-4fbb-8ea6-47172d828d43", "value": "750c8b3f993e4b8f2d0111f774e97797" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837285", "to_ids": true, "type": "filename", "uuid": "8af2885d-11d3-4257-aee7-1d881548ad91", "value": "993644618c1d19657fb19bde7347557a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837285", "to_ids": false, "type": "text", "uuid": "074a9cbd-20ca-43d6-b02b-f83cfa81ab81", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837307", "uuid": "644160a0-c3e0-439b-a105-e7dc3e7eb2bc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837307", "to_ids": true, "type": "md5", "uuid": "1f6f8750-da61-411b-957b-5bbd51b104f5", "value": "3a5c233d57c6cb311776fe0435121fd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837307", "to_ids": true, "type": "sha1", "uuid": "ae60b995-ff8b-41f2-8432-8a3c02ae28a7", "value": "9caf7e5b773a104bf45dff1e9e5d3f3556270fed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837307", "to_ids": true, "type": "sha256", "uuid": "dd099b43-22f0-4473-a57d-c539157c5255", "value": "7bcfd720a4878aeb62c2e31ae4414a04c1c8a704b8a1f1ef3b115a90fe6f5255", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837306", "to_ids": true, "type": "ssdeep", "uuid": "0e3b6b1c-50c0-487e-85cb-0b94d7b97c17", "value": "49152:IciSumQfvXRRD10tbEq+bzgDFi7jo2NPayjNSlnBVihVMfDR3APnK+4Q9jMfLjKg:dPyiBEdzOFsZqBVMuDVAvKRQ9MTj95" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837306", "to_ids": false, "type": "size-in-bytes", "uuid": "656f4438-d7a6-4a37-a707-b0d66b54afbc", "value": "3175532" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837306", "to_ids": true, "type": "vhash", "uuid": "94caee67-c506-487f-b50b-540e10c91b96", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837306", "to_ids": true, "type": "filename", "uuid": "30bbd11f-48b9-4546-a7f2-3322c6b4820f", "value": "3a5c233d57c6cb311776fe0435121fd2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837306", "to_ids": false, "type": "text", "uuid": "945c406e-4e3f-4940-81d1-f36d6cd26baf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837329", "uuid": "b07e3f31-c341-4808-bae5-8b03b5f82981", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837328", "to_ids": true, "type": "md5", "uuid": "4d80dc2c-01a6-4bf9-8fd3-7c44bdaaf57a", "value": "12db389b2215487922f330fd5059295b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837328", "to_ids": true, "type": "sha1", "uuid": "40fba159-ad9c-4644-ab71-6553a019631b", "value": "75c2f8d10553782855dbc2c195aea5734d68f060", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837329", "to_ids": true, "type": "sha256", "uuid": "41cba274-ccc9-4059-9111-ffa7b4308c6e", "value": "b5e6df82dd605632d6ecc4da8beade2e3c8d7d696cc1decda6f83804e8cbb258", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837328", "to_ids": true, "type": "ssdeep", "uuid": "2f1b3c2f-4687-4c44-bd90-98ac7bb04146", "value": "49152:acnhumQftXRRDn00lGq+bzgDFQZcV2Nd8yjN5sxYoIJyfD4ppQJbNtIC1ufPqGW4:zh6o0GdzOFA/ZMYoEy74nQJhtmXj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837328", "to_ids": false, "type": "size-in-bytes", "uuid": "e77d2433-706f-41b0-8313-11123a2ac629", "value": "3175563" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837328", "to_ids": true, "type": "vhash", "uuid": "c36a857e-062d-4fc3-be0b-271188b8dca5", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837328", "to_ids": true, "type": "filename", "uuid": "631657c5-f214-4885-b467-7f3ea9c256c0", "value": "12db389b2215487922f330fd5059295b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837328", "to_ids": false, "type": "text", "uuid": "f35f4197-86e7-4adc-b13a-85756f1b8e4a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837350", "uuid": "be3d9c08-dda3-4dbc-828c-e7b042d2d01e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837350", "to_ids": true, "type": "md5", "uuid": "800d8289-2d82-4597-add8-89dfaa732314", "value": "79ec670e41b43963d562fd419ffe893d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837350", "to_ids": true, "type": "sha1", "uuid": "b3b8cf5f-7d01-440d-9e72-52ca0d4d3411", "value": "99f9b338e13e9c9f3cc32bf574aae87d08b6162d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837350", "to_ids": true, "type": "sha256", "uuid": "491cc518-09cd-49fd-9cd1-ac16db2ec539", "value": "bada884ed126482834e609b7edd2224451912539d5afdee9ed46662f0539b5a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837349", "to_ids": true, "type": "ssdeep", "uuid": "d61261ab-c0e2-4b82-823e-0f5ccf8f1e26", "value": "98304:bEmvwdXw4gqdzOFq38ag35y2/kYweWe4On/69:gmYdoFqIYIVwLeL/69" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837349", "to_ids": false, "type": "size-in-bytes", "uuid": "2b081f21-ec47-44b8-a586-86cff79d30b7", "value": "3489296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837349", "to_ids": true, "type": "vhash", "uuid": "c530385e-0e5b-4fff-888f-b85bdc91861a", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837349", "to_ids": true, "type": "filename", "uuid": "88f0645c-f7d8-4f29-92ad-e21eb930a926", "value": "79ec670e41b43963d562fd419ffe893d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837349", "to_ids": false, "type": "text", "uuid": "e61fd027-14e6-4451-a658-70c9d0f85c53", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837371", "uuid": "f650cf70-319b-4c28-89f2-df0f0a51617a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837371", "to_ids": true, "type": "md5", "uuid": "46962519-ed44-4d97-9e3a-0a476423b71e", "value": "068ba42e71960378352bf8dfdcce214c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837371", "to_ids": true, "type": "sha1", "uuid": "cad2a978-7a95-4efb-8a75-0cd8c7e3f783", "value": "80f6611e6b611ba941fe4b5720d7384f564c00dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837371", "to_ids": true, "type": "sha256", "uuid": "7307ac57-d6f7-432d-a53c-5a4e0496b238", "value": "8c19a45c05877afce8badd250ff2a9cf048c5299ee4ca7ef268c282096b728a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837371", "to_ids": true, "type": "ssdeep", "uuid": "2ef13792-a0dd-472d-902d-9ba9af1e58f8", "value": "24576:65T/PY73yFv73klIfDqakwMucb24PifupUE+2kOkwCkuWtcDxcwSA1vmM8Z:6FSeDqJ6xfu6d1wCXW0xQApmpZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837371", "to_ids": false, "type": "size-in-bytes", "uuid": "00f9360e-1b01-47a6-87ea-49fdcf15e1a9", "value": "1588762" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837371", "to_ids": true, "type": "vhash", "uuid": "a92c3329-9861-4d45-85ef-abf5014b8c60", "value": "487c865527d338b7da32236996d70ab7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837371", "to_ids": true, "type": "filename", "uuid": "5d7c33e4-ad1c-4ad6-a412-e42237029a3f", "value": "068ba42e71960378352bf8dfdcce214c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837371", "to_ids": false, "type": "text", "uuid": "546d1156-d4bc-4f3f-85f4-301398af1d7e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837392", "uuid": "f57f35bb-9e72-4b8a-9841-d6e4e94a9b13", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837392", "to_ids": true, "type": "md5", "uuid": "50d1e690-5ebe-4a4d-90cc-ed4e8c9ec4e5", "value": "f4c513a737bf2c91902d7ccefabe78c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837392", "to_ids": true, "type": "sha1", "uuid": "2c85ac2c-59d4-4e8d-a5ad-9a8622df0ff8", "value": "8702f83ffd8c0f4440260c426caa0e17a6150972", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837392", "to_ids": true, "type": "sha256", "uuid": "d0b31b2b-dcdf-41a2-9cac-1377445b5518", "value": "5b53b4c0a5016f4db0461d338dd89b166e6d37970a8d561da2803c2a1146e7ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837392", "to_ids": true, "type": "ssdeep", "uuid": "772fcde0-ccb7-4d8c-9bbb-62bb3644561c", "value": "49152:VchAumQfcXRRDv0Wpwq+bzgDFT7H9pNl+yjNERsxYoIJyfD4ppQmmX/n02s1wMcu:2O9Q2wdzOFrnWMYoEy74nQmmP02sycSO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837392", "to_ids": false, "type": "size-in-bytes", "uuid": "c383c0c5-3244-421b-91e7-f18ef32f7c02", "value": "3175397" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837392", "to_ids": true, "type": "vhash", "uuid": "a99c9c3c-38da-4f6a-9350-d703a690f30a", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837392", "to_ids": true, "type": "filename", "uuid": "0939c31d-5d7f-452c-8f46-3973edcaeeb0", "value": "f4c513a737bf2c91902d7ccefabe78c0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837392", "to_ids": false, "type": "text", "uuid": "70c52c6a-a4f6-47e4-83fa-094852e295cb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837414", "uuid": "61b3942b-90cb-4a03-9705-b679885e829d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837414", "to_ids": true, "type": "md5", "uuid": "9c21f9c5-ddeb-4524-8599-9d8e232fe7f4", "value": "10d2511ae1f9dd230580e5090d4499d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837414", "to_ids": true, "type": "sha1", "uuid": "10b24a67-7439-46fa-a6ef-a25ef570441f", "value": "858e937c6821d58997a41ce3eddec5c386be701b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837414", "to_ids": true, "type": "sha256", "uuid": "fb3f01ad-7213-4834-9512-f545b772dc1a", "value": "65fac75200fd1575a6f5b107b6326548db45a0cf2217eb489955d0ba9a0ad0ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837413", "to_ids": true, "type": "ssdeep", "uuid": "b9c3ba43-25b9-45db-a75c-bbe9813e785e", "value": "49152:K/LEVebqMbNlxhsYkZskJMPbYqnD927eZu3qgAZ:sEVebqMbNdsYkZmPbYqnD86qHAZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837413", "to_ids": false, "type": "size-in-bytes", "uuid": "6c733ebc-a593-42db-81cf-74bdc5c55080", "value": "1908565" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837413", "to_ids": true, "type": "vhash", "uuid": "fabaedcc-5fd5-4ebd-9f20-dbe198307db0", "value": "9d45855c0bd2277cc11dae6fece13cca" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837413", "to_ids": true, "type": "filename", "uuid": "d118d704-c00d-4fac-8226-98793b56acf2", "value": "10d2511ae1f9dd230580e5090d4499d5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837413", "to_ids": false, "type": "text", "uuid": "0baa482a-8d3a-4e5c-bb84-fc33fe562807", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA90\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837435", "uuid": "1b70990b-9a7d-4380-9eca-976f21613352", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837435", "to_ids": true, "type": "md5", "uuid": "ebf4638c-747a-481c-91bb-f299aa90e067", "value": "e0bc6737fc81d96e513b330ad2bca620", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837435", "to_ids": true, "type": "sha1", "uuid": "9ee00d40-b95f-4aed-9623-1106da698153", "value": "a3c4d2290fb09b3eea4df6f18aa881ae03ea72bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837435", "to_ids": true, "type": "sha256", "uuid": "46a66885-4a31-4163-9c59-6344adf7fc8a", "value": "8d0f5369713d03110212e707ae910357520f806d9452ead96cd1eca886198218", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837435", "to_ids": true, "type": "ssdeep", "uuid": "8bbd2e33-5081-4471-a0e4-93484af5af4a", "value": "6144:8kSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5M:2RIKiDQM6tQ30fTviiXM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837435", "to_ids": false, "type": "size-in-bytes", "uuid": "74500829-cd40-44e7-91ad-4964ca1047cf", "value": "247733" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837435", "to_ids": true, "type": "vhash", "uuid": "febc202e-07d4-4d20-b0c0-f2949dc389ed", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837435", "to_ids": true, "type": "filename", "uuid": "6fdd4b9f-1116-4ce1-a0b0-919c774c1ec5", "value": "e0bc6737fc81d96e513b330ad2bca620.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837435", "to_ids": false, "type": "text", "uuid": "ac5c2888-5c93-46ba-ab91-c29a4bd565be", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837456", "uuid": "415d05d3-8c6b-4d0f-96e3-c0cb45403984", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837456", "to_ids": true, "type": "md5", "uuid": "49a6d231-9cd7-4d9b-8da4-65a5b7daa619", "value": "f296f6af0b3d043d9cabf76f4a8af0d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837456", "to_ids": true, "type": "sha1", "uuid": "2c344bab-2605-4761-8c3e-4ce5a5511eef", "value": "5e202ce29efa6eaa6ec91bfa2a4d714ffc4ddeff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837456", "to_ids": true, "type": "sha256", "uuid": "720c3bde-9ad9-4f44-be6e-d49fef2265c2", "value": "441cfb53e66fc9f73a6f6c7177dd082a76c4ab0165ee955c7390658a932c9729", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837456", "to_ids": true, "type": "ssdeep", "uuid": "d24d2cdc-fdec-4023-bd56-76f9381ed1f4", "value": "98304:l+9y0wdzOFZdlIs4mlfICWx93qmliqC8e:lctFZkHX9LZe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837456", "to_ids": false, "type": "size-in-bytes", "uuid": "9aa199ce-e9ce-4864-b32b-fc0638df2c35", "value": "3168746" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837456", "to_ids": true, "type": "vhash", "uuid": "2e19fbde-52e6-4957-b713-190b24296efb", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837456", "to_ids": true, "type": "filename", "uuid": "ed2c601e-96ee-4644-8091-ee8f664a290b", "value": "f296f6af0b3d043d9cabf76f4a8af0d7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837456", "to_ids": false, "type": "text", "uuid": "93a98af1-fd18-497c-87ac-850e7ca730db", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Presenoker\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837478", "uuid": "508bdf8d-a44f-49f6-80ab-f04dc4515469", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837477", "to_ids": true, "type": "md5", "uuid": "7a3d9f2e-c80f-406d-8352-2da1a41e58c3", "value": "0c73f6c335683e16e9adc7c9f7b48364", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837477", "to_ids": true, "type": "sha1", "uuid": "6bd3a2a6-4a0e-42af-a9fa-6577ab8aeca3", "value": "1db82cfb1071671a7a2e784556e77d766d1b3113", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837478", "to_ids": true, "type": "sha256", "uuid": "042e4d00-dc21-4ebf-aa63-80ab0945c6c3", "value": "ce68be7f227edb073a1fb81499d5ea79fdd76ab4944a16abb2b7510ac58bba4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837477", "to_ids": true, "type": "ssdeep", "uuid": "0141d1e9-f0f8-4bae-8fa6-57e47cb1c9fe", "value": "49152:czcKxvJydOg5umQfBXRRDa0TSqq+bzgDFlfkqNDn4BQVJVjc637zlgezR06DkV8b:cAmvwdX5aPmqdzOFdVvVc637zFND+4cQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837477", "to_ids": false, "type": "size-in-bytes", "uuid": "83b084ef-f4a7-4886-a3fc-f0374a4c622f", "value": "3557302" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837477", "to_ids": true, "type": "vhash", "uuid": "96059355-a8df-4f2a-8d3e-4949ed2dffa2", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837477", "to_ids": true, "type": "filename", "uuid": "b561271b-f424-4ec3-b7a2-a9f4283454cc", "value": "0c73f6c335683e16e9adc7c9f7b48364.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837477", "to_ids": false, "type": "text", "uuid": "9793ebe5-ed93-4cb9-a607-edde8cf3a14e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837499", "uuid": "93292283-96ae-408e-aa54-0767ac4304f5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837499", "to_ids": true, "type": "md5", "uuid": "fa87ceeb-3c79-4494-9a3b-618f6e3aedc8", "value": "3ec09c2ff476b825a6aecf8a41449a6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837499", "to_ids": true, "type": "sha1", "uuid": "fc2967bb-8025-44b9-a80f-46bc47994bfb", "value": "2af3d8111a08a4fb2fc2ba0d66af92ffd1236db2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837499", "to_ids": true, "type": "sha256", "uuid": "d99699f5-678e-4f22-9f24-e8badba80185", "value": "4f204f02ba570e72f88bf58be8e1304ab75dfae58a7ab3a22fa17188c26ef5bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837498", "to_ids": true, "type": "ssdeep", "uuid": "fe411d2a-11e2-4617-b4f1-b3a8327807f8", "value": "49152:YacKxvJydOghumQfBXRRDt0ojqq+bzgDFlmqqNgn4BQiXWhk7ugjq42zFR0/r2Ox:YzmvwdXhaayqdzOFMSsG40FRK2291" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837498", "to_ids": false, "type": "size-in-bytes", "uuid": "28ba97d0-877f-4d1f-bf90-148638c1f95b", "value": "3557436" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837498", "to_ids": true, "type": "vhash", "uuid": "9306c906-880c-467d-b9d0-0805cb0312d6", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837498", "to_ids": true, "type": "filename", "uuid": "49aa615e-ccdf-4cc3-a964-e20b7bc5c0c4", "value": "3ec09c2ff476b825a6aecf8a41449a6f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837498", "to_ids": false, "type": "text", "uuid": "651e81d2-8ffe-44cb-83d7-11ed35b6c018", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837520", "uuid": "eb12d2c9-5ae4-4792-a22a-a15f15e4f843", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837520", "to_ids": true, "type": "md5", "uuid": "2e2e6d37-8440-4d68-b706-d61b1a652c81", "value": "f7feb139fef810d7087099090529db17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837520", "to_ids": true, "type": "sha1", "uuid": "c982a6b3-d842-421d-a538-8be1a48d986c", "value": "6b8bdc804fabe6a6cfbb03d671e713918b8910f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837520", "to_ids": true, "type": "sha256", "uuid": "0c3eec1d-8681-4c8e-a5dd-7712675e9f41", "value": "8b7c6174042e9692db3215f4a94f52788e75a427e455208888b543b5c053561a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837520", "to_ids": true, "type": "ssdeep", "uuid": "cf63863f-7d38-426b-9f52-98852603619a", "value": "98304:Hda61dc6dZiYdzOFfeDMJFq9azxzRbCTl:9aG2EAFfkMF+2xzpCTl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837520", "to_ids": false, "type": "size-in-bytes", "uuid": "5b91139b-3271-4a59-b4d1-665b3789f3e3", "value": "3557071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837520", "to_ids": true, "type": "vhash", "uuid": "90bb70ca-916c-44be-b57f-6c57e9e56e97", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837520", "to_ids": true, "type": "filename", "uuid": "f19e235d-a333-4165-900f-7be2fa51a506", "value": "f7feb139fef810d7087099090529db17.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837520", "to_ids": false, "type": "text", "uuid": "427ea6f9-7876-44b4-8057-1b6609822aa6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837542", "uuid": "1e057aec-1dc0-43ff-8738-338795e9d58a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837541", "to_ids": true, "type": "md5", "uuid": "5193237b-5fad-4fc1-898e-5984cdc2d015", "value": "c68f2a1edbb90da297e79f0033ae7586", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837541", "to_ids": true, "type": "sha1", "uuid": "3b4c8ce0-ae0f-4c5a-a0b4-5f0ef8538949", "value": "1b13da69d56dbe381b457c54270438583a1aa164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837542", "to_ids": true, "type": "sha256", "uuid": "cc21452c-e6b1-489c-b730-49ee5ce83b87", "value": "9154b7ee3438e24a1e3145f9cd3d2ecf47c478451ab86717d3ae62e6117744f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837541", "to_ids": true, "type": "ssdeep", "uuid": "c64541a2-5415-4a19-b55e-3253bbf146ca", "value": "24576:Hinx83GVmtQBdh2myxJc6Hs8wU/TRioxFO4O1OFsJ9NPJ:HinO3GVjdh2myxLHs74Z6fMFoPJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837541", "to_ids": false, "type": "size-in-bytes", "uuid": "3457bff0-ac9b-4ff7-b31c-d4da6685328d", "value": "991403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837541", "to_ids": true, "type": "vhash", "uuid": "66034773-c9c1-4a66-a5ce-184672045f81", "value": "5b1fc016572de8c9020d0e709eaa65df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837541", "to_ids": true, "type": "filename", "uuid": "13531154-786b-492e-9de5-1a58721c5ce3", "value": "c68f2a1edbb90da297e79f0033ae7586.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837541", "to_ids": false, "type": "text", "uuid": "634d945d-0aa8-4ab3-bfe8-6d71c0987738", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837563", "uuid": "7b34a3f1-df88-4994-8851-5d399e3977d5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837563", "to_ids": true, "type": "md5", "uuid": "25daa43d-81f8-468e-ba3e-cb294e506022", "value": "740926d105933c9d4db48030c5a947cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837563", "to_ids": true, "type": "sha1", "uuid": "72be593a-d660-46c0-8220-c2f66df84b08", "value": "37425e9ae7ef834449e86a59ecbd366e4b9d4335", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837563", "to_ids": true, "type": "sha256", "uuid": "b81efb7b-2762-41d2-bc33-803619364e66", "value": "5eefab2a243f74a98e436b8d835f9ad006ef41d46db5d44599749c38f19cab02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837562", "to_ids": true, "type": "ssdeep", "uuid": "078c59d8-5cdc-4739-b86e-8b1389b355dd", "value": "49152:5cn9umQftXRRDF0ClGq+bzgDFQHcd2NTvyjNGy9rIxqVocYKYpgxw22Co83PDl:y96i6GdzOF+1+qfOIQLl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837562", "to_ids": false, "type": "size-in-bytes", "uuid": "8a80774b-12b8-46b3-aedb-b474fc36b147", "value": "3168842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837562", "to_ids": true, "type": "vhash", "uuid": "b8c8d930-247b-4a41-8c22-fc88adffd155", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837562", "to_ids": true, "type": "filename", "uuid": "a9f5ba9d-402e-43a3-a188-32610d0bec3e", "value": "740926d105933c9d4db48030c5a947cd.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837562", "to_ids": false, "type": "text", "uuid": "47635075-73bc-4d6f-b4ed-ea6bb5bcb541", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837584", "uuid": "378f3ade-79ee-4080-bd93-e2a8fb2166bc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837584", "to_ids": true, "type": "md5", "uuid": "cd8d8b9a-cad7-489d-ba50-af9d924cc720", "value": "0cfc559898eaee6b5211fe6ff98f224f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837584", "to_ids": true, "type": "sha1", "uuid": "ccf9456d-5edb-4417-b38d-59130bb1c192", "value": "bfa19dfb2e15d88c0b3ae7fa13868dbf2c8fd0bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837584", "to_ids": true, "type": "sha256", "uuid": "1c5537f5-f261-4bc4-abd8-a188611f440b", "value": "fd5bdb3689d6904ae1354de45ecf7239918d1b8f4e06ec0f9f3090bd998496fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837584", "to_ids": true, "type": "ssdeep", "uuid": "2272759f-87f3-4d21-9b0f-4ac1b9dd52ba", "value": "49152:ypfqBM1ybzaFes3Rs6bfXgEUcEfqTfqqK1CvpH:ypfNcqFes3O6bfQeEfWfQIRH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837584", "to_ids": false, "type": "size-in-bytes", "uuid": "fd8c5ae9-55f6-4c01-a608-85a27d6df489", "value": "1633198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837584", "to_ids": true, "type": "vhash", "uuid": "63eb276f-3382-459a-a2a3-6ddf24703f59", "value": "c8813110af9aa4c68a74cb1c71f13068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837584", "to_ids": true, "type": "filename", "uuid": "ab110c8f-a131-4c12-9b83-59ab63c470d5", "value": "Virusshare_0cfc559898eaee6b5211fe6ff98f224f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837584", "to_ids": false, "type": "text", "uuid": "28a76dbb-4036-455d-9f87-efe3265d16a0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837606", "uuid": "50f37bb8-adf8-4f87-827d-4926418a93f7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837605", "to_ids": true, "type": "md5", "uuid": "c9c57d2c-08c2-4933-9d1c-a9de42e59624", "value": "ac65193112bab7842435e2a8ff77f28b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837605", "to_ids": true, "type": "sha1", "uuid": "bed0d6e1-dbeb-4140-8ab1-0e4302e9f1a9", "value": "7b6616da128e3e1472bb7211328efbb04206e849", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837606", "to_ids": true, "type": "sha256", "uuid": "db5a6db9-8aee-4230-a05f-1f542429f885", "value": "1c9e5e4bd22cde1bbe72307ab5fcfe70993801bd23f685e0a977d5f8ebcfc6d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837605", "to_ids": true, "type": "ssdeep", "uuid": "35762be9-fba8-4b94-9700-2e39f9f89be3", "value": "24576:ZZmPErHbcf/vJYsf5KUTr9FI3BMPDOa7MYDs3Sz73HF/hU3dEoDTYj1Km:ZumQfhrfI3BSf43q73Hxhno/Yjl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837605", "to_ids": false, "type": "size-in-bytes", "uuid": "fc43c731-f1dc-4f4c-9d59-1ce458998b90", "value": "1764240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837605", "to_ids": true, "type": "vhash", "uuid": "e2642cd8-c19b-48fe-ba21-0ddf4630c6da", "value": "89ac1a84512d705aa69fa94a0923c0ac" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837605", "to_ids": true, "type": "filename", "uuid": "d9e5a942-aa26-4db1-bd78-f0fdad6809fc", "value": "ac65193112bab7842435e2a8ff77f28b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837605", "to_ids": false, "type": "text", "uuid": "f8343d47-fcfd-44b0-a5fb-ed5426fa1e13", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:17/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837627", "uuid": "73a0ccd4-84ff-4501-927e-077cecb6f649", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837627", "to_ids": true, "type": "md5", "uuid": "5c6e3c8c-15f2-4dd6-8e49-4b2a82dfcb2a", "value": "67b19b299760929daeffca80be7f2f1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837627", "to_ids": true, "type": "sha1", "uuid": "0b7bc324-7dcc-4377-aef7-9cc3ce377500", "value": "35e7b08ad5fb0411501e931b01992cc013bdaa94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837627", "to_ids": true, "type": "sha256", "uuid": "9029d0ae-2404-4ca9-900d-ac03c4351dc8", "value": "ccdd303622dd7b4f978ed8e0e3066a8cfdffa15c3779d0a614270de111489184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837627", "to_ids": true, "type": "ssdeep", "uuid": "a10bbda9-66a5-40cd-91f2-1b2feba0367a", "value": "49152:PcaeumQf5XRRDJ0u4Jq+bzgDFwFn5HNs/yjNHV7Qh8jXnCU9aAnb7hwRkXQ:0bgmPJdzOFAa4+h8WhA7Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837627", "to_ids": false, "type": "size-in-bytes", "uuid": "28d2b0fb-0eeb-4c65-af12-4d38fc00c593", "value": "3073981" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837627", "to_ids": true, "type": "vhash", "uuid": "1bf05b97-bd66-4281-ae99-bbe21e41d819", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837627", "to_ids": true, "type": "filename", "uuid": "716f1ee3-f2be-4cf1-bdc2-d784a0b675a8", "value": "67b19b299760929daeffca80be7f2f1b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837627", "to_ids": false, "type": "text", "uuid": "467a61e6-6dd7-44dd-bf0a-842ac7877951", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837648", "uuid": "44c3093b-cbcb-4b1f-9e0f-4ee29305005a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837648", "to_ids": true, "type": "md5", "uuid": "e3a3b680-0776-4f95-bd6b-90d5d71cb094", "value": "934e3a2d499445e8025139298bdab34a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837648", "to_ids": true, "type": "sha1", "uuid": "c5a24ca0-c2b2-4269-8a46-053e649c5273", "value": "6ff9f32c941664900b176f0cdd665db96c6e2dbf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837648", "to_ids": true, "type": "sha256", "uuid": "a66eed22-fc5c-4002-a200-6937d52fd396", "value": "6c9dee75b32b559e9b57505084b9f6011041b4c412540abfa9ee8e082f5a7707", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837648", "to_ids": true, "type": "ssdeep", "uuid": "5d172584-fa61-4ed0-810c-b61f064a28fa", "value": "49152:kRucutXztRmuj2yFzZvZW/oJ0jQ8lfI79qIP2OpY2sb8/ZaFhvgkYPxTcuQk2mo:KHc7dj2yFz5Z+Flw79qIP2ONaZgksTa3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837648", "to_ids": false, "type": "size-in-bytes", "uuid": "14915747-db2d-4185-bb45-739166ac60ef", "value": "2845330" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837648", "to_ids": true, "type": "vhash", "uuid": "d0b7406a-142f-48f2-a99d-55c792482d24", "value": "c8a0f3a664f3acf7bfe7bbe0e2b8cc59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837648", "to_ids": true, "type": "filename", "uuid": "2cb925ea-5199-4ba9-a25e-8d0545821f38", "value": "934e3a2d499445e8025139298bdab34a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837648", "to_ids": false, "type": "text", "uuid": "36385930-69c0-48a0-a7ed-1b4e27c58c5b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AABB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837670", "uuid": "f5c43d14-5d6f-43e9-90aa-d6e9846a0dc4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837669", "to_ids": true, "type": "md5", "uuid": "ecca6469-134b-4861-8ddf-f2ea4a745b36", "value": "4815c0ed1f937dcc36c31127683b7416", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837670", "to_ids": true, "type": "sha1", "uuid": "f2694726-3fbc-4e82-afe5-f04c99598702", "value": "6f19a2f1665f036357e102a5415b07cdcbffe0e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837670", "to_ids": true, "type": "sha256", "uuid": "a3de65b5-5ab4-42a1-99f5-bb65ca966004", "value": "58d536144dde26cba0afa326fc5eb1e0691c12592a27c32e030633471bf82249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837669", "to_ids": true, "type": "ssdeep", "uuid": "cc357f4d-fae4-4811-a181-9397ec0da4f9", "value": "24576:6ZmPErHbcf/vJYsf5KUQXRRDkD59rI3BZOI6Xl1J/ZldOLcoJwlYVMS/Ki4jYweK:6umQfeXRRDE5dI3B0IM1LlYwOKELwhJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837669", "to_ids": false, "type": "size-in-bytes", "uuid": "9cabb2d4-2551-4961-8c7d-fe63d066e65a", "value": "1905008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837669", "to_ids": true, "type": "vhash", "uuid": "9f11c02f-c669-4c10-8f66-42d2f71e847e", "value": "acf94ace7d91fe5e73f1b5ef2c7d6153" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837669", "to_ids": true, "type": "filename", "uuid": "8e98d96f-0934-4e7e-9b0a-dc3a7e540351", "value": "4815c0ed1f937dcc36c31127683b7416.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837669", "to_ids": false, "type": "text", "uuid": "8f241b76-0d5b-4bcb-a8ed-3a45cff7c849", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:23/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837691", "uuid": "82fba8f1-785b-40d6-8a15-9015979328ff", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837691", "to_ids": true, "type": "md5", "uuid": "3dcf192f-3271-41ce-b38d-1b2d7c2bd346", "value": "37f2fe9e0132cca27c30a912198ad93f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837691", "to_ids": true, "type": "sha1", "uuid": "acd4f7bb-0f28-4df1-a0b2-e654d8dc5d3e", "value": "6e43ed98f5166de0569c4fe7d6ab796ecfa4c579", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837691", "to_ids": true, "type": "sha256", "uuid": "14ccd130-7249-44f9-94b9-dd7ea1d353d0", "value": "77d1a16707ec361e7cf069139eb642848599cbf2cac4408dfd97c0851c5d007c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837690", "to_ids": true, "type": "ssdeep", "uuid": "c09faa26-dccf-46c4-97a5-db241375505a", "value": "24576:TinxU3GVmtCAAh2mykJL6Hs8QBdTRioxFO4O1OFsJ9NPK:Tinu3GVgAh2mykoHsT5Z6fMFoPK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837690", "to_ids": false, "type": "size-in-bytes", "uuid": "35477eb7-9d39-4fca-acc4-d019181d1e39", "value": "991403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837690", "to_ids": true, "type": "vhash", "uuid": "7eef8bb0-30e4-412f-90ec-4e229d9a24f6", "value": "5b1fc016572de8c9020d0e709eaa65df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837690", "to_ids": true, "type": "filename", "uuid": "25955a64-8d4e-464e-9bf0-4c28e63c4b05", "value": "37f2fe9e0132cca27c30a912198ad93f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837690", "to_ids": false, "type": "text", "uuid": "badba5d8-99f2-44ae-858b-97629a1a7e92", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA15\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837712", "uuid": "7ebfc9ee-4269-4656-9e84-8703153f99c8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837712", "to_ids": true, "type": "md5", "uuid": "3a524e03-abc1-4425-ab66-ec37ab324e96", "value": "3e1571a835397ef812210e129ad99896", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837712", "to_ids": true, "type": "sha1", "uuid": "d840199c-4a03-41af-8c16-490ba081e785", "value": "cabdb8c5089cd191203b840971cc49712294dc34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837712", "to_ids": true, "type": "sha256", "uuid": "4d75b939-e5b4-4a9a-9b69-d66d5e3a32a7", "value": "03396bd4acc932f8b1b5c708ff19f6379c8ba05eba17dac60f3e3c21886375b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837712", "to_ids": true, "type": "ssdeep", "uuid": "73f1b3e6-10de-48ef-b810-4cfc2288b09d", "value": "49152:QdcObumQfsXRRDG0XOYq+bzgDFGV0tNyO4BQaVV+0pseW583+VseUXTNOtjJjLb6:QO6JL+YdzOFDo3VV6VWjNO3jPAQ4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837712", "to_ids": false, "type": "size-in-bytes", "uuid": "8b09348d-d048-4492-b27a-0a693359de03", "value": "3177864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837712", "to_ids": true, "type": "vhash", "uuid": "6eae69c9-7af9-4fb3-bf88-36a8e8d7964b", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837712", "to_ids": true, "type": "filename", "uuid": "89672471-7288-4694-a14d-576166d0c201", "value": "3e1571a835397ef812210e129ad99896.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837712", "to_ids": false, "type": "text", "uuid": "dd8ee3c5-4aef-4c7a-aa12-28597cbbc312", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837734", "uuid": "63b61bb2-4212-404d-a227-7702d6b785eb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837733", "to_ids": true, "type": "md5", "uuid": "66184fc3-193e-4f95-b678-0339e072b46b", "value": "65eb66e6469c3ba642b3c00e1dbda2d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837733", "to_ids": true, "type": "sha1", "uuid": "e9df30bd-bbb2-4ace-a500-f4bb2755b02a", "value": "ee11a13f46c055ff046d2d327824b9c25efc5a5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837734", "to_ids": true, "type": "sha256", "uuid": "5c7fa4b5-cf48-4f16-b414-202024e3a883", "value": "a8b67961ccd4e1888c2091fa35d9b06b5a1d44a539641e41ce5caa76fe9dfb97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837733", "to_ids": true, "type": "ssdeep", "uuid": "da0a4226-7773-4407-ad2a-726f1a068186", "value": "49152:scCTumQfUXRRDk0pHsq+bzgDF8RmLNMcaq37vos81/+hP/nLfV0za+MZUfT3f:5gXdNsdzOFl2iY1/+x92a1Zcv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837733", "to_ids": false, "type": "size-in-bytes", "uuid": "0f48d362-2355-4486-8379-54a091be65d6", "value": "3070007" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837733", "to_ids": true, "type": "vhash", "uuid": "ec530b65-35ea-4ecf-bba0-1f2cc3c67159", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837733", "to_ids": true, "type": "filename", "uuid": "03cac862-cf38-40d3-a88b-cbe606499065", "value": "65eb66e6469c3ba642b3c00e1dbda2d6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837733", "to_ids": false, "type": "text", "uuid": "dabeeb08-edc7-4662-9ad4-6edacccfb223", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837755", "uuid": "3a0f353f-b823-497d-b6fd-7ec59133db83", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837755", "to_ids": true, "type": "md5", "uuid": "a60ce43f-c3e0-4908-9253-8f6357906de8", "value": "fd45a959edef4074bdd754531e09725b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837755", "to_ids": true, "type": "sha1", "uuid": "5f4625d3-fc80-49a4-9e1d-a5b98e5bb20e", "value": "eb9dd24a71c222889e212ec686811c41f9340a00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837755", "to_ids": true, "type": "sha256", "uuid": "b72b276b-ba66-4685-bdd5-195a22005011", "value": "c2246e47a48a0339ba6cf04cff0e5f988b50fc056ffe675f84fcf258ce68dec8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837754", "to_ids": true, "type": "ssdeep", "uuid": "69022a00-3b88-4db7-9aa2-d32b7667349c", "value": "49152:7cCnumQfUXRRDr0Fnsq+bzgDFL168LNPlyjNEI3F5T8ASdilagqKDXaIhCkR86Cp:Y8X8lsdzOFH5EV5gASoYGLjB72/X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837754", "to_ids": false, "type": "size-in-bytes", "uuid": "07ad9fe4-0577-4f12-ac47-11b95edbdeda", "value": "3175717" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837754", "to_ids": true, "type": "vhash", "uuid": "f098724d-0ffe-439b-b73d-9a66998d5d05", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837754", "to_ids": true, "type": "filename", "uuid": "0dbf73d2-969b-4011-88bd-af6c9779c548", "value": "fd45a959edef4074bdd754531e09725b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837754", "to_ids": false, "type": "text", "uuid": "9b5819ab-0274-46b0-af35-182f8d54f790", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837776", "uuid": "25058707-8856-4831-a36d-0ed22eaec85f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837776", "to_ids": true, "type": "md5", "uuid": "9c762cd1-a0ac-4e40-8cd9-7b8073d115aa", "value": "86fac58f205c556d2029837119b7211f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837776", "to_ids": true, "type": "sha1", "uuid": "dbf536ec-e89c-4f01-997e-0f7363e8e383", "value": "244da024ea4660ad9c7b430a8f4ddd7fc356441e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837776", "to_ids": true, "type": "sha256", "uuid": "06eecf26-7d08-4d79-a224-98f51019c00d", "value": "b32b568aa807bfa649253b29b09ba6c85a280b8201587ad87aa243bf062063c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837776", "to_ids": true, "type": "ssdeep", "uuid": "d07215ff-2ab4-4e2c-ba2a-249c65afab20", "value": "24576:jycD9k5aPpoqaqMsE5+9j6y02lfFDLw0u6APdhUWOFjhTOksl5fg4eytfxHCmJ+j:ms9k5AlaNd+W2B5Lo6sdhUOB5xf90QUh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837776", "to_ids": false, "type": "size-in-bytes", "uuid": "9abf83fa-fcc5-46ea-a346-bf450ccdd86c", "value": "1763601" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837776", "to_ids": true, "type": "vhash", "uuid": "de9b903c-7259-415f-b402-4bc317f74634", "value": "27aabd1412215837d3adb84ac671844f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837776", "to_ids": true, "type": "filename", "uuid": "93bdb449-43bc-4f71-b2f0-bf9a0193d4fe", "value": "86fac58f205c556d2029837119b7211f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837776", "to_ids": false, "type": "text", "uuid": "98b0a3aa-4468-4c1f-93fa-6d894ad98a24", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA06\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837798", "uuid": "41e0d058-3815-48aa-90de-1d868b3e51cb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837797", "to_ids": true, "type": "md5", "uuid": "40385e5f-a4bd-4431-a696-a12993dd6fbe", "value": "bd8a470d0a56f6988b42b1159d8f233f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837797", "to_ids": true, "type": "sha1", "uuid": "edfccea9-9e61-4c43-ab89-b7be31237dbe", "value": "1e8fd27dd28154295511a62a2e017eccaf6c34e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837798", "to_ids": true, "type": "sha256", "uuid": "658d4e6d-4538-4654-8e48-a99de6a40617", "value": "eab0e69f7dedfb0d8a0c652d8e6fb6f5c594674b3b5d3f1229180a605dab7e7f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837797", "to_ids": true, "type": "ssdeep", "uuid": "1ccda30d-9bd1-4903-9df9-5a3d2f5a1ea7", "value": "24576:/ZmPErHbcf/vJYsf5KUJXRRDkE99dI3BZqI6Xl1J/ZldOLcoJwlYVMS/Ki4jYweB:/umQfzXRRDL9rI3BAIM1LlYwOKELwhK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837797", "to_ids": false, "type": "size-in-bytes", "uuid": "83e71cf3-6ae3-4a6b-81c6-f946d1c91dab", "value": "1905086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837797", "to_ids": true, "type": "vhash", "uuid": "6b548233-81ac-472f-936d-fe50ad43a3c0", "value": "acf94ace7d91fe5e73f1b5ef2c7d6153" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837797", "to_ids": true, "type": "filename", "uuid": "e8c67ead-1374-4614-a6c5-d25e8eb506ce", "value": "bd8a470d0a56f6988b42b1159d8f233f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837797", "to_ids": false, "type": "text", "uuid": "185b8d7c-376c-497d-aaba-4c4a87e498a2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Multiverze\nVT Total Detection:21/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837819", "uuid": "13ff79c3-5a8b-440b-9231-c51eac919695", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837819", "to_ids": true, "type": "md5", "uuid": "bd21c48c-88b1-434e-b111-1776d77182c1", "value": "950b77bcca8bfb70aa4cb2a132424d4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837819", "to_ids": true, "type": "sha1", "uuid": "a2d65ed5-bcf3-402a-81e4-1ead14103715", "value": "f24cb30e39a28497c83e1e28e391df88ce3fc550", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837819", "to_ids": true, "type": "sha256", "uuid": "dcab2b8f-e064-49f8-9902-0bff48f58196", "value": "c687ff8f6b901f50ce1dc20f5863c7ec5659decc0e537a344c99d2a7f959c5b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837818", "to_ids": true, "type": "ssdeep", "uuid": "28978419-2a58-4cad-b838-ffd525f9ac10", "value": "6144:EZgz07jlobGCrlvzQV2OpUIrjQI7wnXZRE/qoTtPXIU36ciMTouW68HS6mmoXcS:bz07jObGSlm9rH7wnXZY7RXzozpW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837818", "to_ids": false, "type": "size-in-bytes", "uuid": "6ff21b0a-1416-44d0-911c-afc6408a0cb1", "value": "389918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837818", "to_ids": true, "type": "vhash", "uuid": "8174a207-d59a-4185-a65e-3e9df647104e", "value": "0e208a61ad468702560769aba2648d71" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837818", "to_ids": true, "type": "filename", "uuid": "54b710c2-cec2-4f01-a9b0-6523061ec328", "value": "950b77bcca8bfb70aa4cb2a132424d4e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837818", "to_ids": false, "type": "text", "uuid": "fa8e59b0-ed6b-4963-801f-dc32df5d8af2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAB9\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837840", "uuid": "a03ce95f-a8bd-437b-8889-02f28ecfd425", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837840", "to_ids": true, "type": "md5", "uuid": "bffd0d9c-6843-4fd8-a28d-774e7ce4a966", "value": "8852b62d6f44800cd1c57894cc8c63bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837840", "to_ids": true, "type": "sha1", "uuid": "418e74fc-69ab-47b1-b81d-b5c4e88a980f", "value": "ecf4cc2d20c672fd14c4df305bc97be3e5e8e1cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837840", "to_ids": true, "type": "sha256", "uuid": "07247e74-8460-4849-8c20-0e353c9e213d", "value": "79d7d8498e2c92ff703991fd33db82650014d5dc53c8dcefbee588cfc2770bf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837840", "to_ids": true, "type": "ssdeep", "uuid": "03ef6550-718d-4164-95c5-449c86ebd792", "value": "49152:4ocIqumQfuXRRDy0hR/q+bzgDFI8nENmb4BQreTxyVYSVPedkChmoy1bHt6FHBpX:49Xdvr/dzOF6MreTxyVYSVGdBhWFMFXX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837840", "to_ids": false, "type": "size-in-bytes", "uuid": "c5d62a19-7de8-4685-a7db-67a752391d3b", "value": "3178091" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837840", "to_ids": true, "type": "vhash", "uuid": "937dad87-6898-4c51-9e95-3526d6679d4f", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837840", "to_ids": true, "type": "filename", "uuid": "933ee9a4-8a65-45e5-85a4-da0e49dcb949", "value": "8852b62d6f44800cd1c57894cc8c63bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837840", "to_ids": false, "type": "text", "uuid": "5d48dc4c-9706-4c3e-8932-c173cb1cf1be", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanClicker:JS/Faceliker\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837862", "uuid": "3ec811a8-ba35-4515-96e9-34b40ad9699f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837861", "to_ids": true, "type": "md5", "uuid": "c4965f79-dc47-4c79-a1a5-12fed8f5f404", "value": "e4df8ecfc03279ec9773f0656bf92af4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837861", "to_ids": true, "type": "sha1", "uuid": "17577dae-1ac3-441a-a6e7-ce90fd09fd18", "value": "1f92a358356472b69b9d7c4fc1d20dd7be257a6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837862", "to_ids": true, "type": "sha256", "uuid": "4c311513-4e17-40b9-bd86-b43f16a2e85a", "value": "87993399031f1787c32f9e47b97b84792a0ace4bc0f8935577e618df1995e457", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837861", "to_ids": true, "type": "ssdeep", "uuid": "643c1672-0591-498d-9513-aabfbd388cf2", "value": "49152:tcC7umQfUXRRDe0Tnsq+bzgDFLH6kLNZ4yjNLlnBVihVMfDR3APnK+4Q9jMfLjK7:eYXrDsdzOFFjZBVMuDVAvKRQ9MTj9i" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837861", "to_ids": false, "type": "size-in-bytes", "uuid": "e733d39e-f0ce-4f50-b2ec-2be506b71a42", "value": "3175694" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837861", "to_ids": true, "type": "vhash", "uuid": "2bbdf9e8-7b70-4ead-9e1d-224b14ed1353", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837861", "to_ids": true, "type": "filename", "uuid": "06eceadd-05ff-4216-ae1f-350f10b7793b", "value": "e4df8ecfc03279ec9773f0656bf92af4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837861", "to_ids": false, "type": "text", "uuid": "21fb9395-b481-4eb8-95fd-4c049f1b69d4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Zpevdo.B\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837883", "uuid": "f6859c4d-c547-4948-bbff-9f80856b89ea", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837883", "to_ids": true, "type": "md5", "uuid": "b6f0f066-0fb9-40f9-b493-586d0163ae6e", "value": "7eb3cf98bceaaf68089112e5e51f21b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837883", "to_ids": true, "type": "sha1", "uuid": "32aae1a2-08db-4214-96f6-660582531f15", "value": "7471165eb24516d4fc6de1be009eff1ea1286b4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837883", "to_ids": true, "type": "sha256", "uuid": "41f38ba5-f1b5-42ef-8602-fd84bd96ac95", "value": "556578ad1d58f793cfe25cb5cd59314de1f3fd8977d85ce3afe3aa0b3f751448", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837882", "to_ids": true, "type": "ssdeep", "uuid": "7caacda1-23aa-4942-aa6d-bcb733c87ba9", "value": "6144:xb6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6tb:xButmuqjsT6p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837882", "to_ids": false, "type": "size-in-bytes", "uuid": "f9a6fcd8-b276-4157-ba2c-924c3fe45832", "value": "248499" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837882", "to_ids": true, "type": "vhash", "uuid": "08c654af-5715-4bd4-838d-ca704de734fb", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837882", "to_ids": true, "type": "filename", "uuid": "273aa5cd-aaad-4bfd-a87b-a1a70d1c55c8", "value": "7eb3cf98bceaaf68089112e5e51f21b8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837882", "to_ids": false, "type": "text", "uuid": "473501b0-5146-4d45-ab81-00d2a3252a31", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA41\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837904", "uuid": "7e66875f-4df1-43bb-935c-d2d962639c71", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837904", "to_ids": true, "type": "md5", "uuid": "e0cdccdb-63c1-48e4-8908-6d719774f83e", "value": "9204b0971677cfb7b30e8365233a829f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837904", "to_ids": true, "type": "sha1", "uuid": "c9437af1-deec-4428-b7bc-5dc523a60054", "value": "9f92714f044540a025b4a549a97b1381d363a7fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837904", "to_ids": true, "type": "sha256", "uuid": "da443912-efef-4b5c-b363-8e17a2fb2b8e", "value": "e37fed0f1b41e068485fbd7600c5c0b6dd21c83d6eff70e8a079c2a9ee6bf344", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837904", "to_ids": true, "type": "ssdeep", "uuid": "55fc6b61-cac9-47fd-bcf8-7f779c0e8f53", "value": "6144:Zb6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6ty:5ButmuqjsT6Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837904", "to_ids": false, "type": "size-in-bytes", "uuid": "be2f614b-4a18-4475-a180-e0c02b4477df", "value": "248499" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837904", "to_ids": true, "type": "vhash", "uuid": "817ba15d-efc7-4574-9548-79c2498a66ec", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837904", "to_ids": true, "type": "filename", "uuid": "22c1e6a0-019f-4c81-b53a-ca3d68825ced", "value": "9204b0971677cfb7b30e8365233a829f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837904", "to_ids": false, "type": "text", "uuid": "3468aaf8-133b-42ed-890c-8bc34bd13643", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837926", "uuid": "ff730e77-7bd2-4a3d-b5fe-78a4b17819c9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837925", "to_ids": true, "type": "md5", "uuid": "d6e5a334-ff0a-49e6-9a37-05c29a298f50", "value": "8d0e11cdbe905552d47de9245006a3e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837925", "to_ids": true, "type": "sha1", "uuid": "c412eb63-fd9d-4ec0-8dc9-21e7da8eec49", "value": "efe13045e63d52cd089f740a338aa4e81b709108", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837926", "to_ids": true, "type": "sha256", "uuid": "e039fa3e-175c-4ede-bd50-831d9779ad5d", "value": "31d70739df191a1d8f830d82e3adac2f5a2cbc86cae4ef1a5a8e0a70170f00d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837925", "to_ids": true, "type": "ssdeep", "uuid": "0bf83c83-a750-4bda-b56b-d73e9ecf5503", "value": "98304:kqxySUdWkf7EkdzOFqS4VV6VWjNO3jPAQa:nypU+sFqLV8wiPZa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837925", "to_ids": false, "type": "size-in-bytes", "uuid": "0312678f-b8e5-4323-97be-eab850a55146", "value": "3659314" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837925", "to_ids": true, "type": "vhash", "uuid": "85b16977-3986-43cb-b168-6d3fc1296839", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837925", "to_ids": true, "type": "filename", "uuid": "8b09804a-605a-44ea-ab66-78faa06973ca", "value": "8d0e11cdbe905552d47de9245006a3e5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837925", "to_ids": false, "type": "text", "uuid": "a940b274-73aa-46be-a2a9-56429fd962c7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837947", "uuid": "75c6a5ec-3522-4c56-973d-c9b161299407", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837947", "to_ids": true, "type": "md5", "uuid": "3415bf36-6364-49a3-a6dd-b824bc0da8c1", "value": "280e1b084c914c1fc99326b667d7dca2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837947", "to_ids": true, "type": "sha1", "uuid": "1f56993c-1922-4f9f-be28-beb346df16e8", "value": "b91f2d4a00fdcf25f2d3cb00237b5286e5bb9b2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837947", "to_ids": true, "type": "sha256", "uuid": "1d37d053-9e0e-4505-a131-61071a0c301d", "value": "2204e2bdd802a7e4bbc60b36b286c9d0504e958538d6d4cfe78427e887e69177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837946", "to_ids": true, "type": "ssdeep", "uuid": "8044c3ca-0105-4561-8b4a-7728fff7be90", "value": "6144:skSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5x:mRIKiDQM6tQ30fTviiXx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837946", "to_ids": false, "type": "size-in-bytes", "uuid": "046123a2-73c6-472f-ba7c-08512c1ec418", "value": "247735" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837946", "to_ids": true, "type": "vhash", "uuid": "f1de66a8-1e35-43b9-a56b-668bb56407bf", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837946", "to_ids": true, "type": "filename", "uuid": "3356bb89-6f2f-49b8-a6cc-3abe3239b862", "value": "280e1b084c914c1fc99326b667d7dca2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837946", "to_ids": false, "type": "text", "uuid": "454d276f-5da3-4639-b1c2-ad4a7292577d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837968", "uuid": "747f38b1-78bd-4965-8a2e-014d9baba7f4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837968", "to_ids": true, "type": "md5", "uuid": "dc403732-d335-48c7-9a45-d6a41c5f460b", "value": "a6a78a07887ba79e94b622225bdc089c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837968", "to_ids": true, "type": "sha1", "uuid": "d6eacc14-8f10-4ddb-8e0c-795ae4ae12a6", "value": "cbfa0e352b3d10cd653b07dd93234c94a8f806fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837968", "to_ids": true, "type": "sha256", "uuid": "29db27ef-3527-4a7a-932e-a4d4399c1088", "value": "ee171a63741303fb948369fd03abb34960f669496e323ce3f497a0cda52d8b0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837968", "to_ids": true, "type": "ssdeep", "uuid": "99912b58-45dc-42ea-b371-59aad256dc9e", "value": "98304:Qaaxr6yXn8Jjih54V949Nkiq+I5/QOifj:QaAYiULMkL9haj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837968", "to_ids": false, "type": "size-in-bytes", "uuid": "e32b39c0-1457-4f6c-8ba5-3b2b9140b5bc", "value": "3249535" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837968", "to_ids": true, "type": "vhash", "uuid": "cfcc7e5a-2744-4b1c-96f5-725a5612f81b", "value": "fdeb6049640c55f9d9a1f04d0afa8c9f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837968", "to_ids": true, "type": "filename", "uuid": "ca852d3b-0cf9-44d1-8248-706edb1cab60", "value": "a6a78a07887ba79e94b622225bdc089c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837968", "to_ids": false, "type": "text", "uuid": "364aa2fb-6ec3-4ed7-b6a7-1054c6b880ab", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740837989", "uuid": "7d90715e-99a3-4f25-8698-c04350180630", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740837989", "to_ids": true, "type": "md5", "uuid": "9912a8b2-9552-48aa-9461-fc472f0ebc49", "value": "33235107d6468f7a9a2e19d57dd86361", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740837989", "to_ids": true, "type": "sha1", "uuid": "149f4996-7a44-49e6-8478-42f37f90722a", "value": "4d4c48adb2d302d7bb48ff4971f66b6259520dd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740837989", "to_ids": true, "type": "sha256", "uuid": "b3b4047f-ad0c-45aa-ba19-2ec7c389892e", "value": "db4ba0162019d26c6a96cdff47ac8326d903428f3af59713c7d191b75f572db9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740837989", "to_ids": true, "type": "ssdeep", "uuid": "bbbc2c47-019d-4ae1-91e9-9f712642097e", "value": "98304:g0mvwdXJaTyqdzOFNNKwvQyWmPBkNiQeaft:nmYdQwFNESh3PBIiQeI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740837989", "to_ids": false, "type": "size-in-bytes", "uuid": "2acd1cf0-2e2c-4648-83ef-912543eb44ca", "value": "3557625" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740837989", "to_ids": true, "type": "vhash", "uuid": "ad517ba8-2dee-4db5-bedc-259d123c2d0c", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740837989", "to_ids": true, "type": "filename", "uuid": "c7c9f877-2fad-4c01-b39c-6e2238cb2b6d", "value": "33235107d6468f7a9a2e19d57dd86361.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740837989", "to_ids": false, "type": "text", "uuid": "20be6737-9417-41aa-b983-d0d3a45e7995", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838011", "uuid": "f5f3981b-e849-4f1c-9dee-7c66b6731200", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838010", "to_ids": true, "type": "md5", "uuid": "90acd275-54be-4118-94db-24a2019cfd2b", "value": "c45b7dcc2c075b9768037645d0bd6b35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838011", "to_ids": true, "type": "sha1", "uuid": "cf40af25-49d4-4599-8fc4-929942bb1b80", "value": "ee4840927ada412ad42f43990edafc3883268c2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838011", "to_ids": true, "type": "sha256", "uuid": "fd6137c8-50e2-4825-806e-42dc9b95ab67", "value": "ec26936e87346d75ddb8995e69bd24ca29ab2693dfa93e7887886890d7beb3fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838010", "to_ids": true, "type": "ssdeep", "uuid": "1e868236-b04f-42b0-99db-d845dfb3bf55", "value": "49152:IcimumQfvXRRDx0kbEq+bzgDFs8S2NEHVaq3e4FXhd11sQzFuCoab/Lq12JNmJc:dDymmEdzOFt2HjphL2CFuVw/+12JNmJc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838010", "to_ids": false, "type": "size-in-bytes", "uuid": "9b848757-d9d6-43d9-85d6-89daa3e72497", "value": "3050943" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838010", "to_ids": true, "type": "vhash", "uuid": "312932ec-340d-4d66-9afe-b3ecf04a3086", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838010", "to_ids": true, "type": "filename", "uuid": "1f3d2dfb-1f32-4274-b6e9-cede4e90cee0", "value": "c45b7dcc2c075b9768037645d0bd6b35.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838010", "to_ids": false, "type": "text", "uuid": "a186b61d-e10d-4868-b2de-428b35db7c02", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838032", "uuid": "fd10e6b2-64ed-43cd-bf80-70656706b39c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838032", "to_ids": true, "type": "md5", "uuid": "70dc018c-1058-4194-af91-9b5b822b16c2", "value": "ca8607cee8d78665cfef1471e81daa91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838032", "to_ids": true, "type": "sha1", "uuid": "9b0444db-b052-4a55-aeea-fa5b28a5462f", "value": "b0358134635b31d174bd2cfe6fe353b0bb0e89b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838032", "to_ids": true, "type": "sha256", "uuid": "0196198d-34cf-48b3-9d78-036914ba6396", "value": "4c61751bc9e99dc37a66cee94049f97b5d657755a4843e23c63f61f5050f7f33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838032", "to_ids": true, "type": "ssdeep", "uuid": "677716e2-044c-41f8-9e60-83cd21d9eaea", "value": "49152:Fw+e1RnqArpfZjEXoizSORpY4xCqDIVeMEET3+1Ypnl575ciB8vzjv:u+yToXoimORpvLUlPuY7+iSzj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838032", "to_ids": false, "type": "size-in-bytes", "uuid": "ff91cec0-83ff-40e5-9637-062f9ba8df24", "value": "3277273" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838032", "to_ids": true, "type": "vhash", "uuid": "9b4f1eb9-dee9-4285-90b8-d8d5bb730f48", "value": "3eb402c67c81a87bfb1fa935a957d6d2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838032", "to_ids": true, "type": "filename", "uuid": "06a57e2a-85c3-4775-a4dd-ef13bd068052", "value": "ca8607cee8d78665cfef1471e81daa91.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838032", "to_ids": false, "type": "text", "uuid": "1bc93899-97e9-4531-9a91-7d44a8151936", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838053", "uuid": "becd561f-3610-41c9-a9b9-0dbd5e36955b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838053", "to_ids": true, "type": "md5", "uuid": "41887f1a-98f1-42d9-8e25-d19751ec2a7e", "value": "9cbb51d67f874d3eb02b6b821f547cb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838053", "to_ids": true, "type": "sha1", "uuid": "1122f3a6-3787-4319-9d1d-153f7056f85a", "value": "96932a1ce116e2fbf60e960908153a04fa140867", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838053", "to_ids": true, "type": "sha256", "uuid": "7aff9c76-1c53-4568-86ca-a8d6c9d8d067", "value": "7cfdde65f0299b26fd8a3cab1ac9e56f7b2426f68c039d18d8d0048f2369c0bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838053", "to_ids": true, "type": "ssdeep", "uuid": "fd30ba59-5706-4c9b-8abe-86dad286b9cd", "value": "49152:i9cM5umQf0XRRDZ0y8Yq+bzgDFH7ftNWE4BQ0LL+TD3ubylviJq5dJ2XpeXOfc4i:iu2Bm9YdzOFBEuTDSylj5dJWvfrGb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838053", "to_ids": false, "type": "size-in-bytes", "uuid": "90e6d078-02c2-4746-ae01-1ea68a4db380", "value": "3178871" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838053", "to_ids": true, "type": "vhash", "uuid": "f074194a-4c0e-4f8d-8bfa-59ac90f6ea2e", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838053", "to_ids": true, "type": "filename", "uuid": "1c58ae64-20e4-4e0e-9e42-958de0732aaf", "value": "9cbb51d67f874d3eb02b6b821f547cb8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838053", "to_ids": false, "type": "text", "uuid": "55edf19f-35a7-4a59-ad85-5235ffca00e4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838075", "uuid": "bf6db499-d308-4cc2-8482-04c490138009", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838074", "to_ids": true, "type": "md5", "uuid": "fdeb199b-d8fa-4a7c-bd76-a59235f1b674", "value": "3020b90ef6b677543cd583e74942a816", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838075", "to_ids": true, "type": "sha1", "uuid": "a3ad669b-f4b6-46e0-bc73-8f563bdc806e", "value": "2d208c5a3d17221376e560b19b9de713535390e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838075", "to_ids": true, "type": "sha256", "uuid": "1ea36311-f466-4daa-ab63-48fdd3308694", "value": "bec4e7ec4ef37f26fefd67f4f342222b2d68df8bb7112094b4d7e87445174f97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838074", "to_ids": true, "type": "ssdeep", "uuid": "1278b85d-fc4c-418e-ba09-9b14ed28cc94", "value": "49152:Fks9k5Alab8Iph2+5Lo6sdhU0f5xf90QUg:Fw5xhBsdhl5xaQUg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838074", "to_ids": false, "type": "size-in-bytes", "uuid": "c3d46828-bd58-474f-ba04-844f1a5da46a", "value": "1763535" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838074", "to_ids": true, "type": "vhash", "uuid": "4ef35087-d746-4c3d-a0a1-bb97934dd8fa", "value": "27aabd1412215837d3adb84ac671844f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838074", "to_ids": true, "type": "filename", "uuid": "68a47a01-eb2b-41a6-9fbc-4855ac3e2265", "value": "3020b90ef6b677543cd583e74942a816.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838074", "to_ids": false, "type": "text", "uuid": "3c044187-9045-4619-93f6-25bee21e4a48", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838096", "uuid": "3e829aee-34b8-43ef-bd8e-7da2bb09285d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838096", "to_ids": true, "type": "md5", "uuid": "5e84f3fc-f0da-4b15-a4cd-ea16f8bc5053", "value": "64b0f17cc8cfb32f727bff349d83e3d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838096", "to_ids": true, "type": "sha1", "uuid": "9e65e04e-7d37-416c-b02c-878a82bcce26", "value": "76900d0cb75717b0dba93cffd598a194795019ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838096", "to_ids": true, "type": "sha256", "uuid": "2ef0d1da-c25c-4b3d-9703-7ecf1b979e2a", "value": "c84867c8b6e0fea431ffb093b0cf1fb3f7e1309fee83bf22a806ea89a83cda9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838096", "to_ids": true, "type": "ssdeep", "uuid": "44fed51f-3706-4fb3-8f6a-309ce59c73d1", "value": "49152:2cCLumQfUXRRDx0QEsq+bzgDF8qgLNOzaq3MFYbGjdHiHruLuBBAeYntvy6:XoXOBsdzOFSUHCdHKuICeYntq6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838096", "to_ids": false, "type": "size-in-bytes", "uuid": "4c5fad4c-9739-4daf-8c77-ff106c26c811", "value": "3053102" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838096", "to_ids": true, "type": "vhash", "uuid": "f257e874-f4c6-4706-a86c-d2a867583b25", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838096", "to_ids": true, "type": "filename", "uuid": "129e8ee0-0432-4af7-86d0-2c5895b30251", "value": "64b0f17cc8cfb32f727bff349d83e3d4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838096", "to_ids": false, "type": "text", "uuid": "57eb36a8-e6e6-4a76-baee-2e8ea0e9ebf8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838118", "uuid": "c31b013b-1280-4749-995a-a1f8cc315f5b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838118", "to_ids": true, "type": "md5", "uuid": "eb0fb510-a72a-4248-96e0-4ac750bf2e72", "value": "85949c0622c7a2cae37578c5032c246e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838118", "to_ids": true, "type": "sha1", "uuid": "d1b3207d-7d2a-47a4-b8ba-b480d530e63e", "value": "089a16c31b11226fd28b647c38bb13de2ae28f0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838118", "to_ids": true, "type": "sha256", "uuid": "e442fb02-126f-42dd-a30d-b87ee2279c8e", "value": "4e23672fcd0c5636e6d3d8eb782bcddad1dddbf43eb1717bcce0f86690e774a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838117", "to_ids": true, "type": "ssdeep", "uuid": "b5c94b27-dc64-45a6-beda-7e182be61f2e", "value": "49152:/8cQX697dZemumQfYXRRDA0x4Yq+bzgDF/v5FNs54BQAJVjc637zlgezR06DkV8h:/Ja61dcmd5iYdzOFbaGVc637zFND+4cq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838117", "to_ids": false, "type": "size-in-bytes", "uuid": "ed2afa59-449a-47fc-a304-0ba952dfbe9f", "value": "3556649" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838117", "to_ids": true, "type": "vhash", "uuid": "81daf765-fc89-4964-b545-9158f0031650", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838117", "to_ids": true, "type": "filename", "uuid": "3d5316cc-7da0-40c4-bc8b-a02ce05e6812", "value": "85949c0622c7a2cae37578c5032c246e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838117", "to_ids": false, "type": "text", "uuid": "b81b1d7d-0b28-443b-8e23-f7aed915eaa9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838139", "uuid": "5ed63644-d463-401a-9c55-560ec19412a8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838139", "to_ids": true, "type": "md5", "uuid": "3b0ae19f-3c00-4ecc-b3fe-679085daed20", "value": "c759b93dfb757bf8ffa23388807ee181", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838139", "to_ids": true, "type": "sha1", "uuid": "aa1b967f-2196-4035-b835-4820106836c6", "value": "bb4f91e376adc2917ceb6ad4012b9ca544771e3f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838139", "to_ids": true, "type": "sha256", "uuid": "05168b31-ec94-4164-bb8f-569460fab444", "value": "6b437e899d34d4121bf286a0d6c04c0c554098b87a1204f6153ad74c44343b0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838139", "to_ids": true, "type": "ssdeep", "uuid": "f58e0456-e6b4-41f9-a899-d02519dc2cfb", "value": "24576:5467pfW2bof282bWjmpfViuYJhwVldiwFEQk6D2AftA:TRp0uGjmpfV6Jh4ldJaQra" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838139", "to_ids": false, "type": "size-in-bytes", "uuid": "a46efc17-fca5-4e6f-8603-f8ccd3d108c7", "value": "952319" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838139", "to_ids": true, "type": "vhash", "uuid": "57289e8f-0d4c-4ff6-bbd3-b34fdb5d8c5f", "value": "6c6f6b80666d393bb713d8f4aaedbace" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838139", "to_ids": true, "type": "filename", "uuid": "0ff511aa-422d-4ad4-8021-5487b0040cfb", "value": "c759b93dfb757bf8ffa23388807ee181.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838139", "to_ids": false, "type": "text", "uuid": "9c77c897-ba4b-4084-b874-927a7119d299", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838160", "uuid": "1ff76c33-9f35-47ec-bf2f-5752156a3e9f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838160", "to_ids": true, "type": "md5", "uuid": "56264f7a-2222-4d87-8173-586114919d65", "value": "fcdec7887d5343af0846d6753a075148", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838160", "to_ids": true, "type": "sha1", "uuid": "82f29956-9e72-4b40-9481-7e7ae50d9e97", "value": "651da970b060d3983e435f2e142bde217af70130", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838160", "to_ids": true, "type": "sha256", "uuid": "afdd7b56-42e9-40a4-9ca7-83f656098977", "value": "281831a45a5324d70e33a0c11eacb22efccb2aaddd378b1b7d8eea8b6d367cbb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838160", "to_ids": true, "type": "ssdeep", "uuid": "d6b7efe8-a875-4b30-a554-cffd54dbcbda", "value": "24576:OZmPErHbcf/vJYsf5KUOFGGlxCY5lJfO0:OumQfk9WyNp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838160", "to_ids": false, "type": "size-in-bytes", "uuid": "c14aae6e-abca-441f-82ae-141c27b0aa13", "value": "871665" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838160", "to_ids": true, "type": "vhash", "uuid": "48cb205d-4073-40a7-a4ef-698ea6059dd3", "value": "4a1d181642d9d9f41b3cfe991817aaa4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838160", "to_ids": true, "type": "filename", "uuid": "8588f17a-928e-4b19-ac93-c4bbea2d9467", "value": "fcdec7887d5343af0846d6753a075148.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838160", "to_ids": false, "type": "text", "uuid": "c0689a42-353d-4092-8cc6-a255bd70a271", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838182", "uuid": "b2034867-b362-4bb2-9b07-ba788850323e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838181", "to_ids": true, "type": "md5", "uuid": "97df8870-19e1-4274-a83f-8ce764decee0", "value": "a9d3bf11648e8b67066a8bc01e74fc12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838182", "to_ids": true, "type": "sha1", "uuid": "c571e531-4264-4b27-82cb-960ce9e2e2f2", "value": "dbe6dd7abd2252763df261b35c016dbf5a168158", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838182", "to_ids": true, "type": "sha256", "uuid": "e49d1389-8cae-461d-8911-9c4819f3a32b", "value": "9637fd3c8033005d1faf5e8a267c65e50179be17d2618326fc7d25cfdd7f4671", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838181", "to_ids": true, "type": "ssdeep", "uuid": "b406a5a2-6550-4123-84ac-a528b49be5ed", "value": "49152:1cnZumQftXRRDh0+lGq+bzgDFQrcl2N02vyjNlvoN+PWMnzwmiEqJi93/HVGu9RD:WZ6GuGdzOFeFmwIVkm13/80zK5K" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838181", "to_ids": false, "type": "size-in-bytes", "uuid": "6e457c1c-a91f-4f5f-97bc-28a3aeee9cb7", "value": "3168847" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838181", "to_ids": true, "type": "vhash", "uuid": "81860897-aee4-4a06-97a9-68a05871d74e", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838181", "to_ids": true, "type": "filename", "uuid": "daf9d976-aa1c-4fe5-a1ef-96aa88ba85b1", "value": "a9d3bf11648e8b67066a8bc01e74fc12.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838181", "to_ids": false, "type": "text", "uuid": "e0fa0050-6fd9-4dc1-8823-3c59dda8ae87", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:18/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838203", "uuid": "97a7b54f-f4d1-4bc6-8ede-d4caceb66943", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838203", "to_ids": true, "type": "md5", "uuid": "2ba7d504-c0d0-410c-bb6f-58c78d79d7ff", "value": "3d2441a9b433682795a628e17823875a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838203", "to_ids": true, "type": "sha1", "uuid": "a3bd9395-149b-4f13-b2de-2d42451250d8", "value": "dc443b130810d4620e97872e2acbdadd52cc0a5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838203", "to_ids": true, "type": "sha256", "uuid": "1774e36e-14f7-4e34-b526-66927e33bc22", "value": "19e767c995855e511029579435550fdf9473e782fe1bf746393427260a176b00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838202", "to_ids": true, "type": "ssdeep", "uuid": "c670596d-b2c4-4a4e-b769-57e9f7b11f89", "value": "49152:acCHumQfUXRRDp04Msq+bzgDF8a8LNY6aq3MFYbGjdHiHruLuBBAeYntvyS:zUXmlsdzOFKKqCdHKuICeYntqS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838202", "to_ids": false, "type": "size-in-bytes", "uuid": "b458df5b-3c91-41d4-b06f-7586ef558416", "value": "3053118" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838202", "to_ids": true, "type": "vhash", "uuid": "7b27ffba-c109-4557-bbef-a985e0652f1e", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838202", "to_ids": true, "type": "filename", "uuid": "9625bf8c-b431-4ee5-b406-c5413532893f", "value": "3d2441a9b433682795a628e17823875a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838202", "to_ids": false, "type": "text", "uuid": "3ed06668-3812-4759-8279-81fd9d302171", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838224", "uuid": "2912613e-e2d4-4b09-856e-34723cd3baed", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838224", "to_ids": true, "type": "md5", "uuid": "d8df9779-ad6c-4732-b662-2d340d82ebe1", "value": "139e08200263c65f1b8e9e312a13b1b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838224", "to_ids": true, "type": "sha1", "uuid": "5ea040e7-92cb-4be5-977a-0cf129fa8f54", "value": "88c3c69c094efe5616836d741f55cdd66113c2d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838224", "to_ids": true, "type": "sha256", "uuid": "b57bd4c7-1359-4576-8c5c-e1bf89297b5e", "value": "a8362572c26b36a94e15ae81fd911d6df679d54c3a9c189cfb147dc430c6197e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838224", "to_ids": true, "type": "ssdeep", "uuid": "1d2f0a82-2cbf-4511-8358-8a83ec30dcd8", "value": "49152:3pfqzM3yTzabe6JRsCrpjGEUc2fqffqeK1ovpU:3pfzCybe6JOCrpae2f2fkGRU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838224", "to_ids": false, "type": "size-in-bytes", "uuid": "f584e219-9e65-4d8b-8a22-d312ff2db951", "value": "1633198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838224", "to_ids": true, "type": "vhash", "uuid": "edf5f5d5-9fe4-4cdf-a9f1-1fec9af63416", "value": "c8813110af9aa4c68a74cb1c71f13068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838224", "to_ids": true, "type": "filename", "uuid": "1e1e233e-40c1-4d3c-bef6-0c71468a01a5", "value": "139e08200263c65f1b8e9e312a13b1b5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838224", "to_ids": false, "type": "text", "uuid": "a6094f6e-d993-4546-a6e1-6af62f62ad37", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838246", "uuid": "e8265983-f0ae-48d2-995e-050a5f778bc7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838245", "to_ids": true, "type": "md5", "uuid": "6c55e642-05ff-4988-b9e0-47b2cc616e64", "value": "37d1a7efede9aba1620e8d1f1cffb690", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838246", "to_ids": true, "type": "sha1", "uuid": "80f150d1-3966-49ef-9dd6-0a6ea2ccb3d8", "value": "3c97aab4715fb1458002a348fd30a48eb124ce92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838246", "to_ids": true, "type": "sha256", "uuid": "18fefeb2-34c3-48f9-a9c1-48c0da1563f1", "value": "908e28a60d9c95f3ec4d58ca46804c7650a9c7f5f983534a1370e62a76ea87c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838245", "to_ids": true, "type": "ssdeep", "uuid": "2892702d-b4b3-4972-8eb8-cfe897df27df", "value": "49152:Qvcg5umQfmXRRDy0wReq+bzgDFLtjYNn+4BQKVV+0pseW583+VseUXTNOtjJjLbN:QUIR/MedzOF2hvVV6VWjNO3jPAQX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838245", "to_ids": false, "type": "size-in-bytes", "uuid": "ac31f43b-25b4-4ff2-a3e5-dddb8d7a7404", "value": "3178037" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838245", "to_ids": true, "type": "vhash", "uuid": "1f5f30bf-5d5e-48c9-888d-3d763bbf1189", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838245", "to_ids": true, "type": "filename", "uuid": "69331a4a-3499-4560-b886-81867ae93066", "value": "37d1a7efede9aba1620e8d1f1cffb690.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838245", "to_ids": false, "type": "text", "uuid": "e3285554-5a52-4568-ad8b-198cc4574bdf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838267", "uuid": "3e804544-51ec-4d58-b6df-d6e1a2d1516f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838267", "to_ids": true, "type": "md5", "uuid": "6449387b-73e6-46cd-bcb5-6b4377208a5e", "value": "c7871b6749c2f8b26a103ab674b6c0d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838267", "to_ids": true, "type": "sha1", "uuid": "4397069b-bdb1-48c7-919c-39943bde9f49", "value": "5d327d795bdbd744c0962763cae786280ac5a52c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838267", "to_ids": true, "type": "sha256", "uuid": "4ef2b73e-83b9-4d09-912b-89759661748b", "value": "8b3d3dc215253bdb829ed0c09836f9e7e6c3dac58b316ac3c727d8ea80aa8a43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838267", "to_ids": true, "type": "ssdeep", "uuid": "894d329f-a1c8-4bf7-b365-8379c38f8094", "value": "49152:WuOhm9BJRH/ZJmqJUQNLoypRSntTZOpYSOpY3qd1pG9nuAbzjL4GYuX0zjXEp6k/:W03HZbNs2mtTZOVO8NnvCuXEApdBxPiy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838267", "to_ids": false, "type": "size-in-bytes", "uuid": "b4335c0f-16d0-4396-bcb4-2d6a676cbf77", "value": "3422451" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838267", "to_ids": true, "type": "vhash", "uuid": "7c9f2a21-465a-453f-a8bd-16f5c4fa9873", "value": "dbf3a45b1e3ca8ab54d3754f5abf5f20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838267", "to_ids": true, "type": "filename", "uuid": "2c1754d0-189b-4bd3-9a62-49e16ccfce1a", "value": "c7871b6749c2f8b26a103ab674b6c0d5.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838267", "to_ids": false, "type": "text", "uuid": "073f3b18-9469-4e82-8b5b-2748e0289aef", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAB3\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838288", "uuid": "f17774e9-b4f6-46f5-a852-ef232fd3cd74", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838288", "to_ids": true, "type": "md5", "uuid": "0df64701-4bdd-4d52-a622-9ba7fe52bf18", "value": "6e90402f64c99c7460aacbb508351aaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838288", "to_ids": true, "type": "sha1", "uuid": "3966778c-c660-4db9-af5a-33193894ad22", "value": "e01ecba5d7f140514fed7700dade8432f9885bad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838288", "to_ids": true, "type": "sha256", "uuid": "60fe7bf6-72dc-4bbc-807c-979e6a400123", "value": "03801f410a4a17248201e91ddf25c7d487eca1a0578c34b73f25c26735a82bda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838288", "to_ids": true, "type": "ssdeep", "uuid": "22be610b-3275-4cb3-bb3e-4c57e0cf0216", "value": "49152:o8cGeumQflXRRDG0Un8q+bzgDFzTQPNus4BQWVV+0pseW583+VseUXTNOtjJjLbt:oJbYTw8dzOFY09VV6VWjNO3jPAQr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838288", "to_ids": false, "type": "size-in-bytes", "uuid": "87876fb9-7f05-49b1-a76c-e751aebc4ebe", "value": "3177865" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838288", "to_ids": true, "type": "vhash", "uuid": "b0229759-da20-4b8a-bd1b-a7e8781b9643", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838288", "to_ids": true, "type": "filename", "uuid": "27781f1e-cbcf-4ef1-9de9-730291459686", "value": "6e90402f64c99c7460aacbb508351aaa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838288", "to_ids": false, "type": "text", "uuid": "42c42078-561d-4596-b059-6e6294aff823", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838310", "uuid": "35422107-6194-48fc-889d-f6daa28aaa7c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838309", "to_ids": true, "type": "md5", "uuid": "0a973eb9-2c34-44d4-99dc-70d0c9a5ecbe", "value": "31243ca8016141f138005bf2372943c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838310", "to_ids": true, "type": "sha1", "uuid": "e09d0cdb-89eb-414b-9611-35fd4531cbac", "value": "ec4d1a48383c63be7975012d48945c21987cb4e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838310", "to_ids": true, "type": "sha256", "uuid": "abbd5f8f-06bb-4d59-b900-12e3bfc2fae6", "value": "57723b43b7193adbeb5241d4737828cde9f39630d0970cda03f91e1b2e13e359", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838309", "to_ids": true, "type": "ssdeep", "uuid": "b6aa3665-e20e-4513-98e7-5134b386b9dd", "value": "49152:5cnJumQftXRRDW0hlGq+bzgDFQscD2NU8yjNwD81muDFVBdjkJd0yGFfH8:yJ6zPGdzOF1uQWDbBd4/0yG9c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838309", "to_ids": false, "type": "size-in-bytes", "uuid": "49216419-4866-423a-8306-40219f7305fd", "value": "3175609" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838309", "to_ids": true, "type": "vhash", "uuid": "68cea191-f857-4f79-89ea-b6155e502b7a", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838309", "to_ids": true, "type": "filename", "uuid": "774aafbc-64b0-45cc-8d11-4a0224cb68d5", "value": "31243ca8016141f138005bf2372943c7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838309", "to_ids": false, "type": "text", "uuid": "c80ad8c0-8409-4868-b4c2-886e79006495", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838331", "uuid": "6156015a-adbf-4088-b3bf-d78209b84514", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838331", "to_ids": true, "type": "md5", "uuid": "6949e1e0-6ecb-4bfb-9188-248d3e62471a", "value": "3d40fd55624c8f50df8bf31176cae754", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838331", "to_ids": true, "type": "sha1", "uuid": "b024c423-0135-4627-a9e4-4a5908a043a8", "value": "de64c26c36a38a1fa1579db0e96c5433cc42fe76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838331", "to_ids": true, "type": "sha256", "uuid": "149b206f-169f-4db7-b41e-fc81aaaf98ab", "value": "e01849b530bf3782251b7395db9ad6c307bd0b88a7bb216847eb9cd5e8109b8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838331", "to_ids": true, "type": "ssdeep", "uuid": "be6a44b0-2c56-46be-bdb6-6cf2d4ca1a41", "value": "6144:zKfdzViOqYDtqL6d+r1KM+NIR3yqgdCJUXEfj4OikpFP/Kr:zKfdZiODDtqL6Ar1lE1G4OTY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838331", "to_ids": false, "type": "size-in-bytes", "uuid": "d09d3c49-15d1-4894-bbfb-d12b61162782", "value": "243050" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838331", "to_ids": true, "type": "vhash", "uuid": "9058d828-b41d-4a86-a53a-a4ea87899045", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838331", "to_ids": true, "type": "filename", "uuid": "31e8e196-f268-42f5-9cc8-dc70bec50be6", "value": "3d40fd55624c8f50df8bf31176cae754.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838331", "to_ids": false, "type": "text", "uuid": "5313ee4a-677f-4962-a8df-f940a989c724", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838353", "uuid": "e89d0d1d-2638-4f7f-9a7e-54e703856095", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838352", "to_ids": true, "type": "md5", "uuid": "507b7022-9d60-4599-b753-00749a617c85", "value": "3a30db4b5b242efda91db98d6de553f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838353", "to_ids": true, "type": "sha1", "uuid": "8ba31ad9-8755-4b69-8e6c-cf20245bb0c8", "value": "9f380437ceaf4b61f60827f622855db6c5cfbb8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838353", "to_ids": true, "type": "sha256", "uuid": "d6df68a0-a70c-45a8-a8a9-28fdbc671872", "value": "297b75d3a88c5c327d4d686ed9ba0c4993d80af594c2c9734d85e64a585f5c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838352", "to_ids": true, "type": "ssdeep", "uuid": "e2598390-91f3-4bad-af5e-2145b5a5946b", "value": "24576:dZmPErHbcf/vJYsf5KUOFGGlxCY5lJfOT:dumQf09WyNq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838352", "to_ids": false, "type": "size-in-bytes", "uuid": "a0dfd559-1198-4610-9231-12210ad9f210", "value": "871658" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838352", "to_ids": true, "type": "vhash", "uuid": "347b6899-b690-4136-a31d-ed504e1ec0ef", "value": "4a1d181642d9d9f41b3cfe991817aaa4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838352", "to_ids": true, "type": "filename", "uuid": "efa79a08-00c4-4663-9843-efa321042045", "value": "3a30db4b5b242efda91db98d6de553f0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838352", "to_ids": false, "type": "text", "uuid": "e42cdb93-0363-4a39-ab41-e860bc9cae9a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838374", "uuid": "e0fff7e5-d94b-4009-b920-88bf3f13cdde", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838374", "to_ids": true, "type": "md5", "uuid": "0acb06b0-ba3c-4c9e-9fcc-60db09f7e2dd", "value": "2048e421d2903b3a9335db38d4b824b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838374", "to_ids": true, "type": "sha1", "uuid": "43763d08-e70b-491a-aa6b-561eb1fa1ceb", "value": "695c7fd001c5f8527e6d94a27c89746b845a7199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838374", "to_ids": true, "type": "sha256", "uuid": "352d0933-5d1b-413a-9b37-dd214fbe602d", "value": "1ac33b8483d37a48a9af6d7ba14be55cbe3ccc7e9376cd52b4aa288a8757f844", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838373", "to_ids": true, "type": "ssdeep", "uuid": "d0cf3d6c-568f-4526-a3b3-543384f66c93", "value": "49152:JcimumQfvXRRDq079Eq+bzgDFs/b2N+yaq3Qvos81/+hP/nLfV0za+MZUfT3o:Cry/pEdzOFDoPY1/+x92a1Zc4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838374", "to_ids": false, "type": "size-in-bytes", "uuid": "47bd21a5-3148-432c-bda6-08a12c69b4c8", "value": "3069832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838374", "to_ids": true, "type": "vhash", "uuid": "a9a85443-29ee-4c95-9222-dd2eb9a057fc", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838374", "to_ids": true, "type": "filename", "uuid": "2495065c-50fa-40c5-aa80-10c43955e832", "value": "2048e421d2903b3a9335db38d4b824b6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838374", "to_ids": false, "type": "text", "uuid": "396342ec-82f1-4677-aace-b84ad585d979", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838395", "uuid": "c5c2177c-476a-4aa4-bf3d-59f5da64780e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838395", "to_ids": true, "type": "md5", "uuid": "e08a1dbc-44b7-4ffe-99fc-63ba1a317f7b", "value": "d00267ab21ca77ae4ef3f2df3c158f4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838395", "to_ids": true, "type": "sha1", "uuid": "79d9536a-fd0d-4779-ba90-ce617e22f840", "value": "2eef125cc7fb80cd5d7ffbb24622dd0aae4ee601", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838395", "to_ids": true, "type": "sha256", "uuid": "8fed49d2-bc0d-4422-b903-3aab4affbdd4", "value": "d422409c42881aee3fe765a354518a4c00474dee19674dbf06a8d5b835fb6a79", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838395", "to_ids": true, "type": "ssdeep", "uuid": "7daf88a6-7d99-4bc9-be14-543789dc3bdb", "value": "49152:uhOpYKkq6Nv9lHMVBN+ScshKuTQtDtPCfKfT7ssAbA:6O5INLHKBNTvhKZYyHUbA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838395", "to_ids": false, "type": "size-in-bytes", "uuid": "f07e5906-244c-470c-b342-e84a28fa0ecc", "value": "2062271" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838395", "to_ids": true, "type": "vhash", "uuid": "47bb93c8-f904-45dd-ba8b-09fe543ec642", "value": "b92b77a6265452d707ff73bde8be5504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838395", "to_ids": true, "type": "filename", "uuid": "cd14d2af-9669-40ac-8d63-86a1b9c31312", "value": "d00267ab21ca77ae4ef3f2df3c158f4d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838395", "to_ids": false, "type": "text", "uuid": "ee74a46a-87e9-446b-8489-e2aa9609c3c9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838417", "uuid": "7a7a04ec-c94c-403b-bc9d-78af593c3943", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838417", "to_ids": true, "type": "md5", "uuid": "16dea771-e775-4c09-955b-d84ff173aa84", "value": "4913b8be643daeba4732267f6f53b1c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838417", "to_ids": true, "type": "sha1", "uuid": "2f9d4837-46fd-442b-93f5-03cec22e3396", "value": "6c4d22d617804ecbb9e3fbdb5c64cb739a4e02d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838417", "to_ids": true, "type": "sha256", "uuid": "f3f92a08-c235-4052-bceb-238e1585aff5", "value": "261c764da94de25c06e7e0047de7cc19ab6256d88f071906eef5f624f9cf3f24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838416", "to_ids": true, "type": "ssdeep", "uuid": "ba84c9b0-78d4-476e-b1b1-d1f3c3d07389", "value": "98304:fZa61dcadxeYdzOFPWhwvQyWmPBkNiQeaft:BaG2k8FPKSh3PBIiQe0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838416", "to_ids": false, "type": "size-in-bytes", "uuid": "8a048efd-d973-43bd-85e0-4d96131b771f", "value": "3556972" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838416", "to_ids": true, "type": "vhash", "uuid": "8ca74243-4346-4cf8-b465-253ae8789634", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838416", "to_ids": true, "type": "filename", "uuid": "7f332f0b-6985-4aa5-ae60-637ee42e3284", "value": "4913b8be643daeba4732267f6f53b1c2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838416", "to_ids": false, "type": "text", "uuid": "9ae70765-c1fc-465a-8970-8e553b0cdd35", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838438", "uuid": "11eddeba-bba1-45a0-b136-ef2911147ac8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838438", "to_ids": true, "type": "md5", "uuid": "eaf40f0d-f825-4ed2-8d24-73adf99b3e00", "value": "234acfb27a21879137fa1725428999cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838438", "to_ids": true, "type": "sha1", "uuid": "69e077ef-4c57-4546-bfb6-a11fb965f14c", "value": "c1a91c045eca76fe6a3a9d47ea13d4e0dbd50e16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838438", "to_ids": true, "type": "sha256", "uuid": "c0d34f07-0084-4571-80a8-5584b8db2e95", "value": "8646237cbe66f1f36c18a7e8bfbea0f1219bd81b1ebce71fdf24481d51cdc8e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838438", "to_ids": true, "type": "ssdeep", "uuid": "e9a6c303-bdbf-4b3b-8ed6-ff581501db66", "value": "49152:scCPumQfUXRRDI0Mnsq+bzgDF8hgLNiaaq3/ooTUoU+oX5OLcrjsUArIQi/qmgVy:5cXZesdzOFzwcTIbJObUA0P/qmWk56I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838438", "to_ids": false, "type": "size-in-bytes", "uuid": "43067abb-b869-40fb-ae84-3544dfe15b7d", "value": "3051100" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838438", "to_ids": true, "type": "vhash", "uuid": "de6666c7-d498-4ff5-ac86-6f103b279c05", "value": "579f308133867e6e37186ba59fe66fcc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838438", "to_ids": true, "type": "filename", "uuid": "3714d591-f0e3-4847-a637-ff112f0c0559", "value": "234acfb27a21879137fa1725428999cc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838438", "to_ids": false, "type": "text", "uuid": "3a96e429-d22e-46bf-aede-fe5589c988b8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838460", "uuid": "9ab42fec-3adb-440c-869e-b951a80fe9a7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838459", "to_ids": true, "type": "md5", "uuid": "28d9c340-190f-4dfd-898a-b9b99d989b0a", "value": "66a854346d195e0fd4be3c1be90f18d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838460", "to_ids": true, "type": "sha1", "uuid": "76e701e9-7f86-4b94-abc7-1867c128caa2", "value": "10bcb2fe654eb31f92e35ef9cb05d7810006c8ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838460", "to_ids": true, "type": "sha256", "uuid": "0ae57029-a999-47ba-a713-0f435f29066f", "value": "887b15643488d5d30611c905aab50deaf56810384d7bf4355ae41eb2fc428996", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838459", "to_ids": true, "type": "ssdeep", "uuid": "8354b853-3f00-4fc7-a008-89c64838d37d", "value": "49152:ppfqBM9ynzaxecHRsS/Tf0EUcofqXfqGK1qvpM:ppflkWxecHOS/T8eof+fEARM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838459", "to_ids": false, "type": "size-in-bytes", "uuid": "345d39a8-f0ec-4322-898a-1d2c4e299c20", "value": "1633198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838459", "to_ids": true, "type": "vhash", "uuid": "51edcc48-5e6a-4f85-97c1-89d24608fe14", "value": "c8813110af9aa4c68a74cb1c71f13068" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838459", "to_ids": true, "type": "filename", "uuid": "6e9f6e5a-a383-4e8b-b0c9-ed44a764cb52", "value": "66a854346d195e0fd4be3c1be90f18d4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838459", "to_ids": false, "type": "text", "uuid": "335ea52c-41ff-4b65-b860-612548095bec", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838482", "uuid": "cbc98192-d80c-46cb-a2f6-196d037ff676", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838481", "to_ids": true, "type": "md5", "uuid": "b67097f5-8f94-4ea1-9a88-d60dda38501a", "value": "265db0d01eafae05280b7bd8938cea47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838482", "to_ids": true, "type": "sha1", "uuid": "49a9c884-28fc-4901-8dc7-a8a56374131b", "value": "349dc8a48ae91867923573cc6fc5b1cb9b8dde41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838482", "to_ids": true, "type": "sha256", "uuid": "49d9a307-a3d8-4b91-a4e2-e9ec75edd117", "value": "a966fb04a2bd9c04b39c7785d1513ff2d1eee4f9f73518f0726eea1df50d806a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838481", "to_ids": true, "type": "ssdeep", "uuid": "cead99a1-d5f2-4443-bfda-2b717a8cddaf", "value": "49152:TvcQX697dZe2umQfYXRRD90qlYq+bzgDF/W7FNN54BQIXWhk7ugjq42zFR0/r2Oc:TUa61dc2daAYdzOFm7cG40FRK229Q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838481", "to_ids": false, "type": "size-in-bytes", "uuid": "4d8497dd-dd03-46b3-b52e-d73daa366533", "value": "3556783" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838481", "to_ids": true, "type": "vhash", "uuid": "9d0a47fc-1d92-431b-af91-531fea912336", "value": "fcc314d05bf413954420e8f032167351" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838481", "to_ids": true, "type": "filename", "uuid": "5d7a8f6a-5b2f-47a9-8968-25f3b31f4554", "value": "265db0d01eafae05280b7bd8938cea47.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838481", "to_ids": false, "type": "text", "uuid": "f3a49d0a-9f7d-468a-88fd-c545cac13147", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838503", "uuid": "b9b78c6b-0278-4bbd-8c96-32bfb7b90009", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838503", "to_ids": true, "type": "md5", "uuid": "886b805a-ca06-474c-8aa3-785e16912132", "value": "77d27f11233fa0d1ce13e702da96276f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838503", "to_ids": true, "type": "sha1", "uuid": "b847f681-82aa-4222-8fda-d19b80012f81", "value": "87e687ccf687572281391c7bafb722989eee01f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838503", "to_ids": true, "type": "sha256", "uuid": "0bce3408-1592-4ce4-8c25-739ab1a43f6d", "value": "3d6e81a1257c2403d048116dd3c64a1ec57963bab2ae68766f2390805efb9135", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838502", "to_ids": true, "type": "ssdeep", "uuid": "fb14d39b-cac1-4719-bc27-1ab10e69982d", "value": "12288:1aZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9ZMVXb6fq02clmeFzSW66:gZmPErHbcf/vJYsf5KUkV62cmIzSa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838502", "to_ids": false, "type": "size-in-bytes", "uuid": "ce6eae1d-012d-4a10-9638-a92395d791b8", "value": "872235" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838502", "to_ids": true, "type": "vhash", "uuid": "fc7c89d2-74d7-4bbf-bec3-cda16d6e4647", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838502", "to_ids": true, "type": "filename", "uuid": "5cd594d3-70de-4e15-af34-a8d62aefba00", "value": "77d27f11233fa0d1ce13e702da96276f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838502", "to_ids": false, "type": "text", "uuid": "a6628de0-0080-4412-810c-7b5ce46200db", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838525", "uuid": "ec09a680-95e8-46bf-9b59-5b1d72d9c8b2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838525", "to_ids": true, "type": "md5", "uuid": "5c7eebc8-280e-456b-b149-c57eb6f81073", "value": "30abe58de905ced8a329d0b0116afce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838525", "to_ids": true, "type": "sha1", "uuid": "0d28957a-91b4-4ca8-99a7-82720beedcc0", "value": "7066ea75bfc263a1c541f4f65c8760beb1178b4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838525", "to_ids": true, "type": "sha256", "uuid": "6aab6b76-0371-4e22-8a32-5737a29c5261", "value": "09ad66ae76c60b936f9660bd4fba6e589acbe66d3f98b319f18d7748d79da103", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838524", "to_ids": true, "type": "ssdeep", "uuid": "ac0f738d-ccb0-45a8-8a8f-b681f54df2ec", "value": "6144:nkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs58:tRIKiDQM6tQ30fTviiX8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838524", "to_ids": false, "type": "size-in-bytes", "uuid": "f769deec-d221-43d5-859e-4477afdadb02", "value": "247719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838524", "to_ids": true, "type": "vhash", "uuid": "61f10ad4-c5dd-4606-ab83-3579120ddafe", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838524", "to_ids": false, "type": "text", "uuid": "23fa8a17-66cf-4e09-8ef0-5f4f53679e9c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838546", "uuid": "0850b5fe-68ce-4629-8cb4-ca5bd7be0b98", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838546", "to_ids": true, "type": "md5", "uuid": "a3b2acb0-0e32-45a8-9c9a-4f00b726cd35", "value": "132fe116f4b4ab0cc6473b3d341ecf3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838546", "to_ids": true, "type": "sha1", "uuid": "c845a35a-22a6-47e2-977a-8544a208a7ce", "value": "a2eb290e2fbbf7857a01c210816bbf50f2074f1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838546", "to_ids": true, "type": "sha256", "uuid": "c6cd5eaa-d950-4075-9437-38046ca0861c", "value": "bec5c2ea4ae7ce2f99cdeb180f72f33d82b69e54defd7cec03457341d9ea09fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838546", "to_ids": true, "type": "ssdeep", "uuid": "e11529e0-bcb6-48a3-9a5e-1389cce19025", "value": "98304:Tu3jbbNs2wlMBODOvqnmquPEJgnzlyWeZaq:TuC2MM9qnOPYgnzTeZaq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838546", "to_ids": false, "type": "size-in-bytes", "uuid": "db39ded1-3087-4cac-bd62-7400e6c52121", "value": "3535411" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838546", "to_ids": true, "type": "vhash", "uuid": "2e2a49ae-bc05-4187-802d-4f0e456be793", "value": "0caafd0c8e87f95bca68e0fc7c93c0a0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838546", "to_ids": true, "type": "filename", "uuid": "7d76e669-a46f-48d4-ac24-3bb1a19e9f51", "value": "132fe116f4b4ab0cc6473b3d341ecf3d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838546", "to_ids": false, "type": "text", "uuid": "30dc896a-23f6-48e7-b5b2-f10644d01133", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838568", "uuid": "f6029c9e-8873-4ef5-8fea-dd967eb89bc6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838567", "to_ids": true, "type": "md5", "uuid": "7c5a9496-d6ba-46ed-b02d-769f0ea5416e", "value": "45799f592524154bedf88072a42146c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838567", "to_ids": true, "type": "sha1", "uuid": "6d392806-03de-4b1b-95cf-ea65b4938aea", "value": "16a5bd929f369d0da6a22cae98d80baa9af9b141", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838568", "to_ids": true, "type": "sha256", "uuid": "53efa673-e5f9-4e35-a90b-b2816a42fcbc", "value": "e8ce7a099311975ea262fa9f8e51bd5d7475943e1e7ed90e6352e7748c50020c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838567", "to_ids": true, "type": "ssdeep", "uuid": "8eccf219-2d25-4b6f-a228-5a279f098633", "value": "12288:GNZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9tMVXb6fq02clmeFzSW6s:CZmPErHbcf/vJYsf5KUMV62cmIzSM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838567", "to_ids": false, "type": "size-in-bytes", "uuid": "ce7d6784-49b3-40de-aaf0-2300f3b8bbe8", "value": "872229" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838567", "to_ids": true, "type": "vhash", "uuid": "3388635c-f8cb-47d8-b6c8-b6280c5b9b4f", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838567", "to_ids": true, "type": "filename", "uuid": "4e93158a-04f0-470f-954e-47b0a137a1cf", "value": "45799f592524154bedf88072a42146c6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838567", "to_ids": false, "type": "text", "uuid": "dda50c99-881d-4a75-819d-24db913dcdc4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838589", "uuid": "845772c5-a9ea-4490-9218-1839cdbf40c3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838589", "to_ids": true, "type": "md5", "uuid": "dda9de05-8667-4aaf-afb1-4dc105cc5df8", "value": "1385634b02049d2d370b95d22cdca26c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838589", "to_ids": true, "type": "sha1", "uuid": "0e715c50-fefa-4180-89fb-c5d60455b914", "value": "06ff1236e6675e84d678aad588865a5fce14f5ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838589", "to_ids": true, "type": "sha256", "uuid": "6e1dd675-7747-4e54-ac63-8f252393cd4d", "value": "1ef79569beed602ce2aa0c92c0a61479deaf1da0a963e821d006312df3b9239c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838588", "to_ids": true, "type": "ssdeep", "uuid": "24396c2b-182e-4ef0-82c9-ff33765531de", "value": "24576:CZmPErHbcf/vJYsf5KUMiPeXwkbTpnhdTT8:CumQf9PeXwkbhhd/8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838588", "to_ids": false, "type": "size-in-bytes", "uuid": "dee2a44f-387a-4161-9c87-82be41a3e0b3", "value": "872190" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838588", "to_ids": true, "type": "vhash", "uuid": "6eebb549-defb-4b49-bb0b-cdcc0c57b63c", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838589", "to_ids": true, "type": "filename", "uuid": "4d66e280-1d0b-4888-becc-89a055640841", "value": "06ff1236e6675e84d678aad588865a5fce14f5ed.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838589", "to_ids": false, "type": "text", "uuid": "4ca3d68a-9fa1-4724-9950-eec57b81d6bf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838610", "uuid": "7839edf0-b7d6-44eb-ad83-e792f6fa9607", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838610", "to_ids": true, "type": "md5", "uuid": "9f3f9a77-a61b-493d-8bd6-8b4c5d0c399f", "value": "ae1d12c9e8122e5bbe9aa72560d4e085", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838610", "to_ids": true, "type": "sha1", "uuid": "8385658f-a1cc-400f-b22f-fd0812f220a0", "value": "8595aa82e2a3430731b8aaef036c78b30570d6d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838610", "to_ids": true, "type": "sha256", "uuid": "67fc362e-96f5-454f-8ba2-53c443602705", "value": "8953f65cf674cdb081de1da837b78ae33f422a1c841585a901ebe3a9d30f65d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838610", "to_ids": true, "type": "ssdeep", "uuid": "0534fd60-3ba4-4089-a004-daaaa564f073", "value": "24576:+5BZzfcBiQyYrn70DqHSIpH/ki+rrO4ipOXy5TCzdp84Kjbo1qwZ8zv56:+FfcgQT7dH+rrO45zxkwZyv56" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838610", "to_ids": false, "type": "size-in-bytes", "uuid": "319a15c7-8bdc-4074-ad29-83d8e592f3d3", "value": "1597977" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838610", "to_ids": true, "type": "vhash", "uuid": "bb169e27-653d-4ade-b04d-150ff1463f74", "value": "1e3364c62bdec1ec934ce02233e646a2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838610", "to_ids": false, "type": "text", "uuid": "86b08352-4042-4f27-853a-270287aa2dc6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838632", "uuid": "7c40c4ca-cb6a-4356-bf6e-744a5bccd77c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838632", "to_ids": true, "type": "md5", "uuid": "b6754b78-aa4f-431d-96a1-49f180c065c8", "value": "3130ddcc023744495f2a391ca295faec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838632", "to_ids": true, "type": "sha1", "uuid": "14b76f19-dbe7-424d-9d76-9a476b8ee429", "value": "0a6e5d09bed7ddf37de690e1d24ca84aaecac9ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838632", "to_ids": true, "type": "sha256", "uuid": "1d4bc18c-ac76-4c16-b5eb-b37843955716", "value": "dd21475029b0c9f575be4275d3965898b08b00aa3e181f0b3af8750c6409e3ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838631", "to_ids": true, "type": "ssdeep", "uuid": "f936f4d4-4e7a-433c-b058-54e01690476b", "value": "12288:dSIuxK/MCa720sMAUcglwqhmRx+5QJq81AHmtrwePQKd5li/l3f2JpLP4:8LI/4CFMFJhmXoo4mtrNoK6eDs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838631", "to_ids": false, "type": "size-in-bytes", "uuid": "61a295f6-2681-49f3-9bfc-0ea377ed1a69", "value": "747475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838631", "to_ids": true, "type": "vhash", "uuid": "a53c830c-c0a6-4d8d-8190-d32d46f13eda", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838631", "to_ids": true, "type": "filename", "uuid": "003019a7-4125-47ef-a609-4e40daf50012", "value": "3130ddcc023744495f2a391ca295faec.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838631", "to_ids": false, "type": "text", "uuid": "710e4940-8843-4195-8c8a-6b37a4240ff0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838653", "uuid": "801a724a-96c4-4404-875f-ebf20d1d0b49", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838653", "to_ids": true, "type": "md5", "uuid": "43114f7a-5b66-458b-b51c-b198c143ce46", "value": "930095b74ffcdf11e1409ce7cad7ef24", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838653", "to_ids": true, "type": "sha1", "uuid": "f48615d9-0507-48f6-9a2c-8ce172ca96f3", "value": "2277e62c41edc3616d7c0dac792bdea384a5c094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838653", "to_ids": true, "type": "sha256", "uuid": "e63716fb-ea05-4683-8efa-cce817eb4472", "value": "086024c32e2ebf18d715e7a87a339f72569e41f33cba02c2a0d724fea4af569c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838653", "to_ids": true, "type": "ssdeep", "uuid": "ff0aa196-9d78-4a7b-b731-5713463f2ca6", "value": "49152:k84CFMFVhML/ENko+FmuvUQwLR/5395Yle2d+MKdRm6v:k8nMXh6/ENh+FwLLRt9GlNZ16v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838653", "to_ids": false, "type": "size-in-bytes", "uuid": "1ff6b36a-ffb6-4693-84e2-12e3aeded81a", "value": "1790022" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838653", "to_ids": true, "type": "vhash", "uuid": "398ed333-a8b5-4318-971e-3dbfd798c6f8", "value": "fef04cfb0026a16c08a822254c235939" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838653", "to_ids": true, "type": "filename", "uuid": "0e66ff6f-b52a-4ea6-aaaa-ca09fa41185a", "value": "930095b74ffcdf11e1409ce7cad7ef24.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838653", "to_ids": false, "type": "text", "uuid": "d8f01ab2-2c69-4352-be3f-5c0bed78d7cf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838675", "uuid": "49362697-48cb-46ae-a907-ac18cb4c8e77", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838674", "to_ids": true, "type": "md5", "uuid": "d18048d2-b182-47ff-891e-a0e4437ea5d3", "value": "4b51f8893d308800f3356b2d17939a56", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838674", "to_ids": true, "type": "sha1", "uuid": "5a424bcc-5644-408f-a983-88c277636922", "value": "a12dce71084c80d225ddc4e4c83122c0ad38d80f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838675", "to_ids": true, "type": "sha256", "uuid": "e3542475-dff4-40c4-9d06-b4c6ebaa8b8f", "value": "63bcc9c61e3a8d24fbe815757b846834f4f68c5a3d09f984f6e6a56aeba7100f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838674", "to_ids": true, "type": "ssdeep", "uuid": "d2624128-e02b-4321-822a-3a11bde32661", "value": "24576:iXlBwfgOFDVNdmnRpgzy4VnrkZNPvSJW1:iVGfgAx2u9VrkZNPk8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838674", "to_ids": false, "type": "size-in-bytes", "uuid": "3df71d56-9fe5-4497-a96b-e7e33a83e270", "value": "820807" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838674", "to_ids": true, "type": "vhash", "uuid": "2ca506f3-1901-4fc8-beda-642c64736bea", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838674", "to_ids": false, "type": "text", "uuid": "75f4c247-036e-46b8-8761-a60e703bf0fa", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF0\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838696", "uuid": "d2c802d5-d296-4efe-991a-66321f1cf472", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838696", "to_ids": true, "type": "md5", "uuid": "f387b24e-0dcb-400e-8eed-f23de3d068c0", "value": "3ac0702ffaf011a50a6353b14b5eaaaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838696", "to_ids": true, "type": "sha1", "uuid": "1f5081a7-0bf8-429e-88af-268260d78c9b", "value": "df506296c76a1b280f2b512c7912fc344fca4677", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838696", "to_ids": true, "type": "sha256", "uuid": "c9d5e94c-a127-4aac-9923-2cb6d9dead65", "value": "bcbefa428da68e33aeb88190767c9ab27567818b42e767695b94c393889df78c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838695", "to_ids": true, "type": "ssdeep", "uuid": "9109396e-40fe-4985-b5a8-8b1293da3b0d", "value": "196608:DPemnN6eMqQ7jXv+xkJ5c4qvcq8O0AMSr3/926i4u3c:DP7nDMtXWxkJC9vz8zAvlxru3c" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838695", "to_ids": false, "type": "size-in-bytes", "uuid": "36d52a92-c058-466d-9835-ed1fa67bc190", "value": "7781925" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838695", "to_ids": true, "type": "vhash", "uuid": "fbe0a3a1-5e46-48b5-a86a-4e137e696549", "value": "38379c2b745ed5bb7a4f361d3a52953d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838695", "to_ids": false, "type": "text", "uuid": "44a20396-897f-4bd9-bab3-4d812ad44c89", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838718", "uuid": "5ab93b75-e4f7-4388-9b1e-23d6dd0726ab", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838718", "to_ids": true, "type": "md5", "uuid": "cb4968c1-141b-42b1-9c95-e490baecf927", "value": "707f43f7d1d23f88fc4b4c6d29b767c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838718", "to_ids": true, "type": "sha1", "uuid": "6c28e4ce-4206-4f02-891f-a69313859729", "value": "b3e40ceda7258188ec539c9d6f1bd2fac6700462", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838718", "to_ids": true, "type": "sha256", "uuid": "bdae69d7-0b0f-41fb-9cee-f4db92101991", "value": "f467d1f7038137c688ca73fdbc30a2239f7f423d15cec389cf07193a3a8773b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838718", "to_ids": true, "type": "ssdeep", "uuid": "51dd122c-bbfc-4cb8-939d-550045de89d8", "value": "6144:MkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5W:GRIKiDQM6tQ30fTviiXW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838718", "to_ids": false, "type": "size-in-bytes", "uuid": "671ffc12-70af-4512-a89c-77bd81d964ba", "value": "247715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838718", "to_ids": true, "type": "vhash", "uuid": "7fe6d33c-bacd-49ff-851a-f5080bf681af", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838718", "to_ids": true, "type": "filename", "uuid": "8a8d3e19-3056-4906-9423-e58c30fd7afa", "value": "707f43f7d1d23f88fc4b4c6d29b767c8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838718", "to_ids": false, "type": "text", "uuid": "dc8892ef-547a-4a48-9407-8f976ccfe741", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838740", "uuid": "0cc0ad72-1d64-40b1-bf2e-dfeacbfad8dd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838740", "to_ids": true, "type": "md5", "uuid": "0ef59794-08ad-4d3e-9aa0-b5bbaa0e75c8", "value": "94c9301e910f41472e3f1973cfb222ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838740", "to_ids": true, "type": "sha1", "uuid": "72d85d16-bd1a-4a8a-8325-b2f4bcc492b2", "value": "21f9c5f6270cb896169586743a40376f8b617963", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838740", "to_ids": true, "type": "sha256", "uuid": "de778205-d803-4a32-81ea-6e5c4665bb85", "value": "afa0ef38c83465ebd82896488f6fc42d5ded42be5b91900b78bed26f697809e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838739", "to_ids": true, "type": "ssdeep", "uuid": "098f654f-339f-4682-962a-138f5e817bfa", "value": "1536:Lt6XHt6X8sxVCglPTeEGeZ6WZ2RQaxbDj+W:LMXHMX8OCJEGPM2aebX+W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838739", "to_ids": false, "type": "size-in-bytes", "uuid": "6cd08811-197a-4299-9166-c4a00d22f996", "value": "57089" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838739", "to_ids": true, "type": "vhash", "uuid": "77b702e8-0dae-4189-9437-ad266d76d41f", "value": "fad1bdead7485f65087bcc750aee2023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838739", "to_ids": true, "type": "filename", "uuid": "94229d60-8beb-4a4a-9d32-bd50715f4771", "value": "94c9301e910f41472e3f1973cfb222ec.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838739", "to_ids": false, "type": "text", "uuid": "a4fe5693-fb59-4f33-ad85-e502483dc31a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838761", "uuid": "754ed4b6-7279-468b-8250-4a909c3481a9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838761", "to_ids": true, "type": "md5", "uuid": "129d2fc1-0af6-44ae-88ab-8f29d12c3379", "value": "bc886560f880a9910b5f02513c20cc85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838761", "to_ids": true, "type": "sha1", "uuid": "e7c91c71-63a6-4492-b569-9e71695fe335", "value": "733498db23f2ba0fff5ad356151d34b233057b5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838761", "to_ids": true, "type": "sha256", "uuid": "4edb4cb5-5391-4908-ac04-c725d748e551", "value": "115d956bbc9468b84e16fd6cfe2a3ed4b81a4c404c47f84f3606b62c21ec0a48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838761", "to_ids": true, "type": "ssdeep", "uuid": "0e2bfec3-fef6-4004-825c-8b64b428942d", "value": "6144:WkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs5E:8RIKiDQM6tQ30fTviiXE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838761", "to_ids": false, "type": "size-in-bytes", "uuid": "e35c3418-c691-4632-843c-a293c0f8b368", "value": "247714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838761", "to_ids": true, "type": "vhash", "uuid": "3ef4e068-407c-4491-884c-7ddf23ebf1a4", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838761", "to_ids": true, "type": "filename", "uuid": "1b31f396-de1e-408d-806e-588d2b5760b5", "value": "bc886560f880a9910b5f02513c20cc85.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838761", "to_ids": false, "type": "text", "uuid": "1f3ae903-4035-45d4-a890-1a2793467f47", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838783", "uuid": "293d2c37-b22b-499d-8938-33bcddd94945", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838783", "to_ids": true, "type": "md5", "uuid": "993c7b08-cb04-4e7e-90a8-8638dc726379", "value": "8a2b050a02f6a9db5e02a36ceeb9cf7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838783", "to_ids": true, "type": "sha1", "uuid": "de2d6b80-9ddf-4cc1-81e7-dae3a1f3003c", "value": "6a37905c44a13559d7758eb29369c2ca890ce2c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838783", "to_ids": true, "type": "sha256", "uuid": "19f7063c-5fce-4c8c-9d62-c44ac45b28d5", "value": "b5a83e0afcfcf27968f4591b7795677b03c18cc23979c919c6d820b96628a65f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838782", "to_ids": true, "type": "ssdeep", "uuid": "a22692ea-7a8c-4406-9600-8c896e894c4c", "value": "49152:4UaKXYRxsZW3pFcW9SF20lC8wi3FORqoh23HjqZ0:laKaxN3piWuXCicR6Xjqi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838782", "to_ids": false, "type": "size-in-bytes", "uuid": "11d37120-3549-4ec6-b904-b0791efbf519", "value": "1850170" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838782", "to_ids": true, "type": "vhash", "uuid": "d52b6309-2512-4a3f-9cdf-523529472e24", "value": "fef04cfb0026a16c08a822254c235939" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838782", "to_ids": true, "type": "filename", "uuid": "71c78fcd-5bf3-4e5f-a29b-2f295469fcf2", "value": "8a2b050a02f6a9db5e02a36ceeb9cf7c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838782", "to_ids": false, "type": "text", "uuid": "2a1314d0-7828-4bd7-abca-0fcbb1636556", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAB5\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838805", "uuid": "9384709c-97f9-4cbe-8e65-b79b576bf4af", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838804", "to_ids": true, "type": "md5", "uuid": "da717dae-cd50-4e9e-b80d-0ded3eadbb83", "value": "f895a8521e5410bf9158da78a24f550f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838804", "to_ids": true, "type": "sha1", "uuid": "bdeafd02-096c-47df-8cbc-32011a2318f1", "value": "11560ca63c246aea5ad429c1f40e39aa94cb3cd7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838805", "to_ids": true, "type": "sha256", "uuid": "ac2be6f1-84ac-4453-80b0-15c027e438a2", "value": "ad55a612ce1d6009ff623cc81a2786e4a20be5e690e9719aafc17ca683b9649a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838804", "to_ids": true, "type": "ssdeep", "uuid": "ff38b94d-d53d-45c4-a498-d468cf5623ab", "value": "12288:8qo4nzc2XIeJYxh8hBl7AkUTrYouCRw3vlz7zYr+p+tyvZYfhwaKQcDXj:UAdY6l7CHYouCaZArSefhwJQ2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838804", "to_ids": false, "type": "size-in-bytes", "uuid": "adbd85ca-63cb-48fd-b1f7-9f57d512c6b3", "value": "607750" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838804", "to_ids": true, "type": "vhash", "uuid": "05867206-5888-4f1d-bb3a-f58eb00022ec", "value": "510b918ae89d119cde8968504635959d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838804", "to_ids": true, "type": "filename", "uuid": "fb554b3f-1707-4111-bc8d-72303677f121", "value": "f895a8521e5410bf9158da78a24f550f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838804", "to_ids": false, "type": "text", "uuid": "59e477ba-c1b7-4032-9efa-9806034329b4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838826", "uuid": "e8439abd-2854-4d69-9977-e0a89b875fdf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838826", "to_ids": true, "type": "md5", "uuid": "81298242-9149-48c7-8edd-69e237615bd2", "value": "67529dfb350b34a478bf4bcca94a0774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838826", "to_ids": true, "type": "sha1", "uuid": "9f2821e5-8cbb-42ec-8c47-ffa5d06d41d7", "value": "470a76ce74789facad79c7502f4e5b9fde4a7b87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838826", "to_ids": true, "type": "sha256", "uuid": "996f73c3-dec3-47ba-891a-430ea4225c76", "value": "44b888cdb26c906808719cd8fc77cf2c640b3383351fb267add963799fa733f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838825", "to_ids": true, "type": "ssdeep", "uuid": "d0d5c421-54c0-4853-b8d6-608c991524df", "value": "3072:qMXpMXe+/32j9l1PdBh1OfhI9rG7c2ipkuQ5xN1:q4p4ewql1PdBhY29Awpub1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838825", "to_ids": false, "type": "size-in-bytes", "uuid": "fb294bc6-82e0-425e-ac59-ce7a213f0ded", "value": "131312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838825", "to_ids": true, "type": "vhash", "uuid": "c265b44a-e2f0-4e75-b0a2-d96bc400b303", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838825", "to_ids": true, "type": "filename", "uuid": "4dcc61fa-6daf-4d58-933c-c764f6c78b99", "value": "67529dfb350b34a478bf4bcca94a0774.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838825", "to_ids": false, "type": "text", "uuid": "9a1cc9fe-a68c-4b98-8006-477d006bd96e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838847", "uuid": "d6dabcea-4853-49bd-977f-18831699b855", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838847", "to_ids": true, "type": "md5", "uuid": "1f0bc2db-ff26-430d-a64c-f536f59e701f", "value": "4cd401914464a4c953e7960a70cbe712", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838847", "to_ids": true, "type": "sha1", "uuid": "1ebdc5f2-a0d2-4268-b68c-714c44142b01", "value": "23207ac1d0853956e94b4359f60f6f56c180381a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838847", "to_ids": true, "type": "sha256", "uuid": "92dbf4f2-a70c-45d6-b519-f1e6c178acff", "value": "cecaebcfe001b0ef0540cd1ddf13a7dc1233b4f2a126c3d3f64d5f72fdf2ae6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838847", "to_ids": true, "type": "ssdeep", "uuid": "9c12ae08-899c-437c-8ac7-ba0348e680d5", "value": "3072:yyMXgMXqA4WBhsIQ7Bl+ysq/ilXrx548qv4VBZ:yy4g4qwBhIB3svx48qOZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838847", "to_ids": false, "type": "size-in-bytes", "uuid": "86cd648b-0ebf-47bf-a25f-8b094e09b382", "value": "130936" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838847", "to_ids": true, "type": "vhash", "uuid": "26e65d9f-e72b-417b-a333-fa34743d7bc4", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838847", "to_ids": true, "type": "filename", "uuid": "00f6b9c4-544d-4943-8143-90f5aa53b175", "value": "4cd401914464a4c953e7960a70cbe712.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838847", "to_ids": false, "type": "text", "uuid": "e1c380e2-4f76-435e-8f63-f97d53fe66a3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA9C\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838869", "uuid": "720e04ca-7915-4f6a-8370-4336860d097d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838868", "to_ids": true, "type": "md5", "uuid": "14109f21-d11f-4d73-aba3-74b0fc0d90fe", "value": "90ccd6bb822e96627c8d07d49439521d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838868", "to_ids": true, "type": "sha1", "uuid": "0c1fa91f-3f1c-42ff-ad45-0e10d5f86a8f", "value": "7f413dfa4eb29a6de6914beec1c4b6ad35e6d4bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838869", "to_ids": true, "type": "sha256", "uuid": "4a6d2ac1-af00-4eae-92d0-378d7520d168", "value": "8b8210479ec406f783f17fc461b1e7d2434d5ac4d4dc9a3a009cdcb3743cc2ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838868", "to_ids": true, "type": "ssdeep", "uuid": "bd0a579d-6873-401e-8679-5b68c5ec5edc", "value": "3072:yEMXhMXYA4WBhsIQ7Bl+ysq/ilXrx548qvIVBK:yE4h4YwBhIB3svx48quK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838868", "to_ids": false, "type": "size-in-bytes", "uuid": "48096a56-a79f-47bb-93c3-8bbb23df5a49", "value": "130930" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838868", "to_ids": true, "type": "vhash", "uuid": "d7c351fb-97a2-4e35-a17b-6a31e2b7074b", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838868", "to_ids": true, "type": "filename", "uuid": "cb1bdde1-138b-401a-81a2-ed16609c042e", "value": "90ccd6bb822e96627c8d07d49439521d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838868", "to_ids": false, "type": "text", "uuid": "c5c96168-5d63-44a1-97bf-178d5dc9ff51", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA9C\nVT Total Detection:31/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838890", "uuid": "3a9e6e52-9969-4e32-aa05-0d533fb7667d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838890", "to_ids": true, "type": "md5", "uuid": "bf44cb59-3e16-4cd2-afd8-332d14c54c09", "value": "3029f8c7eaacf8728b32b2fecac8393f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838890", "to_ids": true, "type": "sha1", "uuid": "f41d2df5-8d8d-4ad0-ad24-a187440965ed", "value": "aa279151cdb8b0a10849a031c8ad72588b6bbc57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838890", "to_ids": true, "type": "sha256", "uuid": "cc1b7b1f-7c19-4a23-b628-d9b2dc415d73", "value": "c8c99cfe96571d1269670db94f59d6060427c2bb37f269821285c843c79ef1c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838889", "to_ids": true, "type": "ssdeep", "uuid": "304cb878-6936-446a-b77c-96d464517e28", "value": "3072:WMXMMXWEvyMkzLqf3DPFAbdn2cx5oNBfRP+VBS:W4M4NvdNf3ZAR2O58BfRIS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838889", "to_ids": false, "type": "size-in-bytes", "uuid": "2c254088-eabc-4fe7-a424-c190721761dc", "value": "138262" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838889", "to_ids": true, "type": "vhash", "uuid": "e89ff69d-3a19-477d-9565-acdb2ebf8e7a", "value": "3124516c8874b2cbf22362945ff0a6f5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838889", "to_ids": true, "type": "filename", "uuid": "9e51b06c-3c79-45e5-86a0-17134e15ebec", "value": "3029f8c7eaacf8728b32b2fecac8393f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838889", "to_ids": false, "type": "text", "uuid": "b6e8fbd7-a95b-4304-99f3-b095aa4dabcd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838911", "uuid": "30fb344e-571e-4cdd-8ff8-cb7b6b542367", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838911", "to_ids": true, "type": "md5", "uuid": "6b67db07-e0ae-4b4c-b54b-972b131d4468", "value": "f27aca43c5aae84f07c1e51ed314029d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838911", "to_ids": true, "type": "sha1", "uuid": "02a5ea80-983e-45f8-bdb3-a4c3e92374c4", "value": "28cb1f101d723e43456e82edb8cb1e151ac39789", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838911", "to_ids": true, "type": "sha256", "uuid": "2fc56254-92b8-427a-8bad-6edd773e32fd", "value": "23b63c4accd8c5e3427d2383025338ab2c108a4c3a7661071c1167f227deffb0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838911", "to_ids": true, "type": "ssdeep", "uuid": "b4d2fbe5-d72e-402e-8652-3e40522b8a17", "value": "12288:aSg43PcOPIeVk1qEzbee1hQl688x5Pz9d0jqkgawb+:WIdgCdE+m88PzWgawq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838911", "to_ids": false, "type": "size-in-bytes", "uuid": "c3860e8e-154b-4088-8a7d-704c897c6221", "value": "599171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838911", "to_ids": true, "type": "vhash", "uuid": "07fb7c13-a0db-4c0b-b799-5a6f5887670c", "value": "510b918ae89d119cde8968504635959d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838911", "to_ids": true, "type": "filename", "uuid": "80155bb7-dffc-4530-a5e1-88f446efb027", "value": "f27aca43c5aae84f07c1e51ed314029d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838911", "to_ids": false, "type": "text", "uuid": "5b703cef-77fb-4e59-83d7-18078ad5aa85", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838932", "uuid": "0530bc55-9ef0-4dea-a419-640a73aa8456", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838932", "to_ids": true, "type": "md5", "uuid": "76c0dc58-b108-4581-a7f1-1f90ed33dbaa", "value": "1961877771334467c4c317754be13c84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838932", "to_ids": true, "type": "sha1", "uuid": "fd334fcc-dcf3-4596-a3c6-6030315ec954", "value": "82ebbdaf78da11ba9955cee520759b1e93718f7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838932", "to_ids": true, "type": "sha256", "uuid": "e48581ca-d575-4832-a441-064164b72c89", "value": "c775c598ae3ccea08562272be59963ae1982fd541cdc8da95d57797ff4455c31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838932", "to_ids": true, "type": "ssdeep", "uuid": "8e566f87-7935-4e60-8c0d-636b3c988fad", "value": "3072:gsMX4MXYVBBEvyMkzLqf3DPFAbdn2cx5oNBfRPb:gs444W2vdNf3ZAR2O58BfRz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838932", "to_ids": false, "type": "size-in-bytes", "uuid": "a2814be9-131f-4d75-b9c9-a1a486897816", "value": "138790" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838932", "to_ids": true, "type": "vhash", "uuid": "8e376b77-0ee8-49f9-919f-6fe8d88e0197", "value": "c291bf39f8e920c99e4eae74d228fb97" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838932", "to_ids": true, "type": "filename", "uuid": "ea91c2ad-8008-42a5-9598-e82166116bb4", "value": "1961877771334467c4c317754be13c84.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838932", "to_ids": false, "type": "text", "uuid": "7c2dfb2f-6942-4ebf-9772-dd5800bcc5fe", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838954", "uuid": "7f167b5b-0a80-43f9-ab0d-d7a0af8c2d53", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838953", "to_ids": true, "type": "md5", "uuid": "32ed20d9-0125-4e59-a1f5-f5630500e3d5", "value": "56ad2169509c885ad65c9e650e3ade63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838954", "to_ids": true, "type": "sha1", "uuid": "5b1635b2-07a7-43ca-890f-78fe165de537", "value": "009c39e5aa24c191ea3b0ede96a84355d02961f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838954", "to_ids": true, "type": "sha256", "uuid": "bd2da2ec-bfed-458a-b53f-0255e28f2ac3", "value": "a325dd7b7bb9f256f7c7d9d3d537eb20040e9e7c1992507410c34c996b5b9aff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838953", "to_ids": true, "type": "ssdeep", "uuid": "11974194-3f78-4804-ad48-e9d18db009c0", "value": "12288:6mm1PvUgWVcCFIecwE/PGcL6agmF2Jxz7E8OQ5MUttUdyOoHb/Dg:6E1peHz/PGcL6AF2Tz7v5MciEOE4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838953", "to_ids": false, "type": "size-in-bytes", "uuid": "7be78c86-2658-4fa9-9fb9-1766923d3af8", "value": "600091" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838953", "to_ids": true, "type": "vhash", "uuid": "7c47920b-5846-40f1-8ce7-d58b22bb2e40", "value": "510b918ae89d119cde8968504635959d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838953", "to_ids": true, "type": "filename", "uuid": "98799767-ee5c-4443-a777-83c5345eef99", "value": "56ad2169509c885ad65c9e650e3ade63.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838953", "to_ids": false, "type": "text", "uuid": "0d90a561-49e2-4b14-a4bf-7d2b856f385e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838975", "uuid": "a9dd53cf-7d42-4221-84bd-d0ae3a64e7a9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838975", "to_ids": true, "type": "md5", "uuid": "dd4d482b-5e3a-41e1-95fb-57ab9ca68816", "value": "6657bb12d4c12d327038537cc7a19697", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838975", "to_ids": true, "type": "sha1", "uuid": "65aff68b-2bbd-4798-99de-5302cf3860b4", "value": "8c6240db21b600f1ee25d9917a1ff8f9d2999db3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838975", "to_ids": true, "type": "sha256", "uuid": "5a03ffc9-e085-449b-8ed7-ef6e79d2f8da", "value": "5a1b51f49e2e6a51eaf94484aaa60346f893f9a907cfd26247e49c612f1244df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838974", "to_ids": true, "type": "ssdeep", "uuid": "53de1988-88a7-4958-a60b-3db93dcf0f93", "value": "3072:lLMXvMXJTLwhtsmLggvTHuyQ6P9Ikl1f2CoRA7LntYPc3uQ5xNc:lL4v4JTEhtG8TH86Puyf2qeobc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838974", "to_ids": false, "type": "size-in-bytes", "uuid": "dc9e39b7-696a-4faa-bdd4-3d140b3de1e8", "value": "121564" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838974", "to_ids": true, "type": "vhash", "uuid": "9ebbde61-b60d-419a-b265-4dea15420091", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838975", "to_ids": true, "type": "filename", "uuid": "3e24e85b-89f0-49b9-93f7-ee04232c08a7", "value": "6657bb12d4c12d327038537cc7a19697.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838975", "to_ids": false, "type": "text", "uuid": "33331acb-f483-4c38-ad9f-9a504f073cfb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740838996", "uuid": "a40ee014-d5d4-4c77-8ba6-0083b313bb8a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740838996", "to_ids": true, "type": "md5", "uuid": "4f20da2e-ab71-4bb6-8b9a-88076a4bd671", "value": "4345518b7ac1ec3f86477d11acad6370", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740838996", "to_ids": true, "type": "sha1", "uuid": "3ba8df17-19c0-4aed-87ee-c689f6b3afd1", "value": "cd5c4c4dbba24f0a0503a016867868411a516edc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740838996", "to_ids": true, "type": "sha256", "uuid": "19f64f75-50e9-4a0e-bd48-04fcc5ad6ed9", "value": "e89eb1e94a5563f0b21a564104f7b75ecbe1edb61e881c654f06ba2f4d19ccb4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740838996", "to_ids": true, "type": "ssdeep", "uuid": "302a3b82-5e5c-41b6-a296-e3c83936cb51", "value": "3072:OMXgMXIzon3wwGPo04eAE4NqSenyET13AyAxUTnx1XyzVB3p:O4g4Im3wrg0BSQ53zAxunaH3p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740838996", "to_ids": false, "type": "size-in-bytes", "uuid": "5bb82a21-d41b-465c-9604-abec1c8a50f7", "value": "186738" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740838996", "to_ids": true, "type": "vhash", "uuid": "0fdd0d40-5742-4343-afaa-6515af7ec665", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740838996", "to_ids": true, "type": "filename", "uuid": "c16ba388-85c9-4066-b335-50f71d6e374f", "value": "4345518b7ac1ec3f86477d11acad6370.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740838996", "to_ids": false, "type": "text", "uuid": "1e8e6096-123f-46b3-bf71-aefbb6af06e5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839018", "uuid": "376b2f8e-a7fd-43ad-9b8a-8fb3cf6c566d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839017", "to_ids": true, "type": "md5", "uuid": "221da2d7-b817-4271-aaea-c3ea997b6cb5", "value": "de6fee345c546297efbe30d6516d20e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839017", "to_ids": true, "type": "sha1", "uuid": "c11cf0fa-8fa0-413b-bb3e-b6a934699947", "value": "f4c9e9c7530f6e0dbb0e8d1e8c3159dbde7826bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839018", "to_ids": true, "type": "sha256", "uuid": "1a751596-3387-43b2-b2f7-17a9f2c961a3", "value": "9c5f766d6ae6b3ce77318e88ce4cccd32eee83cef754e3cf631303d3d216cad0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839017", "to_ids": true, "type": "ssdeep", "uuid": "7a3bb1f8-de71-4f9d-8b9a-fea8123a8709", "value": "49152:dWpsQFO0UPHJ2/FHde2g4XyDlfC1j4WtFRynmg/eyK8:cpo0Gp2tHsp3D9CJpFsnmgk8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839017", "to_ids": false, "type": "size-in-bytes", "uuid": "78fe3f40-a12d-4559-b322-afb708aef28b", "value": "1812812" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839017", "to_ids": true, "type": "vhash", "uuid": "c4a90f26-e359-4f53-9434-f0bbfaadb655", "value": "8564e8b2fa379504232706a2abb696c8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839017", "to_ids": true, "type": "filename", "uuid": "a6d563cc-9a0f-4fcb-90cf-8129c640b883", "value": "de6fee345c546297efbe30d6516d20e2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839017", "to_ids": false, "type": "text", "uuid": "c9c18117-8cd0-45db-82ad-f37a159422b7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839039", "uuid": "3bb79156-d5c3-49f8-9fe0-c0f57d73a43c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839039", "to_ids": true, "type": "md5", "uuid": "c088179c-1cac-4f4d-ab3d-8278fe248b0c", "value": "49095e14b37bef1a3a02e4e525e0bd4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839039", "to_ids": true, "type": "sha1", "uuid": "652b86c4-1e07-4de7-988c-eb01c57329a5", "value": "a03f1103b8ef71f7d54e26dff267ba501f5f7b41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839039", "to_ids": true, "type": "sha256", "uuid": "df97e20f-3ae6-41ed-bb29-8d2419a9eb05", "value": "c6486a74268092c4e9e3b9ded9ec04ea706f2bf41945e6a064082a9e5dd47301", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839038", "to_ids": true, "type": "ssdeep", "uuid": "d616c4ed-7587-4b4a-bb6f-7496c2e70c64", "value": "6144:84f4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxbc:7Af+vRrdmFOBwoFgLgPeqyuGQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839038", "to_ids": false, "type": "size-in-bytes", "uuid": "dcd4e601-1457-445b-b5b1-4cea513076a9", "value": "365629" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839038", "to_ids": true, "type": "vhash", "uuid": "03dbb33d-5cc5-45fc-8fb3-ced6b65a87f5", "value": "478b80bd8f430763b160a852668a1527" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839038", "to_ids": true, "type": "filename", "uuid": "7d8275bb-c5c6-45f6-86bf-d5865048ca16", "value": "49095e14b37bef1a3a02e4e525e0bd4a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839038", "to_ids": false, "type": "text", "uuid": "b22d63d7-446b-4670-bd6d-c6716c92718a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839060", "uuid": "d593fcec-caeb-48ff-9625-d75f3bd6e4aa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839060", "to_ids": true, "type": "md5", "uuid": "7b3d0a4d-a778-463a-9e0c-1a40ebcb536e", "value": "ccb48260ac7b7a0a2e85dc7e8ab506e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839060", "to_ids": true, "type": "sha1", "uuid": "4d355b96-bb8b-48e3-a09b-6fb73409216b", "value": "542f72a10ff28c3c92ac0ae1366976439239e86c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839060", "to_ids": true, "type": "sha256", "uuid": "37c01be2-6516-4ed5-8354-6b52c8d0b6ef", "value": "f256b3bf87f6fe4a5648afa33ef76e94c06fbc588fcafc04fbe36ad64ae7203b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839060", "to_ids": true, "type": "ssdeep", "uuid": "aada74ba-b6af-47c8-b550-9c254f16e0e6", "value": "6144:e4r4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxb8:psf+vRrdmFOBwoFgLgPeqyuG4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839060", "to_ids": false, "type": "size-in-bytes", "uuid": "42763bdd-afc9-46f3-8201-a6cd1d49847b", "value": "365636" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839060", "to_ids": true, "type": "vhash", "uuid": "9c41f46f-7d00-4a98-b48f-fe9516c13669", "value": "478b80bd8f430763b160a852668a1527" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839060", "to_ids": true, "type": "filename", "uuid": "2bcac8fc-af09-45c7-a830-ef0fccc9cd11", "value": "ccb48260ac7b7a0a2e85dc7e8ab506e9.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839060", "to_ids": false, "type": "text", "uuid": "b99f1cc1-7a92-4de4-b691-a51fc98e3299", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839082", "uuid": "e8b957c8-285f-490f-b14b-c83af50f9fac", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839082", "to_ids": true, "type": "md5", "uuid": "0c79dcc9-ec27-413d-95be-0e6a278cc377", "value": "bd933cc642eb4db3724eaaf59eb42b85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839082", "to_ids": true, "type": "sha1", "uuid": "d100c65b-ea1c-421a-81ea-448fe6db9056", "value": "8356bb9bf8c0bb38e9790884c5ccc8df7b920cba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839082", "to_ids": true, "type": "sha256", "uuid": "a2496dfc-5cb7-44a0-a199-29fcde4bbf51", "value": "0e74c171b578444ec8470dfc3bc79a6db16d94173f217bff4edfb497c14df4d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839081", "to_ids": true, "type": "ssdeep", "uuid": "cbd36b48-ef09-4d21-b86c-522eda47e4d6", "value": "3072:ChMXRMX7F46WJ5xZdecbblBh3DGUs5rzbM8s1IZ5VB94I:Ch4R4hPWJ5AQ7b2rzrHP9d" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839081", "to_ids": false, "type": "size-in-bytes", "uuid": "fc8001c5-0672-479e-aa89-6eb97af6fb23", "value": "132672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839081", "to_ids": true, "type": "vhash", "uuid": "22566e70-d2c5-479f-9c3a-b66211a5f5ce", "value": "ee4a8fc6fec0b69fa914c0033da4e895" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839081", "to_ids": true, "type": "filename", "uuid": "afd6d6af-240a-41d9-be33-5105a32adfd4", "value": "bd933cc642eb4db3724eaaf59eb42b85.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839081", "to_ids": false, "type": "text", "uuid": "f4954376-7d5a-4c17-bb19-5f00e1142f66", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839103", "uuid": "90b8d8e9-8a6f-42eb-8845-a978e3865ccc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839103", "to_ids": true, "type": "md5", "uuid": "70f13194-7671-4d90-88ef-7d03dcb0d891", "value": "0ef296ee89aa1ce7ca03ca7e714845bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839103", "to_ids": true, "type": "sha1", "uuid": "2c9506b5-ed48-4f89-a685-c3248ee4d5ba", "value": "b327a0683a14e598f8d73bb31a2114d969199f17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839103", "to_ids": true, "type": "sha256", "uuid": "3b4818cd-cdc3-48c1-b1c3-9711e0f71c82", "value": "323c5aeec06b065fa7d19f8e670c11c26dbcdb7b0ae8882388a17d7813db63e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839103", "to_ids": true, "type": "ssdeep", "uuid": "590ca10e-c33e-405c-afc3-0efa2a19cedd", "value": "12288:bt9eIgjTcG3IeFo3m+q/PVW2Lc0ABrVBYfSrICdx+:51EF4e7fPI2Lc0ANS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839103", "to_ids": false, "type": "size-in-bytes", "uuid": "1a522e65-d44f-484f-bc1c-d9198641772a", "value": "609678" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839103", "to_ids": true, "type": "vhash", "uuid": "63ff3aa2-fa75-4d0d-b8ee-e879ceaa344b", "value": "510b918ae89d119cde8968504635959d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839103", "to_ids": true, "type": "filename", "uuid": "8b8337b2-88b4-4f3b-a0e9-9f5ea0ecd4ac", "value": "0ef296ee89aa1ce7ca03ca7e714845bf.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839103", "to_ids": false, "type": "text", "uuid": "8e92c2ae-791d-40c8-a2d2-745d58b3215d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839125", "uuid": "4b221732-1786-4dfd-a980-4dcf3139a45e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839124", "to_ids": true, "type": "md5", "uuid": "dc60e175-eca6-42fd-8f06-e8d7bc761516", "value": "8e1a3efb79785dd7fbee206d1e1cf158", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839124", "to_ids": true, "type": "sha1", "uuid": "38d64034-66b8-41d3-bb9f-e33c5e6de863", "value": "21b6a7376afcc165c2f215d64d2e87dc78581f5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839125", "to_ids": true, "type": "sha256", "uuid": "36ca706b-26d3-464b-8d3a-d8b74201798b", "value": "8826832c34ca7b70a8e8b4ea9529c6020e57ece8c257743eb03746ffadc0a1d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839124", "to_ids": true, "type": "ssdeep", "uuid": "dadfabe9-cd55-4100-883f-d23d5b6cf81c", "value": "12288:txRx+5QJtysBZifgOFM0VuUBgw1+jOFdTpJXKU59CzyNkhTSPNoooR2b9:/XZBwfgOFDVNd9TXXKU9Ce2hTSqAx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839124", "to_ids": false, "type": "size-in-bytes", "uuid": "af1b1f76-7359-4031-b690-fd426ec4e45e", "value": "820714" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839124", "to_ids": true, "type": "vhash", "uuid": "b7577990-f54a-46b0-8c8a-3e30b2e9aaac", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839124", "to_ids": true, "type": "filename", "uuid": "b5ab0bae-87db-4286-9082-8dd442c12d20", "value": "8e1a3efb79785dd7fbee206d1e1cf158.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 22/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839124", "to_ids": false, "type": "text", "uuid": "1d663271-dc41-498f-a7c5-9f92e12f6dca", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839146", "uuid": "ce7a76fa-d004-4fc5-b8e5-9bbb4d62d4b5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839146", "to_ids": true, "type": "md5", "uuid": "677330a0-6a5b-453d-a67d-144c74b4d06a", "value": "697cfc5a27422de93506c2c7b87e0cbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839146", "to_ids": true, "type": "sha1", "uuid": "a568edf0-149f-40e7-ad56-bafae0895647", "value": "eff08ae43a7aa18cbdabe2e468bde8711c5b0e8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839146", "to_ids": true, "type": "sha256", "uuid": "f57fa7fc-65ea-4747-8622-7447035031f9", "value": "045eac39c9240aca115078536091b94d562960a8d54c7b31a83036dc92dce051", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839145", "to_ids": true, "type": "ssdeep", "uuid": "291ee8e2-0542-403b-8904-3dc1fdbd67be", "value": "24576:5F5WaKXYRVnVbMR9IXIIxYDFqZ9s4LuRe:LUaKXYRxJl4+SY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839145", "to_ids": false, "type": "size-in-bytes", "uuid": "10bfba62-910c-4686-96bc-292bb75e2b40", "value": "807482" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839145", "to_ids": true, "type": "vhash", "uuid": "3f7122e3-da74-4c38-8fab-e62a2b9e9765", "value": "ed2c3ef17c555066160739adb54b5b58" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839145", "to_ids": true, "type": "filename", "uuid": "f4cc2aa0-28dc-4e27-aadf-3fbe37f5c929", "value": "697cfc5a27422de93506c2c7b87e0cbc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/05/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839145", "to_ids": false, "type": "text", "uuid": "69fba3d2-df61-44f7-8c5f-6fb8ec150d5a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839167", "uuid": "b796872b-cfdf-441f-9972-8d5cf10702ca", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839167", "to_ids": true, "type": "md5", "uuid": "5572c946-6945-485f-a43c-bccff48542dc", "value": "6f154827de75694a842284e975589f48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839167", "to_ids": true, "type": "sha1", "uuid": "736a3735-20fc-4ec6-a195-ab21a78a4117", "value": "4358b0c3644a42e6862fe10798edc886fc117455", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839167", "to_ids": true, "type": "sha256", "uuid": "69e612d4-3c95-474e-8901-62bcb389ba0f", "value": "c8d91d2cdfbe64f6e461e39b1c555b0db0283230842611b0524b80744af49d22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839167", "to_ids": true, "type": "ssdeep", "uuid": "84f3d26d-6abf-478a-a0b2-003cc700f697", "value": "24576:bDnm77XpXl8YjR6NFPYLI/4CFMFRqNK3HihoWVysfEB:bDnM9V96w84CFMFRq03ihbREB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839167", "to_ids": false, "type": "size-in-bytes", "uuid": "ae798dc2-1703-443c-96d8-c45511ca0694", "value": "1035417" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839167", "to_ids": true, "type": "vhash", "uuid": "e7140fb9-5274-4a75-8060-3b51d491cb8a", "value": "4c2da72e0791ba85f641c5d778463b49" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839167", "to_ids": true, "type": "filename", "uuid": "fd9b568a-d3b5-470a-a1eb-5f7564a558c7", "value": "6f154827de75694a842284e975589f48.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839167", "to_ids": false, "type": "text", "uuid": "ef9e68ff-534b-49fc-8805-275f7d0506de", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839189", "uuid": "48ce7312-b931-4cb4-bced-415f31da0b17", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839188", "to_ids": true, "type": "md5", "uuid": "d5ad6001-6c43-4285-ab6f-f14d768a9bd4", "value": "f5ea56724605229217b56d5d3a5c3e94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839188", "to_ids": true, "type": "sha1", "uuid": "d7066761-57d6-42eb-b8f9-9cd799cd427e", "value": "8a4948b47b4de1d1bde9b75d43b80f22744790bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839189", "to_ids": true, "type": "sha256", "uuid": "877da542-5f8c-44b9-86c0-26eff079557f", "value": "7b359f04030812cc82d665594ce5b4276a6fb6c9e8703ffac9ab6e429c2994f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839188", "to_ids": true, "type": "ssdeep", "uuid": "2be88b53-15a0-49fb-b14b-3c472975c58a", "value": "3072:C/5YYMXNSMXIzon3wwygxPtWYDrfBNGflH0M5NVXV4qiIregrXxfhjKFrW9uwVBm:K4NS4Im3wkxtbrGflH0M3RPiIqg51orV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839188", "to_ids": false, "type": "size-in-bytes", "uuid": "383ba6c3-777f-47db-aaf3-9ce8c4cdcb56", "value": "193864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839188", "to_ids": true, "type": "vhash", "uuid": "4ef8dc94-525b-4532-be78-4505bf7db563", "value": "c25d63e56821ecc88f9d972e8651d93e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839188", "to_ids": true, "type": "filename", "uuid": "ba423c02-1d78-4403-9f29-31636d882f6f", "value": "f5ea56724605229217b56d5d3a5c3e94.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839188", "to_ids": false, "type": "text", "uuid": "7a1332b3-37dc-4917-b9f0-461b59ba420b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839210", "uuid": "1dd745db-b566-461d-b16a-b1de6dbbcdce", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839210", "to_ids": true, "type": "md5", "uuid": "e71eb7b4-de54-4c68-9afb-4f935e2f9ba0", "value": "4d200a5190033a910ce3538e7df04c87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839210", "to_ids": true, "type": "sha1", "uuid": "d626dac4-8860-42cd-bfb1-e66edb04f71e", "value": "f3913f8f5d3c723cf13ad5ad8499c48f65593152", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839210", "to_ids": true, "type": "sha256", "uuid": "348b64b0-6b40-4d07-bdac-af8932bab821", "value": "959e61aa722301f7d6f6312529c1f33c623512447e726be1d4af17e8025bd953", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839209", "to_ids": true, "type": "ssdeep", "uuid": "9d5faad2-ca7c-4fc5-8858-a0eccee5d495", "value": "6144:Mf4J4V83w0K9YWyD8dkAAFjiGJdIVaaBG04VkBzZ8zacWq7CcbDdFSSsf:JGVl/YWysAFmmdcaNVAZI7TbDdFS5f" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839209", "to_ids": false, "type": "size-in-bytes", "uuid": "4751a389-d0af-4dbb-9bc1-e8f0bbf3a980", "value": "393522" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839209", "to_ids": true, "type": "vhash", "uuid": "8d4854fa-a439-4863-9d64-f57c866553f7", "value": "830aa8be3e93728e215647340da94b57" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839209", "to_ids": true, "type": "filename", "uuid": "e3a57c4c-dbc0-4a2c-a2ac-b4a87b8ae7fd", "value": "4d200a5190033a910ce3538e7df04c87.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839209", "to_ids": false, "type": "text", "uuid": "83566f78-8768-4221-b2e5-eb2681fbeca2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839231", "uuid": "c367caa6-ec2e-47d3-815b-15aa89f68869", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839231", "to_ids": true, "type": "md5", "uuid": "98a48797-036c-4a31-a148-bce1a0cf05bb", "value": "28feb52e844cb6aada4e583c15b48192", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839231", "to_ids": true, "type": "sha1", "uuid": "ae025467-02a5-4735-b56a-bf0473d53de3", "value": "fab98248ed5e4a5fe9561caee979c4081d5aea2e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839231", "to_ids": true, "type": "sha256", "uuid": "df95d548-7c22-47d2-8dd9-1159c92c1d54", "value": "e3ecce7ef77c9cf6eb50f7da99d969f0b676d962124297562d8062bb96b8502e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839230", "to_ids": true, "type": "ssdeep", "uuid": "b3b23ab1-d056-4a79-be70-c9f7c05bd02b", "value": "6144:c4x4f+t3xbr5lZ48GIazncGylYPdNvl7V8wk6KOq9P4kvxC4hkVKupyTQpx:bef+t3xbR4Rxzc/kbkgq9P4bKduKQn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839230", "to_ids": false, "type": "size-in-bytes", "uuid": "08f0da7e-b02b-4310-a965-c2691918b795", "value": "363407" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839230", "to_ids": true, "type": "vhash", "uuid": "20d5667f-b4c2-4a5a-9407-9bda8393ea71", "value": "32b47fd358f749bfbadf70dce0a17531" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839230", "to_ids": false, "type": "text", "uuid": "d0fd9514-62ea-4e32-92b6-4c32bc6fa95c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839252", "uuid": "3d0d74c4-af69-403a-a504-fd17a5d0eebb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839252", "to_ids": true, "type": "md5", "uuid": "3081c4ad-68e6-491b-8a45-86c2c694e972", "value": "ba140d77a212ff0e4833fa5ab32a6f29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839252", "to_ids": true, "type": "sha1", "uuid": "819559d5-07d4-499d-b84c-12b58312fb66", "value": "38a8ef423302d29ba7924d8e376cdb97a792f713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839252", "to_ids": true, "type": "sha256", "uuid": "fe9cc851-e9ea-4214-b0b6-890e1247cfdb", "value": "82f2b1c6643afda9e922e2b4c69e5a10e15cde947b0001ba54e21e2b7f6b6d0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839252", "to_ids": true, "type": "ssdeep", "uuid": "1f5963fa-e336-43a8-8430-908a625748b7", "value": "12288:rSIuxK/MCa720sMAUcgbwqhSRx+5QJCJf8d8TwiZ8Ui4Gmo7Pc:OLI/4CFMFHhSXCf8dOlkmoA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839252", "to_ids": false, "type": "size-in-bytes", "uuid": "7b7495c8-5639-44a3-8cf3-f2411e8c302e", "value": "747501" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839252", "to_ids": true, "type": "vhash", "uuid": "48a1c5b2-6326-4f75-a963-2f6d94ba1e8a", "value": "d1efc54b98ae08ed47e4f3c76c1b04de" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839252", "to_ids": false, "type": "text", "uuid": "39764579-2685-4e7c-88cf-2881dd2047e6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA93\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839274", "uuid": "32462452-afbf-492b-bf79-70f256140942", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839273", "to_ids": true, "type": "md5", "uuid": "49d2c30a-1a3a-4dc0-92e2-7ae6e13fe032", "value": "9dc732aed2ea83c87345cd5ec845cdfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839273", "to_ids": true, "type": "sha1", "uuid": "818173cd-bffe-4c0b-849f-855fc1cb9518", "value": "eb7e2bbc63c3941d7caa835f751d0075749bdd19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839274", "to_ids": true, "type": "sha256", "uuid": "8099cf61-5290-461d-a65f-c8f266228d06", "value": "96c9da284618dd49e6a0b5f96168a3dec4034778ae67dd96591040b1490c0a08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839273", "to_ids": true, "type": "ssdeep", "uuid": "0f8a67af-8d57-4cd1-aec2-038d0c156455", "value": "49152:II4dLiM5lYj6e8db/1m3+cl1uBiuHxlmkdBDjcIXdh07b:ZnM5lKqJkT163/dagH0n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839273", "to_ids": false, "type": "size-in-bytes", "uuid": "4fd81be5-4ce8-4406-a096-b2a04e56d973", "value": "2466769" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839273", "to_ids": true, "type": "vhash", "uuid": "6e90e251-fbed-45e0-b6b9-c37a4ec7645c", "value": "9491b2af01739168a3ae91107b9694ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839273", "to_ids": true, "type": "filename", "uuid": "8d083a63-d63a-40fd-81cc-870abe17b974", "value": "9dc732aed2ea83c87345cd5ec845cdfe.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839273", "to_ids": false, "type": "text", "uuid": "41b1f056-1924-48d2-b1b7-fb346ef7a727", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839295", "uuid": "64d71926-44f1-4759-a121-620fa684517f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839295", "to_ids": true, "type": "md5", "uuid": "21c2ac23-7e3d-475f-9753-40e1220a719d", "value": "17ace9709434d7adad61c47da1d4bb12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839295", "to_ids": true, "type": "sha1", "uuid": "fb1975b0-4802-4c0a-a6c6-27672da02c74", "value": "c068aee34fab06d089a208276f01597362dfdb7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839295", "to_ids": true, "type": "sha256", "uuid": "ab8b6317-9ec9-4629-aeda-85112a7f4e7a", "value": "60fba12dfb4dc5952a1a1503ade9bf381bf6b5299b613eb1e94603c9ad68f19c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839294", "to_ids": true, "type": "ssdeep", "uuid": "27f57572-25ae-49c2-ad31-45a4c5523e40", "value": "24576:UZmPErHbcf/vJYsf5KU1G9hcxvqHs7oqow+Nzvu+LK2:UumQfbG/cxvsyD0z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839294", "to_ids": false, "type": "size-in-bytes", "uuid": "6c1dc3e3-dee8-4dc6-8ef9-7a852c2edfbb", "value": "874089" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839294", "to_ids": true, "type": "vhash", "uuid": "b986c8b9-421c-4a1c-8162-25b9c5f3adda", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839294", "to_ids": false, "type": "text", "uuid": "87f16072-8d78-4821-b3be-75200600fcce", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:31/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839316", "uuid": "9e2fe469-69da-4da6-8f13-18a62bdeefd7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839316", "to_ids": true, "type": "md5", "uuid": "ae5874a8-029e-4660-8fde-b26840a8f1c0", "value": "543c5b051bb7b45383472d5dfa292e1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839316", "to_ids": true, "type": "sha1", "uuid": "8ab1f70c-de79-4610-a12d-3e3d22d90633", "value": "e80f1012cd10bd7bcacc4106b2f80120bd9c13ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839316", "to_ids": true, "type": "sha256", "uuid": "33eff744-1519-4b4f-986a-1cb87c59fff1", "value": "6889b45071023f090f2e2375d730eccc80302aae788a83c822a18a321f0c335a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839316", "to_ids": true, "type": "ssdeep", "uuid": "7694b4b2-d865-49bf-b88e-d805f2f13a91", "value": "24576:UZmPErHbcf/vJYsf5KUXTvfwLPwEvTARXQ/z5d8:UumQf+gG5G" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839316", "to_ids": false, "type": "size-in-bytes", "uuid": "869f99f3-36e6-4e60-af11-ae1d0d1053ce", "value": "874146" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839316", "to_ids": true, "type": "vhash", "uuid": "9cd4297d-3064-4400-b4ca-d0d911ba1301", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839316", "to_ids": false, "type": "text", "uuid": "c2dae262-3264-46ea-911d-3a0f992fddc2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839338", "uuid": "b933bcb4-270f-45a5-8fa3-a21a71b0a418", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839337", "to_ids": true, "type": "md5", "uuid": "f568cfba-2bd5-4c0e-a3c1-b5f5efd0bb18", "value": "a450c2b04ad3e95686010958a94dc5ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839338", "to_ids": true, "type": "sha1", "uuid": "7b8596e4-ad4e-4b41-a184-7467bb5397db", "value": "cb131857ac060b291b0fdcc35795e96b1ce99d46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839338", "to_ids": true, "type": "sha256", "uuid": "6389224c-f4eb-4e04-81cc-19d31ab18324", "value": "eccc02ecc688379b1b0aee33046cd0650e5bf02a99728386476be0fa42219ff1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839337", "to_ids": true, "type": "ssdeep", "uuid": "d79927f8-53d3-46dc-a8af-1f0c482eca21", "value": "6144:0KfdzViOqYDtqL6d+r1KM+NIR3yqgdCJUXEfj4OikpFP/Kl:0KfdZiODDtqL6Ar1lE1G4OTG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839337", "to_ids": false, "type": "size-in-bytes", "uuid": "fb60e955-5eae-4d14-a352-b4ab45e6b106", "value": "243051" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839337", "to_ids": true, "type": "vhash", "uuid": "fb8ee8d2-fd62-47f3-845a-5b16f07a9113", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839337", "to_ids": false, "type": "text", "uuid": "648f707f-96f5-4927-bf82-96a6c5ec1d79", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839359", "uuid": "0ffcb61f-f8f1-4585-8afb-0bbd7192db20", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839359", "to_ids": true, "type": "md5", "uuid": "66704f7b-2d92-4ca7-aaa2-6037958c6704", "value": "e46a5cce9545dc2a00ba572e71736700", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839359", "to_ids": true, "type": "sha1", "uuid": "801f34b6-b15b-4243-afe1-e74ea6a97f69", "value": "bb7f7f0fc05165b7826b0ef32d38295574f6422a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839359", "to_ids": true, "type": "sha256", "uuid": "1cecc92c-22ff-4317-8e51-3c16cda9a1cd", "value": "bdb98b2e2b2963967744fd71a32d794ff4e3f86a075fc7afdafc2898fbd99ce8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839358", "to_ids": true, "type": "ssdeep", "uuid": "72f4fe00-d025-4885-88ee-b58ea248d3eb", "value": "49152:7I4NiM5lYj6erdb/1u+J1uB5jXwscMmmz9xX/:M3M5lKZJue1652Fmz9xX/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839358", "to_ids": false, "type": "size-in-bytes", "uuid": "863f4d97-0f86-4c0b-bd80-258c8dedfd0f", "value": "1773118" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839358", "to_ids": true, "type": "vhash", "uuid": "3ea213e7-377a-4eca-9796-d9212b3c60a3", "value": "9491b2af01739168a3ae91107b9694ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839358", "to_ids": true, "type": "filename", "uuid": "171b7198-86ae-4bd0-a9c6-d0ad42ec06f1", "value": "e46a5cce9545dc2a00ba572e71736700.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839358", "to_ids": false, "type": "text", "uuid": "5690c19e-e77e-4565-9b0c-7126e1780db3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839380", "uuid": "6a1445a0-4108-4049-9ebe-fd7679c8408d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839380", "to_ids": true, "type": "md5", "uuid": "371e1ff7-fefc-49f0-9a36-1bd2c6817abb", "value": "ddb4e7362fa2049afed55eb718244449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839380", "to_ids": true, "type": "sha1", "uuid": "aa72f5a0-0d42-4855-9565-4a0919a4d308", "value": "acc72a6fe915f7cba5833c11418e9a31afd0a9d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839380", "to_ids": true, "type": "sha256", "uuid": "24d81c92-b921-4a3c-ac88-8ef37826ddd4", "value": "559bf4157f08f8ce7d44ff7bd4856ef28aa559e1e58d94029e13a5412287aca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839380", "to_ids": true, "type": "ssdeep", "uuid": "5a1ba44f-12ea-4f0e-a456-7b486ab16a99", "value": "6144:cI4j4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxb+:cnUf+vRrdmFOBwoFgLgPeqyuGa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839380", "to_ids": false, "type": "size-in-bytes", "uuid": "e3738f4f-b29b-4b71-90c7-7f109b5bbcbf", "value": "365635" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839380", "to_ids": true, "type": "vhash", "uuid": "542ee0af-35f7-4bd6-b399-8fffeafa666b", "value": "4479a21fd3cad7da01d38d25735575f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839380", "to_ids": true, "type": "filename", "uuid": "c2003462-c596-4c01-b3d2-7a9184646ecd", "value": "ddb4e7362fa2049afed55eb718244449.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839380", "to_ids": false, "type": "text", "uuid": "22f0ea0f-cae5-43c6-bdab-a423b3e1de28", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839402", "uuid": "5ea9e2be-6919-4623-bc9d-85b64f17374a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839401", "to_ids": true, "type": "md5", "uuid": "1f58f975-9f15-4717-98f4-94618a98bb34", "value": "2b73c3db23c2ee440acff31820d1e0a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839402", "to_ids": true, "type": "sha1", "uuid": "d4953198-8291-4619-86b1-e4c5de285483", "value": "d07060ae3691c4ce6ee36c4fdf87c6191fc88911", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839402", "to_ids": true, "type": "sha256", "uuid": "737547de-78a3-4faa-8c77-77e2037658b2", "value": "ad204f8f3668e4873c6efa66b937b3b24d9803c316e3cf87a99dec6e57240c66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839401", "to_ids": true, "type": "ssdeep", "uuid": "854a6f6b-984d-4c8b-8c32-e98d856855b8", "value": "6144:l34J4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxbz:lIGf+vRrdmFOBwoFgLgPeqyuGX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839401", "to_ids": false, "type": "size-in-bytes", "uuid": "c8e48d45-c30b-4acc-adfc-d8ae21388f49", "value": "365632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839401", "to_ids": true, "type": "vhash", "uuid": "dc3ef04d-4c62-4ae7-a168-35c8360bc5a3", "value": "4479a21fd3cad7da01d38d25735575f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839401", "to_ids": true, "type": "filename", "uuid": "687d5573-8ddf-418a-81ef-fc8e143d10c7", "value": "2b73c3db23c2ee440acff31820d1e0a8.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839401", "to_ids": false, "type": "text", "uuid": "8e3ef895-57aa-436b-b0fd-27385ca2ca80", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839423", "uuid": "3dda3541-7914-4d28-a370-a2fb22ff30a0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839423", "to_ids": true, "type": "md5", "uuid": "67340374-0d52-4d14-8a1e-ff764bf5a164", "value": "4d4fd77158bceb60a571a72ea8f04161", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839423", "to_ids": true, "type": "sha1", "uuid": "4eb81aaa-1eb6-44ab-baa3-11e6206cefd7", "value": "cd261bc2dcf83e41000e979d924c52ede00cd054", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839423", "to_ids": true, "type": "sha256", "uuid": "a408c184-1d88-426b-b605-23d18acb7cfc", "value": "f571b1d85780d4368af6435f1e1bea23a13b967471504450961db0a0dda896d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839423", "to_ids": true, "type": "ssdeep", "uuid": "6acfc6b1-9921-4b8e-90fd-f19ad1fc7938", "value": "24576:jinxI3GVmt2eah2meaJZ6Hs88jxTRioxFO4O1OFsJ9NPY:jin63GV+ah2mea6HsHjZ6fMFoPY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839423", "to_ids": false, "type": "size-in-bytes", "uuid": "14394500-1c0f-4068-b8b4-56e9c959bc03", "value": "991403" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839423", "to_ids": true, "type": "vhash", "uuid": "ff4b2a7e-77b4-4eaa-b7dd-44424d37e6b2", "value": "5b1fc016572de8c9020d0e709eaa65df" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839423", "to_ids": false, "type": "text", "uuid": "355a4720-edcb-4526-9903-ef30aab01993", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839445", "uuid": "08649c61-70ee-4835-91cf-884b7f5f31d4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839444", "to_ids": true, "type": "md5", "uuid": "b95b1d1c-577f-4a35-ad39-28f5fe4afc77", "value": "b467d031085859a15fb1daef54955e5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839444", "to_ids": true, "type": "sha1", "uuid": "16f64057-e77b-4a69-b007-6af24e8ca18d", "value": "f28a9e73245c00b890a1d711bc20310d10bf4631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839445", "to_ids": true, "type": "sha256", "uuid": "d5d9a6d6-5832-4a63-8886-ecd2668e26cb", "value": "d5f5d3ca52c8c682b64f7f1161612759affed3f29df51729b07505ad7f01335c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839444", "to_ids": true, "type": "ssdeep", "uuid": "56593d0b-2d9b-4d0b-b6aa-406aef035507", "value": "98304:+3BTIagM03XOBRqBylSHSLGCtat6RACWWkcz+voAjKl8RT:+mPNO/qBylSIGcaENHBAjKl8RT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839444", "to_ids": false, "type": "size-in-bytes", "uuid": "32152537-2220-4825-bf6e-72b7fe6ff47a", "value": "4504521" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839444", "to_ids": true, "type": "vhash", "uuid": "f0268931-e22a-4747-a1fb-ebcc884ee0df", "value": "6ad4dcdc3c646ca138b9aec471d9c859" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839444", "to_ids": true, "type": "filename", "uuid": "3d4da640-7735-44df-bb98-f7455441cb82", "value": "b467d031085859a15fb1daef54955e5c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839444", "to_ids": false, "type": "text", "uuid": "af228db2-0db8-4945-9d73-61866103c547", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA55\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839466", "uuid": "66a79ca9-c6b9-4d79-acb9-ecc3867a5a7f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839466", "to_ids": true, "type": "md5", "uuid": "e366eabe-5f8a-4851-93f9-6e5c9fe8e343", "value": "10addbc7af0796981c14c1c1e89096e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839466", "to_ids": true, "type": "sha1", "uuid": "bb3611a8-a5c4-4634-8512-d70bb432b875", "value": "14dc0b4c4ebf7450c14ef443484f41f75472d2a6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839466", "to_ids": true, "type": "sha256", "uuid": "ba1f1809-1b16-4044-b9e1-0b8c085cfd78", "value": "e565d5299a933b12c73406acef5998c7aa82be232a2a72a367f68f792f80a90f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839465", "to_ids": true, "type": "ssdeep", "uuid": "383d79a0-7292-4a9d-8de8-25a2087ba301", "value": "12288:dsObkDhw7ovRMG6KjGqTRx+5QJdbcBJokAB8K3gd55Ai5MIgXnw6AAc:OAktl2G6K6qTXDPkAmK3sPAOMIgXnwf7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839465", "to_ids": false, "type": "size-in-bytes", "uuid": "3e30f5b5-91fa-4bb6-905a-dfd46b11708a", "value": "738275" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839465", "to_ids": true, "type": "vhash", "uuid": "7293e2d8-deb5-46b9-aa22-a3154d2003b7", "value": "d1efc54b98ae08ed47e4f3c76c1b04de" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/06/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839465", "to_ids": false, "type": "text", "uuid": "9b22ec86-cae6-4162-ab9a-eaa0b76dd704", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839487", "uuid": "7ca2358c-9d77-4fe8-a825-84540ad2483b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839487", "to_ids": true, "type": "md5", "uuid": "94638919-9dd3-4df9-9244-e12a39e9d868", "value": "852fc308e5ff50c81495a9293cd9c9f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839487", "to_ids": true, "type": "sha1", "uuid": "f715277f-7aa6-4f5b-b4ca-be2e8b8c61ea", "value": "cd40f6d802fa3200881322ae36ee77cbb204ac01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839487", "to_ids": true, "type": "sha256", "uuid": "5a308667-4c5b-45ad-b4f2-d221dc5e52d5", "value": "0802f0a64fec538d8b57f03751f3b5da9e037fbe1ea492d374ace09b8af5eca8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839487", "to_ids": true, "type": "ssdeep", "uuid": "9eca6241-55be-49e7-b54d-224d9713e62f", "value": "98304:6acdUHgv622OBinBylSHSLGCtataR0CWWsub+TMAbW983w:6GAcOUnBylSIGca8BHHAbW983w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839487", "to_ids": false, "type": "size-in-bytes", "uuid": "70181962-42f5-44fc-a97d-7e175af65d4c", "value": "4504519" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839487", "to_ids": true, "type": "vhash", "uuid": "77aa91d0-5f04-4db8-93ff-c2812796577f", "value": "6ad4dcdc3c646ca138b9aec471d9c859" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839487", "to_ids": true, "type": "filename", "uuid": "92961d82-b55d-428b-a7a8-8954205bcb0b", "value": "852fc308e5ff50c81495a9293cd9c9f1.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839487", "to_ids": false, "type": "text", "uuid": "ec4a9995-8e93-4b75-892b-13f913ea27dd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA55\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839508", "uuid": "d6f5e237-896a-40cf-8186-da071d988b1b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839508", "to_ids": true, "type": "md5", "uuid": "d149a35d-2779-446f-a96a-75fa2004baf6", "value": "61f9dadb3c85ef1e1665aa1f4a4a42a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839508", "to_ids": true, "type": "sha1", "uuid": "6d6d6cb4-7ea7-4575-b71f-e73ab2365cab", "value": "a65c8b792028f4b771050316ba8c5e3897700622", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839508", "to_ids": true, "type": "sha256", "uuid": "ba952a58-380b-4e96-ace9-652d20b61c3d", "value": "81ddfdc31773b47ef74e3575471693aca0b3c0e2c92b0756a4cb7d7689d7bdf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839508", "to_ids": true, "type": "ssdeep", "uuid": "37dbe9c9-9626-43b7-bbb6-6b5807562118", "value": "6144:d4j4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxbQ:qUf+vRrdmFOBwoFgLgPeqyuGM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839508", "to_ids": false, "type": "size-in-bytes", "uuid": "02f4828f-31e0-48bd-b1cf-5dd130d9c850", "value": "365637" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839508", "to_ids": true, "type": "vhash", "uuid": "518b515b-cc7e-4f73-a810-8e73fdaba89f", "value": "4479a21fd3cad7da01d38d25735575f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839508", "to_ids": true, "type": "filename", "uuid": "14ec906b-f0d5-489a-b319-dad30a65c20f", "value": "61f9dadb3c85ef1e1665aa1f4a4a42a3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839508", "to_ids": false, "type": "text", "uuid": "ec4f1084-f488-40f4-9056-30bf5c3855b1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839530", "uuid": "6fecce66-f6c3-4c59-aa76-e9fb6f2b6cd5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839529", "to_ids": true, "type": "md5", "uuid": "81e315d5-174c-4610-b397-cd4643d63064", "value": "1b865022733a24119c263c1de3012a25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839530", "to_ids": true, "type": "sha1", "uuid": "1519d35b-f653-4666-a124-951dfe22a825", "value": "ed942c10b0cb71b4d9dd4fb148cb18acca8af63e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839530", "to_ids": true, "type": "sha256", "uuid": "0c2b9bac-5c6a-449d-a21e-321b045d7127", "value": "03d3e84b906be1f6a4a41c09439b3c3c86190fbdb1a03d677acc13e7cccc7bdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839529", "to_ids": true, "type": "ssdeep", "uuid": "8699cfb6-85d6-476a-b9e3-1f520aa52694", "value": "6144:wkSnNf97IKRwDQMlx2OI8ehqT70/XTAqJYpmWRbiUs56:yRIKiDQM6tQ30fTviiX6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839529", "to_ids": false, "type": "size-in-bytes", "uuid": "a2822d4f-2999-4eff-8919-dc7ad354cdd9", "value": "247715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839529", "to_ids": true, "type": "vhash", "uuid": "73edc2c1-8424-4a1b-8b07-b25223771bd1", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839529", "to_ids": false, "type": "text", "uuid": "6211537d-0d0a-4085-b9c7-56191c9cf693", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF6\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839551", "uuid": "eaeca8eb-7647-494c-97fd-1bbb511a49e5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839551", "to_ids": true, "type": "md5", "uuid": "b6d1b792-e3fe-4107-a29b-0480648b1831", "value": "55d4412371bb8dc324d38eda43fe55bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839551", "to_ids": true, "type": "sha1", "uuid": "f0bc557d-387f-44ac-9da2-90317c21af16", "value": "3fcfa990ef8d597a20e2432993c41546b8fc74b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839551", "to_ids": true, "type": "sha256", "uuid": "9c594a0a-ac21-455c-8552-2ff1b663fdaa", "value": "f060a5343d3ed6f516b0694ff42bc6ba1fc0073952111ceb1becbc83c97745e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839550", "to_ids": true, "type": "ssdeep", "uuid": "6251ac71-c04f-4043-9116-9929d477b2f0", "value": "3072:vgSMXdMXijx/Zp/n+dhjqOhZyuFNJuLSXTWTBD7PkwJAxOt/llKzaENjoVvOkMTo:vgS4d4iNLn4hXuOJX09AOXtAueuvOPnU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839550", "to_ids": false, "type": "size-in-bytes", "uuid": "acaa3fc0-292c-4ceb-8795-0be17ee72c47", "value": "243615" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839550", "to_ids": true, "type": "vhash", "uuid": "72d66317-65f4-4d61-b151-3de2fbcfce1e", "value": "7d5898c2d6d5897e3f8ed533f16b32e9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839550", "to_ids": false, "type": "text", "uuid": "557e3089-c0a1-4462-90f4-88b0555217c1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839572", "uuid": "ce639811-0c59-45dd-96ae-1e548c060b84", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839572", "to_ids": true, "type": "md5", "uuid": "2ccb695a-366e-4814-8b9e-8db43cdee5af", "value": "eb459c428bd257ca91097bc11d722089", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839572", "to_ids": true, "type": "sha1", "uuid": "c6062780-697e-4f0f-a8a2-9eec71a03330", "value": "455898f6b0367fde95ace83084828881c5372c10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839572", "to_ids": true, "type": "sha256", "uuid": "44ad39f5-1aee-4a1d-bec9-e4604922c210", "value": "f323ad8430c9958aebe3fd1d359a1c9f05b7deedbc5229f0662c5914730b9f28", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839572", "to_ids": true, "type": "ssdeep", "uuid": "7acd3f9a-c6eb-442c-b93a-5b949964ae81", "value": "12288:z5LwcheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zgc4kcGH0rri:9MtyJI6XD2lORj4gd6H4gcJ06" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839572", "to_ids": false, "type": "size-in-bytes", "uuid": "067ee553-735e-47db-82ef-674ea8ce1c6f", "value": "554056" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839572", "to_ids": true, "type": "vhash", "uuid": "5c6baf07-fcf5-47a5-9fe5-aec8d23efd66", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839572", "to_ids": false, "type": "text", "uuid": "44f6f1a8-269e-435f-9959-2dd9462c7157", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839594", "uuid": "58753886-a1ed-4e46-97a3-c0fb160474b0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839593", "to_ids": true, "type": "md5", "uuid": "2c3e53d6-be34-4bd9-8375-6598e7a775ee", "value": "d9c790b2385c42a8cc0c61082e36d487", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839593", "to_ids": true, "type": "sha1", "uuid": "f0d4bfac-f2bf-4052-8a57-127b0a2a1e9a", "value": "21dffa6d169f2dc0f5c322fcf2b32bd385fe92ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839594", "to_ids": true, "type": "sha256", "uuid": "55992147-8db2-40b3-9431-59701ac5e496", "value": "487fade9a529f4cac22f1857203ce897e1d0749e0699ffd4c74d3e8506d64fcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839593", "to_ids": true, "type": "ssdeep", "uuid": "00290ec0-ec02-48d9-863f-84fc62050556", "value": "12288:J/Rx+5QJ5ysBZifgOFM0VuUBgw1+jVNdIPBbUTqppjM0gWlEoFRe312FAGeVQEnQ:J/XZBwfgOFDVNd0IPBaKj9ZRe4AHrNW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839593", "to_ids": false, "type": "size-in-bytes", "uuid": "0defe8c9-bca7-4646-ab68-1ecb668ff568", "value": "820992" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839593", "to_ids": true, "type": "vhash", "uuid": "edbbe4ee-e157-4d79-8366-653e3bcf2baa", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839593", "to_ids": false, "type": "text", "uuid": "9253a05b-0a32-463c-979f-8c2f8fcb37eb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839615", "uuid": "e2b1a559-8c54-495a-83f1-4cb6e8e8b3aa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839615", "to_ids": true, "type": "md5", "uuid": "276dd9e3-8190-408d-b7e4-44a325a34391", "value": "6383f65f311941a58ce8a6f33b00e956", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839615", "to_ids": true, "type": "sha1", "uuid": "0cfcff5f-b599-4458-a182-10bc4eb8d50a", "value": "c506119eef287bd4549ea185cdb664dcc6900b97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839615", "to_ids": true, "type": "sha256", "uuid": "48c15035-a1a2-4575-9754-294fb4ad887c", "value": "dc007d1319e8b5ec7b6d287985ff95e5fec166719dbbdf1bc61e854abba685ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839614", "to_ids": true, "type": "ssdeep", "uuid": "dca4cc97-96d9-4c83-974a-3e5487411611", "value": "12288:LGSIuxK/MCa720sMAUcg6wqhORx+5QJAJPosMuamUfDg/PYzFuoumyPcx4CLeRlI:LjLI/4CFMFMhOXggEefOcwnEHe714F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839614", "to_ids": false, "type": "size-in-bytes", "uuid": "9c514815-9ea8-49b9-ae97-ee2bab69db4e", "value": "747392" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839614", "to_ids": true, "type": "vhash", "uuid": "0386288f-d693-48e3-9d7c-1c94ea61dbe6", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839614", "to_ids": false, "type": "text", "uuid": "f8c3a48b-dc37-44b9-841f-0c7fbcece9bf", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839636", "uuid": "eaa5b912-484e-439f-87b9-7004398ff929", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839636", "to_ids": true, "type": "md5", "uuid": "b7650f7b-2560-4166-97a7-b7f9b8df2b26", "value": "8d67b92afea6e919ce6d9effe4af03b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839636", "to_ids": true, "type": "sha1", "uuid": "109d023e-af7f-4a71-b290-2ca9fcd029e4", "value": "fc6fd74b8191b36759a15ad19d34a2450ad300df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839636", "to_ids": true, "type": "sha256", "uuid": "83216639-7a1d-4cf8-b605-6bc88246e781", "value": "2e129e40ab9ac9b4eabe331758fbcf2da52c3f524643fd2bfe4bbebbffaa8ac7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839636", "to_ids": true, "type": "ssdeep", "uuid": "c7b0aa7d-8bdd-45d9-82e3-da15e2482675", "value": "12288:u9F5N+9aRnI+oBlYkiZVnAyDMR9oRx+5QJAzlByiVUsHOsyudBiTvUUnd:KF5WaKXYRVnVDMR9oXWxByiVNDDmrnd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839636", "to_ids": false, "type": "size-in-bytes", "uuid": "e80a200c-d2a9-4fea-9b5d-b269b1e3bc82", "value": "807495" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839636", "to_ids": true, "type": "vhash", "uuid": "bbdde95c-45a6-44d3-807f-8c64d8dc2c37", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839636", "to_ids": false, "type": "text", "uuid": "3d531450-7b15-425d-87df-bda719dbb800", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839658", "uuid": "f668e2d8-309d-45c9-923d-75f487ee69db", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839657", "to_ids": true, "type": "md5", "uuid": "260befcc-da39-4969-8db9-73b8130faa72", "value": "9a524056fdfa838c397b94cebb800e92", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839657", "to_ids": true, "type": "sha1", "uuid": "7ecf77d6-64f8-41fc-80fa-a7b429bd24bf", "value": "e0c840e1e1db8b5442ca986c530432ecf89de026", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839658", "to_ids": true, "type": "sha256", "uuid": "a61ce644-e7be-4985-ad58-8289f72a5f21", "value": "828f77696dc18c9350386aea316eaaa13494257f49e0ca9dcbf38404fa60dc17", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839657", "to_ids": true, "type": "ssdeep", "uuid": "8e35d456-f891-4ed1-9de8-a62b0d6627aa", "value": "12288:lsObkDhw7ovRMG6KYNfRx+5QJQrFsB5h3iDJ8emW1xeiU8jgrGATk:2Aktl2G6KYlXOrFQE8emBiUqAw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839657", "to_ids": false, "type": "size-in-bytes", "uuid": "503fa989-2f5b-40af-af75-8dff63dec466", "value": "738306" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839657", "to_ids": true, "type": "vhash", "uuid": "34b6c64a-481b-4942-9b39-0a5c6ba81ff2", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839657", "to_ids": false, "type": "text", "uuid": "56149b7e-7dd3-4a1d-a056-e847a0c1b60e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA1D\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839679", "uuid": "fa5507a8-4d68-4214-b681-5b311fa243d3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839679", "to_ids": true, "type": "md5", "uuid": "0f85d4b6-9c47-449b-9d9f-204d034448ca", "value": "73af85dd5265b1c9bfdd6134aea9b702", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839679", "to_ids": true, "type": "sha1", "uuid": "d8775e4e-c238-48f7-b685-6771ff884f95", "value": "c737c427f23a45109e5b2092526e5938b29d8adb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839679", "to_ids": true, "type": "sha256", "uuid": "eb67e719-0503-44db-bc75-5bc6696c1b83", "value": "4ddc77a5fe6caf3a117f8e0b411b854dd76726c19d1a5fe98a625a0bfd9b65d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839678", "to_ids": true, "type": "ssdeep", "uuid": "5a48235f-c413-4f67-ae7e-7caccde10a06", "value": "393216:+9MxHR8fGbG1glJw815NL6TFKOWCZfUMmgbNL6sMJHR8fGbuL:+9UeMovayTF5jfUvbsKeMuL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839678", "to_ids": false, "type": "size-in-bytes", "uuid": "fefb16e5-47a8-4481-86ee-d985f400b121", "value": "15540606" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839678", "to_ids": true, "type": "vhash", "uuid": "91b54382-a8ca-4c87-b84e-93f6432e06cb", "value": "a3d4e0bf48284d54da2a97ea4a6b0439" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839678", "to_ids": false, "type": "text", "uuid": "648a615e-22ba-4b14-97df-9746deae64dc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:25/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839700", "uuid": "5094d2a4-a772-4bc2-9942-dc3134e5402e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839700", "to_ids": true, "type": "md5", "uuid": "c634db00-37ca-4401-bd92-e7cb3b59d3d1", "value": "64ed7c3d5b737dedb8f8d20c5a5771a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839700", "to_ids": true, "type": "sha1", "uuid": "2d3d719f-58d6-46eb-946a-c384aaa4c5bb", "value": "d92b5a557e6eb733123ecf3c4f89bd5c263f67e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839700", "to_ids": true, "type": "sha256", "uuid": "fc0273e2-87bd-4d69-94a8-009c459978fa", "value": "bc06d758df71b33911a271954ab92fee8790d95b8cbadb4110d813d40dd126f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839700", "to_ids": true, "type": "ssdeep", "uuid": "7b26c235-3973-4fcc-9268-e11906f8b91f", "value": "12288:vSIuxK/MCa720sMAUcg0wqhCRx+5QJFYdi5JboTYbAxKWzu6+6CfmZ:qLI/4CFMFyhCXznbcFZZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839700", "to_ids": false, "type": "size-in-bytes", "uuid": "3ddf8c24-c963-43e6-9172-0d7073060ec3", "value": "747725" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839700", "to_ids": true, "type": "vhash", "uuid": "e969e380-602c-46d9-9c05-afd714cb30bd", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839700", "to_ids": false, "type": "text", "uuid": "fb9cb8c0-33b9-4577-9327-11a82d537c6e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839722", "uuid": "39d4e3ac-f0c6-4e67-8ec1-85c319b578a2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839721", "to_ids": true, "type": "md5", "uuid": "817e7566-5c17-4d07-abe6-9e47b9eba051", "value": "f826c163cbff7122da4e87a8fdfeb62a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839721", "to_ids": true, "type": "sha1", "uuid": "5adc3162-8d2a-48cd-8672-05a1682d8d89", "value": "2d2f8b84178d859ffcbabccd653152586b9a75e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839722", "to_ids": true, "type": "sha256", "uuid": "2d422dbd-5b73-4d67-9bfc-95d44ae46136", "value": "76d6b32f24a9cb30228d51fdad84c84cdf34fb41b863d0aa89c64e2252b7628f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839721", "to_ids": true, "type": "ssdeep", "uuid": "6de54eb7-154d-4add-8837-6a42dbaade62", "value": "98304:X146QG6HpVtJAyhWkFSR3hzte7LAGQUk5I:X1PQGKphAkC3q7sak5I" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839721", "to_ids": false, "type": "size-in-bytes", "uuid": "3f59d811-51d7-4bf3-a569-0c5a1265baee", "value": "3670010" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839721", "to_ids": true, "type": "vhash", "uuid": "f678599e-a74c-4286-8bda-8f1afb64c9b1", "value": "bc6455642f2d40a21bb498ffb1242be2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839721", "to_ids": false, "type": "text", "uuid": "abc90def-fcc6-4b24-bec0-5afd591927e3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839743", "uuid": "41ce3ed3-152c-4d71-974e-44b0383680ce", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839743", "to_ids": true, "type": "md5", "uuid": "ff78a83d-f65f-4192-8fe5-a3d66d11588e", "value": "178bfb1159c94893a6c4e2cd8160e854", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839743", "to_ids": true, "type": "sha1", "uuid": "03d26ad3-ca74-44bd-a4ab-55352b193801", "value": "d3cf783cf7d942a4ce04a6d207a38a887d834642", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839743", "to_ids": true, "type": "sha256", "uuid": "efca0f4a-3d20-448e-977a-dfb3a51d9d16", "value": "152167eeaea22b006582ce781038946668ae5e3f303077ad01e33905ad3d8da0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839742", "to_ids": true, "type": "ssdeep", "uuid": "966597d6-2b94-4101-92aa-e56e710f3028", "value": "49152:RpfqmMeynzaselIRsgP49zEUcXfqlfqyK1cvpe:RpfMZWselIOgP4leXfcf46Re" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839742", "to_ids": false, "type": "size-in-bytes", "uuid": "42c7260d-6b1c-43de-94b6-c8638defde4d", "value": "1633198" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839742", "to_ids": true, "type": "vhash", "uuid": "cfc97a99-d45e-44ba-a641-d381b1fa9da6", "value": "c8813110af9aa4c68a74cb1c71f13068" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839742", "to_ids": false, "type": "text", "uuid": "00e1bf26-15d5-46c5-919b-788d405da87f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839764", "uuid": "3ef8266a-f6e9-450f-9a18-cdac45a98338", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839764", "to_ids": true, "type": "md5", "uuid": "5f92ce41-934d-4b87-aec1-bcc9267bb1c6", "value": "9997c6622eb6b9daba4f64f6ac82600d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839764", "to_ids": true, "type": "sha1", "uuid": "7c713bea-fde7-4d9e-ac8e-4c951a9b6044", "value": "e6c9b65f906a54b0938460ab61bf27eda9274b7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839764", "to_ids": true, "type": "sha256", "uuid": "d6522735-f193-4504-b517-8d7b97972b10", "value": "9a272fb3e825abe213ee07a43c1b0d4ae7298e78545b04e31b014229f61f21a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839764", "to_ids": true, "type": "ssdeep", "uuid": "315e77d8-3bae-4f80-95d9-f55863e6e12f", "value": "6144:/4h45m3wMmYgG1uFNTlMDJDUEAxTrKhyCxBGkz2066l8XPDVvM7zZq4rC8IDTGVI:gO5HNY11uFt6UE4r6yCxsv0HmfDVvM7U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839764", "to_ids": false, "type": "size-in-bytes", "uuid": "f654b366-6e69-4bfe-bc95-c1a3f98a3d10", "value": "392288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839764", "to_ids": true, "type": "vhash", "uuid": "8182bd0c-28f5-4080-ad79-f641153f94cf", "value": "14108df74de79d1a57bdac316c8f00af" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839764", "to_ids": true, "type": "filename", "uuid": "665cc886-9cbe-439c-89d7-66da60ba47d7", "value": "9997c6622eb6b9daba4f64f6ac82600d.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839764", "to_ids": false, "type": "text", "uuid": "a6e6fae4-4503-4b74-8d7a-c02e567a241f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839786", "uuid": "3074bb90-1783-4405-b18a-bc5596652fed", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839785", "to_ids": true, "type": "md5", "uuid": "5e6207ec-adcb-4174-9e5e-aeedc03b0da6", "value": "bfc517ed074a20b71b356fa457ebb2de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839785", "to_ids": true, "type": "sha1", "uuid": "0f878f6b-9eee-403f-b947-fd83eec18d3b", "value": "55d79457eca2adaacf352fc6df7ce852dca1eaa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839786", "to_ids": true, "type": "sha256", "uuid": "03a08375-2b6f-4807-9d5a-6c84a08b8c9d", "value": "0d8f1958f648f9c166cf5692dcac64a45f6638d89f48a9ba6fd9aa50ab6a4acf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839785", "to_ids": true, "type": "ssdeep", "uuid": "24e10624-7560-4fd6-9f42-51708c191ada", "value": "98304:KOdKoVmuCOrlsSWaOb104fFosecJh+9NrJDQCOiybECkA+6gAT4afxwAd0m6up4l:vsopaxoseceDQCOFbugJfxwAdBJ4Qg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839785", "to_ids": false, "type": "size-in-bytes", "uuid": "9466b438-68d8-4a87-8124-2392963a9765", "value": "5884106" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839785", "to_ids": true, "type": "vhash", "uuid": "a68c4e1f-4bb4-4c56-b0ac-7d2e8960d8e4", "value": "c03a079670c1d2b35fb0f945081c62e0" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839785", "to_ids": false, "type": "text", "uuid": "b0dd64b9-6bea-4eb3-9cde-c7d54ed5b71e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839807", "uuid": "3c834f4b-7a0c-4d8b-8a01-d2b3f47d4165", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839807", "to_ids": true, "type": "md5", "uuid": "ee028d9a-ae0f-4eb4-a4d4-1e2c0d74e7e6", "value": "1375c1f1bea69b695d66c66b88b37a7d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839807", "to_ids": true, "type": "sha1", "uuid": "e280d4c4-fcaf-4cc0-8278-eab50fe27b65", "value": "d8ae4016f714885111e4673b51d67f663866c289", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839807", "to_ids": true, "type": "sha256", "uuid": "b9c3af4a-b405-4010-baa0-2e5a1b47048e", "value": "002a453edf22e506790823a697d31b20c1678096079864f067ae9ea6ad97a70d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839806", "to_ids": true, "type": "ssdeep", "uuid": "dc9f6222-1910-4618-b895-48910ab413c2", "value": "196608:99j2SwNP9XJtemzRf1mWKB8ocCi83OGyXs0Ul06cNqGM3e:72J1emz/mw8+9s0USNqF3e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839806", "to_ids": false, "type": "size-in-bytes", "uuid": "e8de916a-2dd6-47dc-994f-bb6c4c90072e", "value": "7606206" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839806", "to_ids": true, "type": "vhash", "uuid": "3c652505-7436-45df-ab16-15edd7a2ee1d", "value": "fac61e8c5fdd0d5291c59e0a2eab33d5" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839806", "to_ids": false, "type": "text", "uuid": "68cbc861-1def-45cc-9c20-6455ade2253d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839828", "uuid": "f04103af-2743-4e24-b5dc-38a6897df0ee", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839828", "to_ids": true, "type": "md5", "uuid": "c8d21975-0a84-42ed-92ed-59ca76814751", "value": "08b417ad87bf1c249d4fca3c58977d86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839828", "to_ids": true, "type": "sha1", "uuid": "a61387e8-abd0-47ee-8b92-83895c9ce7b2", "value": "95d574ad6982aa4ad06d54bd38a4138bcb9de42e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839828", "to_ids": true, "type": "sha256", "uuid": "3fb37fbc-086e-4067-a4f4-e478264a2517", "value": "34d6eece5c3cdebf30ca1d0db3aac6d93f47905ca39555260c894fd29549fed2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839828", "to_ids": true, "type": "ssdeep", "uuid": "90a14822-0ddd-471a-8f8b-801e3d1513b7", "value": "98304:iIcsiObyhJuyjZ/RJMDwF/1EISY3+ggAF1OESfMJfJ/CC9:iPsiBhJuyjZbMD+SSJ1RSfMLKC9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839828", "to_ids": false, "type": "size-in-bytes", "uuid": "cd27869a-aaa6-4a6c-8912-bed02488ce56", "value": "4041345" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839828", "to_ids": true, "type": "vhash", "uuid": "7051e498-a46c-4fc2-b7e3-7b067ee1e3bd", "value": "4fd30d471205f2f469420a14835194eb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839828", "to_ids": true, "type": "filename", "uuid": "0371eedd-e7f1-49bf-94eb-3f771b2e79be", "value": "08b417ad87bf1c249d4fca3c58977d86.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839828", "to_ids": false, "type": "text", "uuid": "8af2ee85-1ad8-4ef2-b83a-17ed299b8996", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839850", "uuid": "e503c709-9373-4393-b340-3ba9e01ea7d3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839849", "to_ids": true, "type": "md5", "uuid": "cef42ee0-af3d-4912-b477-01bb1e33d997", "value": "083e46edd18f281cbd0cd0511a6ce40f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839849", "to_ids": true, "type": "sha1", "uuid": "cc795f33-8bbb-4a99-9bc0-026dc093b6d3", "value": "f0ae1c72cdf55cd34aec3191c458ac068bdc5156", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839850", "to_ids": true, "type": "sha256", "uuid": "f06ffaeb-dc5b-4539-8d24-36635158e25b", "value": "7309c015a686eff8fc9e376a92480bf6ca311109baea65a642243c71df0e63e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839849", "to_ids": true, "type": "ssdeep", "uuid": "bb5f2a7a-4ce8-4fd8-873a-32b63132138e", "value": "6144:vCJIR2gaUZPvcpXCKGmvxTgaJ2+sHqCMBCtHYjFnVviWRaygnyPP9EgdKU:qCRLvC3GGTgaJOKCMBbjF5ba3yX9aU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839849", "to_ids": false, "type": "size-in-bytes", "uuid": "42fd3d76-5dc3-413a-a20e-0fb0f3f8cdc8", "value": "367032" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839849", "to_ids": true, "type": "vhash", "uuid": "c0f95de8-9736-46ad-85b9-d05ae7b0f528", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839849", "to_ids": true, "type": "filename", "uuid": "60d5414c-f9c1-45a3-b4b1-3edef42c2f87", "value": "083e46edd18f281cbd0cd0511a6ce40f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839849", "to_ids": false, "type": "text", "uuid": "4c09c2e0-80a5-4311-92ea-130b42a4d202", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839871", "uuid": "21a0ccf7-ee44-4208-bdef-00696e7dda63", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839871", "to_ids": true, "type": "md5", "uuid": "bf15910c-4100-4e1f-8f66-2e7c4448342f", "value": "e93e0b16a930a9249712983af29f0833", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839871", "to_ids": true, "type": "sha1", "uuid": "212fb69e-acf1-4f7a-af70-10d1f1d9d324", "value": "91d29f098be5327fb66a3742c2d5b4b023e7e198", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839871", "to_ids": true, "type": "sha256", "uuid": "b875112d-ef5b-47b7-a806-c697f855fb0a", "value": "36fc7254480e8fc3c47a94c7a31e871b5f1eefbcb785347797229744658a4a4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839870", "to_ids": true, "type": "ssdeep", "uuid": "ac31d02d-b54e-49e0-8d58-6f2da464dafc", "value": "24576:wEpR8bA/W+vLLDFChu82NpuetMIOrTBzOlU6lPyBIqMKHAEMJLoX6Iso8Qy0+:weK25r82NkK9O35uPytMKg1LE1sx0+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839870", "to_ids": false, "type": "size-in-bytes", "uuid": "304c0679-998b-4afc-bfb9-057a17402d5c", "value": "1646296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839870", "to_ids": true, "type": "vhash", "uuid": "d46bf502-4821-4fba-832b-09a2f4b99758", "value": "a67c3c0cac5f951226b5478c22a33352" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839870", "to_ids": true, "type": "filename", "uuid": "b40fa272-eb02-440c-aad3-3f5ad510c428", "value": "e93e0b16a930a9249712983af29f0833.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839870", "to_ids": false, "type": "text", "uuid": "fe29a2fe-05bb-4eac-93a2-e56e39ac52e2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839892", "uuid": "c7d65ff7-8c72-4693-b9ee-40012d864510", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839892", "to_ids": true, "type": "md5", "uuid": "12f1c041-dbb6-4317-a42c-e6f887d83b85", "value": "8e1157689de8bd1fa898eea8c6903c3a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839892", "to_ids": true, "type": "sha1", "uuid": "c7f98801-ebc1-45fb-8536-8956b7c1192a", "value": "5771fdc5ad4cc0d3d454941d0fbf061a088d836a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839892", "to_ids": true, "type": "sha256", "uuid": "8436bd7c-8ca0-4b49-aee2-6e680301db45", "value": "a6f691d5f90eb30c4b404c4151060035a9d00df9ef6cad4e274d1ef4dcbc4538", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839892", "to_ids": true, "type": "ssdeep", "uuid": "637b60c7-b233-4510-9f6e-99ad58cf64e8", "value": "6144:M7rdr7Wqgfh5ClaCBNEc0kRLIKT/PGV18f4pv:MHdr7WqQgaQycz/PG84pv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839892", "to_ids": false, "type": "size-in-bytes", "uuid": "0646d33f-710d-4e3a-87eb-05b9589cf211", "value": "285912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839892", "to_ids": true, "type": "vhash", "uuid": "557c2b24-12cf-49a8-ae71-c1dfb7b7a538", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839892", "to_ids": true, "type": "filename", "uuid": "dd581ba1-e487-455a-8ac3-b311c153a144", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839892", "to_ids": false, "type": "text", "uuid": "f28b7cd4-4ff4-4b92-9f59-2d8751b56915", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839914", "uuid": "ce68716e-484c-433e-8c84-d72dec54593e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839914", "to_ids": true, "type": "md5", "uuid": "e425efa3-d792-49aa-b021-dd83d054105c", "value": "c37ffe88942cf7cc079f54ee6044ec47", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839914", "to_ids": true, "type": "sha1", "uuid": "2ae74b05-e415-4c8e-abb4-2e43af32857d", "value": "723206de69cc96d99a8528dfc3ceed879fbfc7fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839914", "to_ids": true, "type": "sha256", "uuid": "da9caa8d-63a1-4a11-b509-f253c2f925f2", "value": "db9ee5ec791c1285a018a6872ef810ab02fb82e2b91f2d77d56fa30637b5439c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839913", "to_ids": true, "type": "ssdeep", "uuid": "ab556fd7-e8a3-4369-8860-2d2c0353d829", "value": "6144:4+ofGHJo3J9rEmJUmqK8lY3WniL4RBj51vqr37pjFGW1a:4+pHJOJWmi287ia037pjMp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839913", "to_ids": false, "type": "size-in-bytes", "uuid": "56079d3f-87fe-4efe-aa48-51873bf26f9f", "value": "289775" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839913", "to_ids": true, "type": "vhash", "uuid": "597e89ca-877f-4ab2-a19a-dac90e2e3762", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839913", "to_ids": true, "type": "filename", "uuid": "2e188830-c9c0-451b-9c28-0b6714a91555", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839913", "to_ids": false, "type": "text", "uuid": "00d7a8cf-25a2-44b6-81d1-ca390c0140c4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839935", "uuid": "9fbcf019-b817-4516-925d-f7a90c9e5d74", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839935", "to_ids": true, "type": "md5", "uuid": "1e492bc4-26a1-47ef-a173-7218d4052e17", "value": "881fe5161c48d17b4257811ab0c4575e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839935", "to_ids": true, "type": "sha1", "uuid": "2701d906-c056-4571-9974-6f127b534545", "value": "56cfb708463bfd5adda3084e8ad1a9e98ef1fe33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839935", "to_ids": true, "type": "sha256", "uuid": "61afeb46-0431-43bb-87de-4755800776a2", "value": "2fb0e115a99503716d80e7d608fcea04f1bef9b22fc8e401f5e57e3e89a0402e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839935", "to_ids": true, "type": "ssdeep", "uuid": "97a66172-255b-41a6-bd19-948d4f5fb957", "value": "24576:A9V+JjMVnWx9TqAClMMjLxZhRSDzjNEnHyr4H7p2sgmLSg3pNIwbFK:G8JjsniwjLZRgz5EnHy0H7rgNg3Xg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839935", "to_ids": false, "type": "size-in-bytes", "uuid": "f6183225-0208-4e21-a185-e26a97444ce1", "value": "1474555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839935", "to_ids": true, "type": "vhash", "uuid": "e45c4762-f519-4d3d-b820-d515eab40440", "value": "0a6a918e6c4eed1ecc90d33f1723d8e4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839935", "to_ids": false, "type": "text", "uuid": "5fc90ee1-21a9-450a-95b6-882b14367c9a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839956", "uuid": "30d70e22-68d5-499f-98e0-123be6cff730", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839956", "to_ids": true, "type": "md5", "uuid": "d137f294-3017-43ea-8c91-d5d3af2a5b9b", "value": "52364e3699d6f5f010d7fe498492b43b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839956", "to_ids": true, "type": "sha1", "uuid": "6f861162-74d6-4f1f-8b47-751f739d3d7c", "value": "32c65b040ecabacee0057b07fdeeb77b64bbf808", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839956", "to_ids": true, "type": "sha256", "uuid": "133a2226-fb46-4f76-af10-1546f596ce57", "value": "f6dfab98f7ca9d7b39db7d2585c3b9ffdd4c7fa3f1f713860e9a2a06195bc3e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839956", "to_ids": true, "type": "ssdeep", "uuid": "348966b5-45ed-45b0-8cb0-067256827cd2", "value": "12288:jsObkDhw7ovRMG6K0NLRx+5QJGpEieuEyTksniYf+3E2+5H2XsX2AZoD:oAktl2G6K01XwpEQnFf+3E2qWXsmAZO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839956", "to_ids": false, "type": "size-in-bytes", "uuid": "4f84b2cb-9665-41c4-81b1-e3080b1bf859", "value": "763740" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839956", "to_ids": true, "type": "vhash", "uuid": "b39750e2-28be-4f8d-a2d8-2e1245f3ce23", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839956", "to_ids": false, "type": "text", "uuid": "97d54487-4ce8-457c-96ea-e9968704d209", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740839978", "uuid": "45f3cf42-46a3-4519-9689-adc004641852", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740839977", "to_ids": true, "type": "md5", "uuid": "e81a662e-7a99-4ebd-9f6e-11d4371a267a", "value": "5165c0751e1af52b9d7cb851ca32c070", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740839977", "to_ids": true, "type": "sha1", "uuid": "f7ef6f9a-fa87-4fa6-991e-8cb424659611", "value": "0bf03acc5c27b553b1cbafe92d58cd8ab35be50f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740839978", "to_ids": true, "type": "sha256", "uuid": "78cc691b-5279-4f42-b245-1b92d7c134e1", "value": "20124d83ee4efc0e0af6a0aff6bbb91372c623696744ce50684b0c152236f60a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740839977", "to_ids": true, "type": "ssdeep", "uuid": "03ffe0f3-b789-410a-92e6-72d9f2d49802", "value": "6144:fpAAfS4FC5nhaooAZZ75W3BaTQHeGm6fw+qcHBDFDMMuLkuSNDaX:fpC1bouZ7M4EeWqeVMauuWX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740839977", "to_ids": false, "type": "size-in-bytes", "uuid": "65535719-422b-4807-b53e-be9ac90351bf", "value": "301181" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740839977", "to_ids": true, "type": "vhash", "uuid": "68a0371e-8412-4bfc-9ad5-a5acb3299e8a", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740839977", "to_ids": true, "type": "filename", "uuid": "50437527-36ff-4012-9da4-9207429a81c0", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740839977", "to_ids": false, "type": "text", "uuid": "8817ec1b-4fd2-4ae0-9052-64f13a306924", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840028", "uuid": "870b41e3-fe0b-42e7-9967-7b84367a17ee", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840028", "to_ids": true, "type": "md5", "uuid": "4a5e6c4a-5c9e-43ad-899c-7c0d222833b5", "value": "96a22cca4067d908e4478c6a834f586f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840028", "to_ids": true, "type": "sha1", "uuid": "9c6ef00d-2f19-4a06-8d8d-54db99411f0a", "value": "9c514ad6c869bbf311e011168bbead8c9c7aaf66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840028", "to_ids": true, "type": "sha256", "uuid": "fc1b6b76-7c4a-4640-bce9-68331deb92b1", "value": "f5640c74685e564156ccc990a182c0aee5e840a03a9ec629d6be48836ee8c3dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840027", "to_ids": true, "type": "ssdeep", "uuid": "8fdf29d9-6476-48b8-9664-857d48d5330f", "value": "12288:Kv1dYQOP+clsFoifbW3e6HpqdjAr1sNC0y7xVbMd:K9Zw+clsFo6bJaklAhESvMd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840027", "to_ids": false, "type": "size-in-bytes", "uuid": "0c03fcac-a7d3-454c-a8f3-f9a0cbfe22b5", "value": "454116" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840027", "to_ids": true, "type": "vhash", "uuid": "0a71a003-0555-408c-93f6-addbeac504b8", "value": "97c387314c068632458831731fe02393" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840027", "to_ids": true, "type": "filename", "uuid": "070fea94-15d6-4d74-8615-2880b8e0da56", "value": "96a22cca4067d908e4478c6a834f586f.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840027", "to_ids": false, "type": "text", "uuid": "5e19e881-f5e7-411a-babc-41e30c65c794", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:28/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840575", "uuid": "e3471266-363e-4517-902a-c649b4f83685", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840575", "to_ids": true, "type": "md5", "uuid": "7cd111d8-7fc2-4047-a9e6-879bfd84a934", "value": "242169e5171611b8bc95a537a87ef7b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840575", "to_ids": true, "type": "sha1", "uuid": "d06c41e4-2b18-4c77-ad5a-d8b0a5b16cdc", "value": "7aebf59b64a379067fca92964c0e4aa71b119f10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840575", "to_ids": true, "type": "sha256", "uuid": "2531e446-bfed-4a1c-9c32-03069d30312d", "value": "721c51ccb40bbfa79e22a5ad9dc686ecd62f31389b989d5f3833fcb770e071d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840574", "to_ids": true, "type": "ssdeep", "uuid": "911e9acf-970b-4a8c-8f56-b745b2e83e86", "value": "24576:5F5WaKXYRVnVqMR96XFwGzXmiNRbYL1NR:LUaKXYRxMB1wGqo21NR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840574", "to_ids": false, "type": "size-in-bytes", "uuid": "a0c59d61-5ae7-417b-a3c8-aa64021398fb", "value": "833802" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840574", "to_ids": true, "type": "vhash", "uuid": "7fa01f65-4cc6-4e02-a747-42b7c2ab25bb", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840574", "to_ids": false, "type": "text", "uuid": "a1abc9fe-f998-45b7-928c-406e6316e9bd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAA6\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840597", "uuid": "a4779caf-550b-4d43-b6b9-9487a228578a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840596", "to_ids": true, "type": "md5", "uuid": "2364aa29-7147-4333-a875-65c24740ba38", "value": "44a76d4b426ecc0806ac74ecd1cfcb2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840597", "to_ids": true, "type": "sha1", "uuid": "b426bfd3-16b7-485a-a912-79b97c583471", "value": "51c1f63659b0188abfb1863e64eee92b12268119", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840597", "to_ids": true, "type": "sha256", "uuid": "3f65b9b5-3fbf-415a-8598-d33090d928ea", "value": "fc4890b849ef14a11c57076a9cc32bdb694e35078d6ca8cc1ce469996331874d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840596", "to_ids": true, "type": "ssdeep", "uuid": "3087d552-aba1-4046-9991-03e6014e6f80", "value": "6144:UesNAxm0w0xUDUkrOc5Yb3B4gax3Nx9X7U795hjypWah:UcJ3cMBMx3PpYJ3ah" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840596", "to_ids": false, "type": "size-in-bytes", "uuid": "2507a418-a05f-46a1-a318-57138f07c364", "value": "289069" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840596", "to_ids": true, "type": "vhash", "uuid": "a2e58eca-e774-4959-aefe-c35780923027", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840596", "to_ids": true, "type": "filename", "uuid": "9ae1d05a-68f0-4b9a-8f34-89e581c5e279", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840596", "to_ids": false, "type": "text", "uuid": "15eb453e-fe2d-4bcf-97c4-2bb8c050a85c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840619", "uuid": "1e1c3355-5e7e-41bf-a7c7-37b7e2cf843f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840618", "to_ids": true, "type": "md5", "uuid": "3931cf48-f6a0-4127-85cd-7b6d7c17059e", "value": "196e8cf30a70e0c8c317ef6a1fba8dec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840619", "to_ids": true, "type": "sha1", "uuid": "064da3f0-36e8-4a3b-aec2-d1657467516e", "value": "908e3ba4a327ea4e81a6b314190b3405cf7a2afe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840619", "to_ids": true, "type": "sha256", "uuid": "72c5823e-20a6-47b1-ba0b-d1c879ca98c7", "value": "8d906a1c2d1b84e26aafc1023bd7e1157971778caf716bea04d014f3b56a5e66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840618", "to_ids": true, "type": "ssdeep", "uuid": "b766dce8-aaff-4cab-92ea-515e1ea0a2d5", "value": "12288:WSIuxK/MCa720sMAUcgQwqhBRx+5QJpnwtATJ/r17U92p5fVhOVAPR9XUiUNz:TLI/4CFMFuhBXKKJDp9JYGp9E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840618", "to_ids": false, "type": "size-in-bytes", "uuid": "b02fabc9-5265-4a53-95c7-2e368d8ee425", "value": "773781" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840618", "to_ids": true, "type": "vhash", "uuid": "190a6691-77f0-4b06-a7a8-402d96bc073a", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840618", "to_ids": false, "type": "text", "uuid": "4176ec2f-1805-45cf-8c6a-a8b3abedb24c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAE2\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840640", "uuid": "5792cd08-741e-4011-9712-4fd0cc211056", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840640", "to_ids": true, "type": "md5", "uuid": "d79ffbbb-a170-428d-a514-de084d4f6d61", "value": "b396511541831196f88b8a7df3041b55", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840640", "to_ids": true, "type": "sha1", "uuid": "94bfdad6-f137-479b-9639-e083cab5fafb", "value": "b13d4fb3e652f7328647ef3a8e6384edd96d8658", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840640", "to_ids": true, "type": "sha256", "uuid": "840c012e-3926-482e-b150-d7ae7c7083d8", "value": "8187031415dd3a11c0302e74ef90a9d99709d75656348187e1d6818c712ed08d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840640", "to_ids": true, "type": "ssdeep", "uuid": "7791841f-5c32-498a-91dd-95552761e569", "value": "3072:t57abHCN++++r5EAlEn3Skq9HC9yk1RU5cmZHMh+ypsNTjVBaW:tdN+++duBpEH1RU5jxzrd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840640", "to_ids": false, "type": "size-in-bytes", "uuid": "b5062727-9967-48d3-82ee-5eb9a426a3fa", "value": "155966" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840640", "to_ids": true, "type": "vhash", "uuid": "cf9b1ff0-f176-4f20-845a-43d6186a4158", "value": "f2c1809a1ab3c3bf83834959b25cfa2b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840640", "to_ids": false, "type": "text", "uuid": "b1a9d65d-9aa0-48f7-8eab-8966918dd6cd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840662", "uuid": "53f47762-b2ff-4bc6-84ac-43f339ac7e92", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840661", "to_ids": true, "type": "md5", "uuid": "e33535fd-898b-41b6-8d9d-5d90a2efc376", "value": "8ffa8d93b94fd00e8a47659952aef5d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840662", "to_ids": true, "type": "sha1", "uuid": "b93aa006-ce2b-428c-ae16-604b134e20c5", "value": "fb4132068fcaa341a2359f48fae32571f68890cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840662", "to_ids": true, "type": "sha256", "uuid": "dd03a07b-9d11-49a0-8ae5-ccf140cef0e9", "value": "756faa0ad96a7cb1a1d4a1ccab0aca46c5449ff25f37778a7cef21b8ba8e4a44", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840661", "to_ids": true, "type": "ssdeep", "uuid": "7b54402b-b2eb-44ba-8e6e-2c420c2250c5", "value": "6144:2gBJLkoW6fVixnL2QQ4BV1MzdBvoSiJxRifdsbLEKtX:2wLkoW6fVunfQ4BV1MzPeKsHEKB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840661", "to_ids": false, "type": "size-in-bytes", "uuid": "2dbc7691-21fd-47d0-a5a7-80a8e7285b04", "value": "232892" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840661", "to_ids": true, "type": "vhash", "uuid": "818b8bfc-b089-4237-b3c9-c471cc6da89d", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840661", "to_ids": true, "type": "filename", "uuid": "4bc349de-61a6-493a-a034-bddd5e1149ad", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840661", "to_ids": false, "type": "text", "uuid": "cb8efc49-0772-44b1-8b5a-54fee14dc5d2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840683", "uuid": "3ab9bed5-5418-4adc-a240-d80bc584e983", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840683", "to_ids": true, "type": "md5", "uuid": "a62e4081-fcee-46aa-aa98-b1688a2e07e7", "value": "12afd589fc8dff67ab4dd0dad1f2e85d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840683", "to_ids": true, "type": "sha1", "uuid": "f0dcdc4d-d5e8-423c-82f1-897a68e4e7ac", "value": "5416d50dbce74275be18cda2eefd168219da3407", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840683", "to_ids": true, "type": "sha256", "uuid": "789dbecc-bb55-47c0-ad2c-c9cbc38b722c", "value": "3195e21936ca4382ca2cb27aca791da12053d21596b132c028b09381f1c7c01d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840683", "to_ids": true, "type": "ssdeep", "uuid": "394e95fe-f096-4cb9-9709-bddc2191379b", "value": "6144:bnjAU/lnxAmEYkPZ5AvyRUpuPymg8zApKibqB07JV6Wo++vRCCHlOHnyFdzLTDCr:bldEdPZ1R9PM85yo+6Wz+5Qx+KfV5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840683", "to_ids": false, "type": "size-in-bytes", "uuid": "5170d4b4-3adc-4c71-a9a9-81a213c8271a", "value": "411792" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840683", "to_ids": true, "type": "vhash", "uuid": "ec2e5296-d9df-45d2-9394-d523a60380f0", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840683", "to_ids": true, "type": "filename", "uuid": "76ac42c6-e469-410d-8768-c4030b67dc4f", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840683", "to_ids": false, "type": "text", "uuid": "8e3f04fb-04e5-47d9-abf8-1724eb6a4505", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840705", "uuid": "8710ef03-57c4-44c2-87a0-26bd5c32a58f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840705", "to_ids": true, "type": "md5", "uuid": "37052c12-38f3-4bc3-b6ea-5cdf37191aba", "value": "4ccafb96823579f33199e19c936ced71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840705", "to_ids": true, "type": "sha1", "uuid": "aec8f471-390a-4537-81f6-166b0ad8052b", "value": "9eca14045dfd8a3096a0606ccb3485107c893ead", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840705", "to_ids": true, "type": "sha256", "uuid": "3b1fb76b-7ac6-48dc-afec-4cadd695e821", "value": "eb710aa01940287cf26e3c37c45c3b7b4a1cb4899b4960eca2b386d93382cb8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840704", "to_ids": true, "type": "ssdeep", "uuid": "a3586b71-48dc-4c16-8b17-175d1bbd29a3", "value": "24576:FF5WaKXYRVnVSMR9UXRFPws6mm3TU8MxFOv:3UaKXYRxUxfP/6mKHMXi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840704", "to_ids": false, "type": "size-in-bytes", "uuid": "6625ea33-ee01-4369-8152-cabc84a7116b", "value": "807785" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840704", "to_ids": true, "type": "vhash", "uuid": "cfb111f6-0abf-4301-a424-935b37360afa", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840704", "to_ids": true, "type": "filename", "uuid": "587eb3f8-e792-49f8-80b6-bd37c413a7cd", "value": "4ccafb96823579f33199e19c936ced71.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840704", "to_ids": false, "type": "text", "uuid": "6867bef1-c2f2-4e88-8e6b-3c43ed396994", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840727", "uuid": "ae4511e1-3a98-4c7e-b34a-fc699b1fd94f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840726", "to_ids": true, "type": "md5", "uuid": "81197925-6ee9-466c-91a3-6760990b797c", "value": "234da694dcd2859a2c9afc77c097df5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840726", "to_ids": true, "type": "sha1", "uuid": "bd0c9ada-dbd5-42d6-a731-7eb64a9aa934", "value": "7f8d01c5d35f26a746a3de6dbf3271c69ae7f9eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840727", "to_ids": true, "type": "sha256", "uuid": "2f5eb46c-2ff9-4160-b0a8-f2bdd8f4dc49", "value": "0c8bcc908bbd18ac20476fff63429a04e1b54f8fed162e05b6cc49ce84831cfb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840726", "to_ids": true, "type": "ssdeep", "uuid": "8950f2fc-f318-46d3-82ac-25161f4535dd", "value": "6144:6K+go4UNrUHNaJAQpyqTig6pLvsTz3LYRqEYQnIMigqRlVb76L5JI+:6bpUtUAI0g6pWzYbDq5b7CI+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840726", "to_ids": false, "type": "size-in-bytes", "uuid": "df1b53b4-f7a4-480d-a579-e16f208a78bc", "value": "321513" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840726", "to_ids": true, "type": "vhash", "uuid": "320a3a64-f57b-4a6c-88ee-d67b746805b3", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840726", "to_ids": true, "type": "filename", "uuid": "a7c841f3-09f8-42c8-b82e-64a50d65cf9c", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840726", "to_ids": false, "type": "text", "uuid": "77cd21f6-c7f7-40ac-a32f-65783988240e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840748", "uuid": "0fad8bf0-6dff-4368-99b4-d28a2fbeb7e8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840748", "to_ids": true, "type": "md5", "uuid": "cada9c1b-05d2-4360-bf87-6313434efc43", "value": "75fb64661a113a8ffcc6bb9ecd3289d7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840748", "to_ids": true, "type": "sha1", "uuid": "8ece36c0-e772-491e-bc02-95ad30597b65", "value": "dfb57a5f01c2810303996afe81ac88b2448662d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840748", "to_ids": true, "type": "sha256", "uuid": "7986da28-b9a9-491d-9df0-653cde571379", "value": "bda689caf869b386f4ed77d4e5304c4bdc921b965417ffd844d944d694831585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840747", "to_ids": true, "type": "ssdeep", "uuid": "f3b61fa6-cf47-4341-ab8f-2f1533cf40f2", "value": "24576:mF5WaKXYRVnVGMR9oXyFPws6mm3TU8MxFOp:0UaKXYRxAFEP/6mKHMX4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840748", "to_ids": false, "type": "size-in-bytes", "uuid": "e4b8abd4-380e-476f-9b44-88277e5b918d", "value": "807785" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840748", "to_ids": true, "type": "vhash", "uuid": "0bcb663e-abb6-4d18-8654-8e149e7b3afa", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840748", "to_ids": false, "type": "text", "uuid": "92bb1cec-de0f-4337-b0dd-ae61019372f7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840770", "uuid": "efd43429-650d-4652-a318-19f1d696e571", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840770", "to_ids": true, "type": "md5", "uuid": "a1cc7bcb-4abf-4f35-9bee-c6cf21a71df2", "value": "bbde5b40af9b7f1c0c88bd8195629c31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840770", "to_ids": true, "type": "sha1", "uuid": "956e06ba-0d4d-4510-804c-b6bf4bde7210", "value": "e9c9041154b6417bc750444f642f0a0ee924eba5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840770", "to_ids": true, "type": "sha256", "uuid": "5e84655f-5c6f-40a3-bfae-fe105713b3d0", "value": "60cb915a5887bf88c08ec0d16fd6d6ac440efa71ddc5fae2b615d724588e25d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840769", "to_ids": true, "type": "ssdeep", "uuid": "b221b6a7-6fda-4965-80d8-53f376b0b1b5", "value": "6144:n0NjZjiDAttycvLtEXNDWrKdetVh+oo0We2EmBE/piH4kME5N4hTO46coLmz+:0hZ+DSM0+dYV0qWrEmBSJEIdOOoCq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840769", "to_ids": false, "type": "size-in-bytes", "uuid": "6bf38011-77cb-4b5c-aaeb-35bd0684be88", "value": "296217" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840769", "to_ids": true, "type": "vhash", "uuid": "34967ba1-ad80-4b35-ad96-d24d5d28c7e2", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840769", "to_ids": true, "type": "filename", "uuid": "02df336e-a348-4808-b717-b79c04d2cf3a", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840769", "to_ids": false, "type": "text", "uuid": "8ab102aa-c9b4-449f-adcf-2eaf31334530", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840791", "uuid": "443d8008-0850-4eed-b09d-b79d6a36bfc5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840791", "to_ids": true, "type": "md5", "uuid": "aa0b621e-1642-47a5-8bce-14b6d5ae4520", "value": "eac01266997a145d5628d2b2b269a6eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840791", "to_ids": true, "type": "sha1", "uuid": "9eec66f0-e047-41e8-802a-09239b7835e0", "value": "823914d4e7188f38c6cb8bb59ef33a45c41edd18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840791", "to_ids": true, "type": "sha256", "uuid": "c1c22da2-f6e3-4b43-bd00-b6956938c0d5", "value": "b520e707a4034ec43a0f72323976ef9d72d7ed93939aee0e1388fc76f6ad03cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840791", "to_ids": true, "type": "ssdeep", "uuid": "a67ebcc0-b7b8-4567-ae3b-9cd21894d697", "value": "6144:Qb2HAvLBq1mp/VaDdCHSZUf/J8Ux+V6SQLgXDs74E:U2HYI1mp/EpCHYubxo6Ss4E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840791", "to_ids": false, "type": "size-in-bytes", "uuid": "f9a8cd7c-8b5b-419a-81fd-91180520e0b4", "value": "295373" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840791", "to_ids": true, "type": "vhash", "uuid": "dd64016d-7c13-4a2a-9a8b-dcce35380469", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840791", "to_ids": true, "type": "filename", "uuid": "8876d561-bfcf-4a5b-96d1-0b3bd9b20bc2", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840791", "to_ids": false, "type": "text", "uuid": "4c6caa96-ceeb-4c8b-9f9c-ef74ed90a446", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840813", "uuid": "2dae7fb6-f196-4656-9d0a-cbb83b0aef07", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840813", "to_ids": true, "type": "md5", "uuid": "ac4077ef-8f97-4b8c-a984-297065f1c377", "value": "8d87e5155de7e8aacc719c1cde6d442b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840813", "to_ids": true, "type": "sha1", "uuid": "325774db-f868-41d7-ac3c-0dd6b8a20f70", "value": "948d9062c2f1328010638b6e5bfbe8c84fb805b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840813", "to_ids": true, "type": "sha256", "uuid": "ae3fc295-9652-4249-99f8-f2ad722231e6", "value": "35bf948526dcda668b00e5ea6e25b71aee05084e4c51c0254ddc6ad93381a2f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840812", "to_ids": true, "type": "ssdeep", "uuid": "206969da-5d29-47c9-bfb3-c9c494379879", "value": "6144:Tgh8YcH2JoxXHsickYl4wTtRKZeEDPfHzUTbUicH0Bea:Tgh022MiFxnTUTgn0Ea" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840812", "to_ids": false, "type": "size-in-bytes", "uuid": "764ba32e-c4c7-4242-a78c-81fe589e38e5", "value": "295326" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840812", "to_ids": true, "type": "vhash", "uuid": "d4ea9bf3-5a72-4c71-883f-a8b16cebf14b", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840812", "to_ids": true, "type": "filename", "uuid": "db91ff73-22ac-4610-b0ce-eb2ee3dc52bb", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840812", "to_ids": false, "type": "text", "uuid": "96d142c5-a786-47c4-bbbf-35684653752e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840835", "uuid": "4b9f8a90-5087-43f5-a22f-61b14fc3849e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840834", "to_ids": true, "type": "md5", "uuid": "3a1b02d3-5116-4039-aab1-96e8ff5b1fa2", "value": "548956c1db353fb4646d4a571a06b6ce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840834", "to_ids": true, "type": "sha1", "uuid": "fe76b8dc-8986-4fa0-af40-93210b772eea", "value": "16f41e1d2210910caf17c5cf0b868a82699c2c69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840835", "to_ids": true, "type": "sha256", "uuid": "29c7f7f7-b0da-4f7c-b049-ce86384b319e", "value": "93acc8cfeb5c3938a8b18fec190a33e03ef0de2a3a2ac2ea88bc8941505d091f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840834", "to_ids": true, "type": "ssdeep", "uuid": "ca69761f-eb53-4e54-a316-e211ef20ce4f", "value": "6144:NhIGKqlpiUUi+OdBGjaJKng0se/SWvxEcIFVY2PD:NFncUHBebmcIFa2PD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840834", "to_ids": false, "type": "size-in-bytes", "uuid": "b9c6155f-1c2b-4eb0-bfcd-d702770ad5d6", "value": "289231" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840834", "to_ids": true, "type": "vhash", "uuid": "be4e8b52-bad5-41da-abfd-22d656514982", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840834", "to_ids": true, "type": "filename", "uuid": "d58254e3-fd87-41a1-af65-474c8e915d29", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840834", "to_ids": false, "type": "text", "uuid": "272131b9-3115-47a3-b25a-85b8fadc4af6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840856", "uuid": "91dd0135-8bf8-4614-99ca-2158b3a8679e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840856", "to_ids": true, "type": "md5", "uuid": "1ba34237-4142-4a7b-a659-92dba680d576", "value": "b8e8d8a3aa915ec462fba8195a9dc285", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840856", "to_ids": true, "type": "sha1", "uuid": "d1cd95ab-c8c9-4902-b1e8-3fb84e76bdaf", "value": "aa9cb60ccfe0e38c351ed49bc86d559021f0435e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840856", "to_ids": true, "type": "sha256", "uuid": "ad0f6e72-653e-4487-b2ad-62ce1f819a1a", "value": "1a73ed5c68775d3216b4f12209f5d4b27a3af21be1a597545cbcae22898e07b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840856", "to_ids": true, "type": "ssdeep", "uuid": "f189c518-f722-494d-aeab-c8480725c037", "value": "24576:C2kgOVnfau6N1ebqRu0KkotKPSJTQfQAMzfu4D2YRbvnyuRX:zWCTNdfhiLNJDvRjnyuh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840856", "to_ids": false, "type": "size-in-bytes", "uuid": "db97bdae-e422-4a1b-95c5-db82a793746d", "value": "1017350" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840856", "to_ids": true, "type": "vhash", "uuid": "49506949-fdff-4842-a53c-1b1652c91256", "value": "f5018e912764cd925faaa708dbbcd1fc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840856", "to_ids": true, "type": "filename", "uuid": "342a4d35-74da-436a-85d9-63c3e2a25903", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840856", "to_ids": false, "type": "text", "uuid": "18a2c938-96c9-4d69-b62a-fb44dca255d1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840878", "uuid": "54f9a724-6c76-45ad-9609-0e454289e853", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840877", "to_ids": true, "type": "md5", "uuid": "aefb553c-328a-4245-b16d-d9358bbc28fc", "value": "0bdccad6693e497571889a36d0527aee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840878", "to_ids": true, "type": "sha1", "uuid": "28865748-8195-421c-8f03-c41b73ebe190", "value": "729038d3484eac980786b10d5bfa1b1b7cb7fa15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840878", "to_ids": true, "type": "sha256", "uuid": "f3534fa9-ad8c-4a86-9541-e028b2e61a18", "value": "29da855a97b3b31581a11944c2c5a6ea047de32f07bec1b2a3be00466c263cec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840877", "to_ids": true, "type": "ssdeep", "uuid": "faf9e48b-2240-4262-a184-8422810260c0", "value": "6144:N1BBl7LO525Tu5ZSDwZ0SaHigqha4XyqfzgO721h+HvFwUMIro7l3p+wt:N1Bi2wDDZ0SMiTha03WkNMI8JEY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840877", "to_ids": false, "type": "size-in-bytes", "uuid": "ab1b51c1-41f2-49b2-96a7-686d20c756a3", "value": "335591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840877", "to_ids": true, "type": "vhash", "uuid": "22252c9f-3715-48e5-955d-b1b3eaab2a52", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840877", "to_ids": true, "type": "filename", "uuid": "55e5002e-80e2-41d3-95cd-eb8d5a2e6172", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840877", "to_ids": false, "type": "text", "uuid": "0c4492b7-018e-45a9-9492-d2036d778a2c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840899", "uuid": "6b95ea9f-928f-49fe-8532-7bca261a03eb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840899", "to_ids": true, "type": "md5", "uuid": "10816088-d230-4b9f-a700-7fc18edb65f9", "value": "b118d6ff7d47608c63e2d3dff0ab6a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840899", "to_ids": true, "type": "sha1", "uuid": "04c50291-04e0-49d9-9964-be4e9303de7d", "value": "c6a3a67b4d5a32b760130dc29fedd7fe25f1cac7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840899", "to_ids": true, "type": "sha256", "uuid": "9fe546b7-901c-4e86-86a7-cc09a01d9a94", "value": "92b8805047480ce6047631c18f7482058a3c625beaccde438fed7419d34d9250", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840899", "to_ids": true, "type": "ssdeep", "uuid": "c1202d7b-b55f-4739-af5a-3bdda89e2840", "value": "6144:PNFZeCQEgxBtGERUgyJa0PDJROurndmlgbsyZjxuyTh6xmR/HVsQJ3vGMacPzw:Pf3gRG0UgyJaqq+Zp+ysxmR/H6G3eVgk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840899", "to_ids": false, "type": "size-in-bytes", "uuid": "389e790e-ca65-45b3-aea3-07cc9f98f1be", "value": "321706" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840899", "to_ids": true, "type": "vhash", "uuid": "9e074c34-e731-499a-81f1-d5fdb2138cec", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840899", "to_ids": true, "type": "filename", "uuid": "7fb7e30f-9f6e-42f0-9733-d15c8da918ab", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840899", "to_ids": false, "type": "text", "uuid": "1f29cd3d-fc19-4e33-bae7-5a200c1ef537", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840921", "uuid": "6d943014-0339-47d0-9182-7ac73706e455", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840921", "to_ids": true, "type": "md5", "uuid": "6efa8921-8bdb-4611-9317-629d6081d06a", "value": "9a3889224dda3c727f1035ea2b328351", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840921", "to_ids": true, "type": "sha1", "uuid": "bfdd15c7-a33c-4e36-b128-e689fbed1959", "value": "824ec7e35edf7abb6a70e2f820c31ebe40625858", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840921", "to_ids": true, "type": "sha256", "uuid": "5cb60aa9-c4d8-4b9f-98b0-cc5b16fd0673", "value": "18b0587a0369cd85e16cf58ecba04c68926772714688170ade900793e943e6b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840920", "to_ids": true, "type": "ssdeep", "uuid": "2a56792a-1664-4f9d-a79e-476501f2f114", "value": "49152:QumQfzXRRDb07gq+bzgDF7nrKNVdY801AK0IrAJr+FtGG7UwhmG6hZRU9W1ysh3K:QikcdzOFS1lIrAr+tv7UAmGuZx1bXRaB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840920", "to_ids": false, "type": "size-in-bytes", "uuid": "6aa1ac2c-8154-4180-9cb3-a0caa7e1cbcb", "value": "3094293" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840920", "to_ids": true, "type": "vhash", "uuid": "76afcf36-6761-4c03-9c89-315586228de3", "value": "05bad76c0b4b7d4b193d5bc096555424" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840920", "to_ids": false, "type": "text", "uuid": "862b5285-4979-4fee-9d34-9156bfd159c8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:23/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840942", "uuid": "37692b1c-79e8-4d4e-b1e0-f09633219931", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840942", "to_ids": true, "type": "md5", "uuid": "ed9fa14f-0956-4526-962d-5e07478c0071", "value": "645b1dd4e9858e1fe97129f5526b4777", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840942", "to_ids": true, "type": "sha1", "uuid": "dd4976a5-61a6-4831-972d-f9fc0a04ef32", "value": "0d7eb23a068795f76e1a86e732726dc0aa6044ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840942", "to_ids": true, "type": "sha256", "uuid": "981cff89-4a3e-4cf1-b64a-8dce2f75ce6d", "value": "b96b0dd2aff35e40f53b8d5b3244e82d2aa25e04d3dc26dec708bd98c138e4c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840942", "to_ids": true, "type": "ssdeep", "uuid": "c2e041e2-99a7-47f3-aefd-63e26cf3fb10", "value": "6144:BmRIukPlwdd5M+BRUftMXMLVsRPDF8Nsn58EIzCYkpDVsguUvQ8lR6gTZO:BmMlwddbBhcAPD2E58EIzdk2MlEP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840942", "to_ids": false, "type": "size-in-bytes", "uuid": "f95c5c02-be86-40f4-b4b4-e3f6f1f23107", "value": "296432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840942", "to_ids": true, "type": "vhash", "uuid": "c8c66eaa-ad14-4c0d-ae54-97f5cae322c3", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840942", "to_ids": true, "type": "filename", "uuid": "2d505a37-c272-4f47-80eb-e6ffdc53b7c3", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840942", "to_ids": false, "type": "text", "uuid": "2d86bda5-5f6f-480e-9e91-ea323381657a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840964", "uuid": "77df6350-97a0-42d4-8a54-6ef2bb9b690f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840964", "to_ids": true, "type": "md5", "uuid": "2ee353e0-1be7-408d-ad82-771c381b7187", "value": "20236b18e68c125f30c6eddc209c802e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840964", "to_ids": true, "type": "sha1", "uuid": "ee0a1224-a08e-478d-9728-d240cae7e1b0", "value": "ef4c3ab70057f74512c65f2bc3787df47e8cfa71", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840964", "to_ids": true, "type": "sha256", "uuid": "b8314673-b27d-41b2-a8c3-478bab68436a", "value": "9c0167beb8d5f8fe22059fcb8a31cf7361be4ebc9f23019ab1d298cca2955565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840963", "to_ids": true, "type": "ssdeep", "uuid": "9b025639-05e4-4e17-bf34-550367a53d43", "value": "6144:EL8ilhN5iWdNhJQOwfEEpZkJZ6Q+KfRrNy9lt0sIoQaTWR2Gj:Ej5bhEsE3W6TuR46sJKv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840963", "to_ids": false, "type": "size-in-bytes", "uuid": "38b9f165-480f-4b63-8436-a6a8411baa24", "value": "326254" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840963", "to_ids": true, "type": "vhash", "uuid": "e7f39900-f917-4ba4-aa2b-a68dd1361662", "value": "bf50f0497933b028da843a0003283864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840963", "to_ids": true, "type": "filename", "uuid": "c65461ab-2e0f-4134-808e-443739823906", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840963", "to_ids": false, "type": "text", "uuid": "8f3d5f61-c0a9-4f7f-9b03-3a72b3eb28e2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:34/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740840986", "uuid": "4653fc1d-cbec-4f93-a058-29733ec7bc6d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740840985", "to_ids": true, "type": "md5", "uuid": "48bd9279-c9db-4752-9328-1fed3c6162f4", "value": "576a8d969cf48418f1533c9996d76bc2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740840985", "to_ids": true, "type": "sha1", "uuid": "f693ad09-e7b5-4f39-a78a-7ab3447d28d9", "value": "88cf17c64b6067d4dcee0ccbeb4baa1922b160a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740840986", "to_ids": true, "type": "sha256", "uuid": "e2c203bd-2d0e-4063-9889-de4990fd93c2", "value": "5abd7ddb9a92ddf4ff7531924b0109be5bca8ca9b27877557a9a11beed7d58a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740840985", "to_ids": true, "type": "ssdeep", "uuid": "50b4137d-6dd1-41ae-bb26-e04a44e82377", "value": "12288:/Rx+5QJLosBZifgOFM0VuUBgw1+jWYd5TNY6QPSoeksHRJqpy4xVuOVII0V8g9kv:/XVBwfgOFDVNdIs6QPSEVTTISg+RfZnj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740840985", "to_ids": false, "type": "size-in-bytes", "uuid": "2f853ac9-1f27-4752-8185-8050b3173e37", "value": "842162" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740840985", "to_ids": true, "type": "vhash", "uuid": "9583f341-4f9c-4d94-a423-d21e903883c5", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740840985", "to_ids": true, "type": "filename", "uuid": "e6dee2e9-96c8-49f5-8058-61765d5fdcbe", "value": "576a8d969cf48418f1533c9996d76bc2.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740840985", "to_ids": false, "type": "text", "uuid": "22a22f26-4499-4f59-9f08-8a8683a82ada", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841007", "uuid": "cd296c78-d177-44ce-826d-3b1b4034c87c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841007", "to_ids": true, "type": "md5", "uuid": "62131b93-e65e-4f2d-94e6-af80d52bbe5e", "value": "23c74447b2ec39240068652e3f8ccd86", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841007", "to_ids": true, "type": "sha1", "uuid": "1202e0ab-6a25-4e88-b741-a364ae515e31", "value": "ae1330bab7f51e99f6c19d5618bd2205bccc5b73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841007", "to_ids": true, "type": "sha256", "uuid": "cc0470cd-257c-4cb5-83ad-86695ece38aa", "value": "cfdd916dd9632f9ef85985f23661346a6cbc5642d5eb719d8f1090f758c40fd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841006", "to_ids": true, "type": "ssdeep", "uuid": "0c8894b7-8804-428c-aa67-0f77d52c2f3a", "value": "98304:jGtK3Z1As+Zl+GKDdq/Dp9Gkp5CcZIOuo:jAslWGO5CcZd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841007", "to_ids": false, "type": "size-in-bytes", "uuid": "3a3ed885-9054-426f-863b-37fd238d2ec1", "value": "4538450" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841007", "to_ids": true, "type": "vhash", "uuid": "920e7b89-c501-458d-b347-8ef837e939fd", "value": "24c9953b4d33d516ec8a7ae530b66304" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841007", "to_ids": false, "type": "text", "uuid": "50ffd833-4c18-4bb3-9cff-f5f0fdacbac5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841029", "uuid": "285f3152-b290-4aa8-9781-ddd70c1b7ccf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841029", "to_ids": true, "type": "md5", "uuid": "ac28f69f-80e6-4e09-b0a6-0bcbfcb04030", "value": "d9f7b26a4749e1d08b576b8dc996bfae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841029", "to_ids": true, "type": "sha1", "uuid": "8e329b79-22a5-4081-a5d1-a9e2f8c33298", "value": "e59ab24f27fbd4802eccef4ef14255c16814485d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841029", "to_ids": true, "type": "sha256", "uuid": "e80a3532-39d3-401e-b590-4dd226fa1353", "value": "d8e4e42168d94bd43880f2539384e73d44be8f6981fd0a6dd3a43cbc0839ee02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841028", "to_ids": true, "type": "ssdeep", "uuid": "ebd37456-e23d-4763-a859-4942b93181a6", "value": "12288:7sObkDhw7ovRMG6KZNoRx+5QJ1pEieuEyTksniYf+3E2+5H2XsX2AZob:gAktl2G6KZWXrpEQnFf+3E2qWXsmAZq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841028", "to_ids": false, "type": "size-in-bytes", "uuid": "3c1fd272-6ba3-457d-a1dc-40122f11b930", "value": "763746" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841028", "to_ids": true, "type": "vhash", "uuid": "34579c4e-8f7a-4ac3-a6f9-6b945f79d876", "value": "1147c8e6d46527ea1b866dc1be63a4cf" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841028", "to_ids": false, "type": "text", "uuid": "f5c899a3-abcf-4711-a371-578651652c2f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA20\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841072", "uuid": "4cfcf9c1-099c-427a-af05-28ceef160e4e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841071", "to_ids": true, "type": "md5", "uuid": "be55d3b8-151e-416b-8e72-a6a5e6bda9ed", "value": "cb834af69372b62a04e560110c6a6bef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841071", "to_ids": true, "type": "sha1", "uuid": "f2c230da-3ef5-4c6b-bde2-50b8d98a740b", "value": "85d03fb0af199fe08001a1e0bd6a969270724449", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841072", "to_ids": true, "type": "sha256", "uuid": "63061fa2-d0b2-49f6-b6ed-0e68aca42f7d", "value": "e6ea920e9519cdf98a8d21cc644562133bceab2c5c4670c9dc11739ca4777262", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841071", "to_ids": true, "type": "ssdeep", "uuid": "0e4cea08-b8e5-47a0-b72a-0c155f0ed7ba", "value": "12288:i7ZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9cMVXb6fq02clmeFzSW6F:qZmPErHbcf/vJYsf5KUbV62cmIzSl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841071", "to_ids": false, "type": "size-in-bytes", "uuid": "56707215-1bb4-4303-9d15-e34869e3db0e", "value": "872233" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841071", "to_ids": true, "type": "vhash", "uuid": "6be44f27-abf2-4324-9287-71c8452800c2", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841071", "to_ids": true, "type": "filename", "uuid": "3cbaf6a9-1f08-40d9-b311-362f1d2c4f5c", "value": "cb834af69372b62a04e560110c6a6bef.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841071", "to_ids": false, "type": "text", "uuid": "b66a99b7-0d42-4d72-bc75-a68ba8ca3c84", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841093", "uuid": "16e44427-c1b6-4d91-a494-0b7adf9c8974", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841093", "to_ids": true, "type": "md5", "uuid": "cfb2fc47-7ecd-484b-b883-637870aa1c1a", "value": "6320f7a4fe66321fa0c6c70dd85b6c6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841093", "to_ids": true, "type": "sha1", "uuid": "447e364a-9d78-45c7-8e13-0ea98e6d84fc", "value": "4feca56e08310b5023e85dd83b4ab98cfd4df369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841093", "to_ids": true, "type": "sha256", "uuid": "58eec0f9-20b8-49be-b873-154d2d88406e", "value": "d267846727b681ed85eebaaa4f8c81139819d63ead2adda7da22569416cbae69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841093", "to_ids": true, "type": "ssdeep", "uuid": "7cefcb6a-7c87-4365-8e0c-a75dc357c89b", "value": "12288:CBOam1KPJMsw6cQL6knZosZzHGMjWf/HkITEGRZQ+a6QypgRj95otnpu7uJA:CBjfSswCL6knGsdjs/hNDQrb/uLuiy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841093", "to_ids": false, "type": "size-in-bytes", "uuid": "22b5f80b-faed-490e-bcdd-1f30da180cbb", "value": "780733" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841093", "to_ids": true, "type": "vhash", "uuid": "861819f0-381e-498e-8c51-bfb4c97c4598", "value": "700ae16ce2cc7b1695e4bb2b85c98f8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841093", "to_ids": true, "type": "filename", "uuid": "7b246364-73c3-4acc-b441-5adef0c2f208", "value": "6320f7a4fe66321fa0c6c70dd85b6c6e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841093", "to_ids": false, "type": "text", "uuid": "5366d763-acb9-48f5-943c-8950a0607504", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841115", "uuid": "115f0fc6-9217-4831-b5af-1d141308cc38", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841115", "to_ids": true, "type": "md5", "uuid": "be205cc9-1a09-4486-ace2-4c1ef7cbf686", "value": "6d14a088e2d93192d29c8c85d2e5dffc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841115", "to_ids": true, "type": "sha1", "uuid": "e8f05449-0f54-4977-be9f-ae8f7afae490", "value": "787af5eadb0cf27fe8436e654bbd7039249b51e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841115", "to_ids": true, "type": "sha256", "uuid": "4d0a47aa-421e-4e4f-aae1-ba059f3f9d37", "value": "90c57d8e45aefccbdd442decc2a62ea21bd660a93b494e4096c5704ac267fed0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841114", "to_ids": true, "type": "ssdeep", "uuid": "463d3c10-7cf0-4075-864d-8ebee44bfc42", "value": "6144:Y4b6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6tg:lButmuqjsT6a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841114", "to_ids": false, "type": "size-in-bytes", "uuid": "521feadf-5455-442c-8767-02f9a4aa4cf5", "value": "248466" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841114", "to_ids": true, "type": "vhash", "uuid": "2e38a6a7-5e25-4444-9555-c3488eb632c6", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841114", "to_ids": true, "type": "filename", "uuid": "4382a18c-8917-46e2-92c6-46ab6535f1ee", "value": "6d14a088e2d93192d29c8c85d2e5dffc.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841114", "to_ids": false, "type": "text", "uuid": "0cbb87be-eddd-45d9-9392-882fa49e374d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA41\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841136", "uuid": "a3af2bf0-1f92-4248-8e57-edaafd13db05", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841136", "to_ids": true, "type": "md5", "uuid": "e1b37e5b-148c-4c92-ac9c-92b4258baff4", "value": "5fd8881d78d359ed320a0283653fd94b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841136", "to_ids": true, "type": "sha1", "uuid": "41906d38-6a6a-4cbd-af57-6ef701d730ba", "value": "c7c6281b467e3a6d841e3d4d947f55d90779ebdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841136", "to_ids": true, "type": "sha256", "uuid": "7d78c306-0cae-4e05-aef4-bb50618e31a5", "value": "5b39ef1d6ae37649492ea6e19c6a7831805803eb463acb1f109ccd658df37dc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841136", "to_ids": true, "type": "ssdeep", "uuid": "3509919f-fa63-45b0-9dbf-8a8002b890fc", "value": "12288:QoZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9ByssaXPiJKWDxNKf/YQmyP/:VZmPErHbcf/vJYsf5KUtnXPdWDxWQLC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841136", "to_ids": false, "type": "size-in-bytes", "uuid": "c1e9d6da-dca4-468a-af6d-46850f7e3f7a", "value": "872817" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841136", "to_ids": true, "type": "vhash", "uuid": "ea396c46-ea4b-4a38-9895-494e76876488", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841136", "to_ids": true, "type": "filename", "uuid": "d0f41a13-2399-4fe3-ba2e-6e1d76a6731d", "value": "5fd8881d78d359ed320a0283653fd94b.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841136", "to_ids": false, "type": "text", "uuid": "b61ef296-0c79-4d03-97cd-08481d6098a6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841158", "uuid": "b8086d39-7b96-413e-bfc1-1617d81fbe9f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841158", "to_ids": true, "type": "md5", "uuid": "feea36b7-ad3b-47ae-95d4-9b23efb4885a", "value": "d4f3fa2b20bc984da3d6d978c241b9d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841158", "to_ids": true, "type": "sha1", "uuid": "42ed169e-707e-4def-9a32-f883af899f67", "value": "617329e7abbba813a8748fe22b5bdc0d7bd1e1c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841158", "to_ids": true, "type": "sha256", "uuid": "b9bceff1-51f5-4d57-b626-da7dfeeb89c5", "value": "314edb646594309242d595e2bf49c05a48969aafeb9c381106c55ba281bfbaf5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841157", "to_ids": true, "type": "ssdeep", "uuid": "4e3c5e30-2f42-48a8-aa67-31f737c7ffd9", "value": "12288:PxZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9oyssaXPiJKWDxNKf/YQmyPo:pZmPErHbcf/vJYsf5KU0nXPdWDxWQL9" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841157", "to_ids": false, "type": "size-in-bytes", "uuid": "0dc589e2-acad-4b89-bcf8-22089bc5594a", "value": "872867" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841157", "to_ids": true, "type": "vhash", "uuid": "5d49d150-ac57-4004-a47f-d3da1a6567e8", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841157", "to_ids": true, "type": "filename", "uuid": "8ce9401e-b191-4736-bf35-a7d2e1e653f2", "value": "d4f3fa2b20bc984da3d6d978c241b9d6.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841157", "to_ids": false, "type": "text", "uuid": "259e9b9c-c52e-4569-b01c-581d4801d85b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841180", "uuid": "7ec5d8c8-6018-40f1-8b25-f65df3f58c36", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841179", "to_ids": true, "type": "md5", "uuid": "eb7fab9d-ddae-4238-afc4-5990eaf0fcc8", "value": "30a6d6df12112cafdcc58a01bf7d8ee4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841179", "to_ids": true, "type": "sha1", "uuid": "5eeae586-9871-4832-9436-a44371b0cc02", "value": "c7e809a031c97ab1ddf4b0d1bd872152557bf4dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841180", "to_ids": true, "type": "sha256", "uuid": "aa80afdb-24f1-448d-b6ce-feeea43a5a2a", "value": "64412ac1ff5410e2093803a2459f62de53bc8207496af1171eab4d623ec3accf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841179", "to_ids": true, "type": "ssdeep", "uuid": "877a9c02-a9c8-4f35-b792-b836aa3ceca0", "value": "12288:vsZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9UMVXb6fq02clmeFzSW6y:0ZmPErHbcf/vJYsf5KUjV62cmIzSS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841179", "to_ids": false, "type": "size-in-bytes", "uuid": "d0c10c09-50b0-4474-8f79-b225caa85ffd", "value": "872225" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841179", "to_ids": true, "type": "vhash", "uuid": "4717c76f-a19b-497d-b805-204669975b6c", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841179", "to_ids": true, "type": "filename", "uuid": "d85cd691-800b-47a3-a1b0-1d5ae3d3fa85", "value": "30a6d6df12112cafdcc58a01bf7d8ee4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 07/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841179", "to_ids": false, "type": "text", "uuid": "86efbbab-f264-4a32-96d8-ceafb7698095", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:30/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841201", "uuid": "079ac7f6-37ed-48d8-8c83-22f3a52bcc15", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841201", "to_ids": true, "type": "md5", "uuid": "af6f02dc-4a88-414c-babb-1061fcbaef80", "value": "ed1a66bbd20c4dd746f1feeab0d9dbe0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841201", "to_ids": true, "type": "sha1", "uuid": "9670c98e-8842-4b12-8aa4-ae4e189c7627", "value": "a4307b9cd922d651a0da0153d9a43a5d1cb3e24b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841201", "to_ids": true, "type": "sha256", "uuid": "4ff796bc-db5f-41dc-8899-3152cf4fc4f5", "value": "966674cda1f3c421378f925d4a895f0a9e892dd8c544a738c767286b2f62a905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841200", "to_ids": true, "type": "ssdeep", "uuid": "2f46583e-811e-4841-9b59-b6f2e9c4a37d", "value": "6144:9b6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6tc:1ButmuqjsT6O" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841200", "to_ids": false, "type": "size-in-bytes", "uuid": "26841417-7e49-4e65-9941-7b438cc2a1cc", "value": "248475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841200", "to_ids": true, "type": "vhash", "uuid": "5ff7a337-0408-4949-bd84-807558dce5d3", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841200", "to_ids": true, "type": "filename", "uuid": "7fce71a1-5e95-4f41-ac6c-45c162af4e75", "value": "ed1a66bbd20c4dd746f1feeab0d9dbe0.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841200", "to_ids": false, "type": "text", "uuid": "d4f7c258-997a-46b4-b396-331f8ccd05ae", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA41\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841224", "uuid": "0826a1ac-0b10-4e16-ba0b-ff2ead46418e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841224", "to_ids": true, "type": "md5", "uuid": "9aa52ebb-33cc-43c3-b3e2-a2a3cbd1a5f0", "value": "9e3307bfb5e55250e131b83ce4ae6fda", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841224", "to_ids": true, "type": "sha1", "uuid": "de90e39a-912b-4f32-acd0-7514e3c5a59d", "value": "8477808664f5976a751c4516c6ec5cf5d9a5a7cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841224", "to_ids": true, "type": "sha256", "uuid": "946c8aa7-d538-40a0-80cd-0d4032900c62", "value": "03ae0b0b8e1bc96b0e64691da3de7a7e2462f3d13ddcce1a9987e49d348ae5f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841223", "to_ids": true, "type": "ssdeep", "uuid": "217848f3-04b7-4822-ae93-e224a52f38a3", "value": "6144:kb6eUuPq9LH7Rq45NmAfzRQrA7OZvsT6tHI:EButmuqjsT6W" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841223", "to_ids": false, "type": "size-in-bytes", "uuid": "71e8589b-ad9a-4f6b-9218-5d38ee2aee49", "value": "248472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841223", "to_ids": true, "type": "vhash", "uuid": "5d5d2362-a23c-40f7-a022-e9b7bcacd40d", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841223", "to_ids": true, "type": "filename", "uuid": "2505a88f-47c0-4c7e-b41a-63ce4f9fd2b8", "value": "9e3307bfb5e55250e131b83ce4ae6fda.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841223", "to_ids": false, "type": "text", "uuid": "9f850ce1-400b-4b15-9ea3-09c4d94fd1b0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841246", "uuid": "34996ef5-2ba5-4178-b881-90e5e8f3db80", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841245", "to_ids": true, "type": "md5", "uuid": "3c7afee4-d72b-43b7-9905-380767d8bfef", "value": "0d775cfc8f2662725c17dabeb6dc0f82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841246", "to_ids": true, "type": "sha1", "uuid": "6e6a880a-3a8b-4faa-b98a-9a445d2dcfb2", "value": "d5842b06cedd65dc848bec8e6719d64124149547", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841246", "to_ids": true, "type": "sha256", "uuid": "752bdb5b-1aa5-4c5f-b13a-02a552a5877a", "value": "c755e054c858983a11717366d90aeece6f44d21914ecf2a765f4fdbe766a370d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841245", "to_ids": true, "type": "ssdeep", "uuid": "549f905c-1607-462f-88e3-3d6e4b96a38c", "value": "12288:L9ZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9nyssaXPiJKWDxNKf/YQmyPS:RZmPErHbcf/vJYsf5KUnnXPdWDxWQLj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841245", "to_ids": false, "type": "size-in-bytes", "uuid": "5ac4a04e-5c2b-4ee4-b54d-8fd491ab7f94", "value": "872866" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841245", "to_ids": true, "type": "vhash", "uuid": "de7e94fe-ca53-4a74-97cd-e47c189c2ef7", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841245", "to_ids": true, "type": "filename", "uuid": "18092203-f566-4aee-b79d-a4d825db2a4e", "value": "0d775cfc8f2662725c17dabeb6dc0f82.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841245", "to_ids": false, "type": "text", "uuid": "374fb4d3-0a8f-4352-a415-21b9da059212", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841267", "uuid": "8300ea22-6d9c-43dc-b376-66e261529e7c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841267", "to_ids": true, "type": "md5", "uuid": "a2ee468c-e32e-478d-955a-ea74bd1d7add", "value": "008c4d3681250c63f7607b940d53b3f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841267", "to_ids": true, "type": "sha1", "uuid": "927df04d-2a27-40de-b367-eb6b33444910", "value": "b74a41df31e0acf900d3d391571e783f49a64e0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841267", "to_ids": true, "type": "sha256", "uuid": "3bf1491a-620a-4693-8125-87277b7d2b05", "value": "03f09e91deb35e9eb4902fab7b7490a9784112b83fb4df8beaa147a128230ba1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841267", "to_ids": true, "type": "ssdeep", "uuid": "bdf3f92f-0621-45b7-8e92-24af0ea5a31f", "value": "6144:5m7uJzFnU3N62lYbuNjUB2gYjzzDkrWMuspmLvtsUkQUvjEt:5lz0c2ld0s/Ip4V4vjEt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841267", "to_ids": false, "type": "size-in-bytes", "uuid": "0c59ddd6-a124-4798-8659-09247ae29fdf", "value": "248137" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841267", "to_ids": true, "type": "vhash", "uuid": "9ad19593-9c0f-45db-a025-a99bcae57e30", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841267", "to_ids": true, "type": "filename", "uuid": "e5332142-5cfe-4e7b-bfe7-d2542616c3b3", "value": "008c4d3681250c63f7607b940d53b3f7.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 14/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841267", "to_ids": false, "type": "text", "uuid": "a2a56b64-fc32-451c-ad37-86db9c5afcc0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841289", "uuid": "6e57cdd5-fd7b-4d01-9f34-ba9e219d016d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841289", "to_ids": true, "type": "md5", "uuid": "9785434f-8191-40b8-aaa4-c88be28801f7", "value": "d18dea34e8111ce03c1318c5f6faa039", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841289", "to_ids": true, "type": "sha1", "uuid": "3c18b98c-c6d2-4716-aaab-a370bcc627da", "value": "98fe94b436b295ee812a53884729349a02432e9b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841289", "to_ids": true, "type": "sha256", "uuid": "27dd9743-a26e-4c04-8e4c-b6c028ddc929", "value": "3033e8cabbbcabc804f57f272d7af4d6427a123451fc8af3e477ead8fbd9fb61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841288", "to_ids": true, "type": "ssdeep", "uuid": "ee018a13-dc30-48c3-86f6-ef7df8345302", "value": "6144:d07uJzFnU3N62lYbuNjUB2gYjzzDkrWMuspmLvtsUkQUvjEb:dLz0c2ld0s/Ip4V4vjEb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841288", "to_ids": false, "type": "size-in-bytes", "uuid": "d6362c7e-641c-47c8-8edf-1f9b62f6ebc2", "value": "248137" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841288", "to_ids": true, "type": "vhash", "uuid": "0359fbef-4770-446b-a4a0-f0d611aa7147", "value": "37398ac0746a2429af7f3ceeae2a86cd" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841288", "to_ids": true, "type": "filename", "uuid": "9cb8dd65-b938-4a3e-9ac4-2019aaa4af74", "value": "d18dea34e8111ce03c1318c5f6faa039.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841288", "to_ids": false, "type": "text", "uuid": "11441581-a302-4f40-a5ea-bd0979c02f4e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841311", "uuid": "4ab8f10b-5036-4a54-bfaf-00959326e6dc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841310", "to_ids": true, "type": "md5", "uuid": "ffa8eefb-d1e2-4358-b07e-9c59d3776036", "value": "bc015eebb569394e1f8cb1223126b030", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841311", "to_ids": true, "type": "sha1", "uuid": "297c909d-433f-4fc4-b5b1-129595d7b46f", "value": "ad6a490df62a3e776ce8c41e6e9fa45d86f35444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841311", "to_ids": true, "type": "sha256", "uuid": "cd1b5fbb-eebd-4363-8bdc-25fd0fa9c8e2", "value": "95d27476407528568b99855f5550708eeb93e5a0fd916aeaa03304230d28d33f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841310", "to_ids": true, "type": "ssdeep", "uuid": "7f506ced-311a-409a-ae5e-dcacc30ec195", "value": "24576:KZmPErHbcf/vJYsf5KUUBzgHbUqkaB4IUwvB:KumQf2x8bFka1Uwp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841310", "to_ids": false, "type": "size-in-bytes", "uuid": "aeefca66-bbf9-4cdd-be33-ef2e46961e60", "value": "867620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841310", "to_ids": true, "type": "vhash", "uuid": "4670cd07-4800-40a8-a7ea-7205a8feaf36", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841310", "to_ids": true, "type": "filename", "uuid": "bff742d5-3d4a-48e5-9628-7529a7a5cf1b", "value": "bc015eebb569394e1f8cb1223126b030.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841310", "to_ids": false, "type": "text", "uuid": "2da1bd88-f1e1-4f8c-9af3-1a5612cc08dd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841333", "uuid": "4ed81a4c-0c6e-44eb-ac1b-90a1bc43e20e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841332", "to_ids": true, "type": "md5", "uuid": "9094c52a-79b7-4e50-bdb6-d09d4f36d19f", "value": "26e5f3ded0820fe7270b5dd304061129", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841332", "to_ids": true, "type": "sha1", "uuid": "4155cb31-20b3-415a-b16a-bc604e6dae62", "value": "01cfe5b403fed07c18425f2bea24575c72f95548", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841333", "to_ids": true, "type": "sha256", "uuid": "4a062d93-13ad-42a0-ad6d-0ba7733e9ae4", "value": "e74ec47f68ddb4ddbc40d9b71de245268d651bad64f722ee7581d097f2e4f631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841332", "to_ids": true, "type": "ssdeep", "uuid": "cf0822e3-f71a-489b-9404-a8cd6b8c6f5c", "value": "24576:VZmPErHbcf/vJYsf5KUOBzgHbUqkaB4IUwva:VumQf4x8bFka1Uwi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841332", "to_ids": false, "type": "size-in-bytes", "uuid": "0aa3baa9-561e-4510-a579-a741c72bdfe4", "value": "867631" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841332", "to_ids": true, "type": "vhash", "uuid": "68167b01-461f-4a76-ae26-467654d7c1f1", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841332", "to_ids": true, "type": "filename", "uuid": "239910ec-e9e0-4331-bde7-6c4f09c09a56", "value": "26e5f3ded0820fe7270b5dd304061129.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841332", "to_ids": false, "type": "text", "uuid": "0e3e51ee-a57d-401a-b484-1da1db3cccb5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841359", "uuid": "d70f18aa-c99b-49bf-b1ec-7bd9d2e7e630", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841359", "to_ids": true, "type": "md5", "uuid": "890b8833-1d05-4f33-9151-5c646fbb156c", "value": "89a744627c186fc0695ece85bcf87815", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841359", "to_ids": true, "type": "sha1", "uuid": "e78c7b7f-c964-4ffc-8e97-33ce8f496406", "value": "375466aba3dd1bbbad5ede67e64e01d62f01b90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841359", "to_ids": true, "type": "sha256", "uuid": "9a31f9cc-81d9-4f00-8497-08cc5fa644f2", "value": "a58ec64e7f10d8dd751281f6fb2adbf84c57e38245a80cb064dcb8629a417ae2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841358", "to_ids": true, "type": "ssdeep", "uuid": "aed6978c-64ca-4f72-b451-8603d3ea4df0", "value": "24576:eZmPErHbcf/vJYsf5KUGBzgHbUqkaB4IUwva:eumQfAx8bFka1Uwy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841358", "to_ids": false, "type": "size-in-bytes", "uuid": "fa9c33a4-c6d1-4bf1-8057-76dbf4a40141", "value": "867621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841358", "to_ids": true, "type": "vhash", "uuid": "483a7389-ee1a-4582-b731-0fc7e063ec41", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841358", "to_ids": true, "type": "filename", "uuid": "6f6c5ef5-0f9d-46cf-aea0-14dcaab0cbc3", "value": "89a744627c186fc0695ece85bcf87815.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841358", "to_ids": false, "type": "text", "uuid": "1f6dbb60-3367-4e75-a4dc-51c60976c596", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841381", "uuid": "92bcd302-56ad-44ba-bb79-9ace4c0ed4f6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841380", "to_ids": true, "type": "md5", "uuid": "3ca5b5cc-a037-4021-bc83-5f157c8392ac", "value": "f8689e419f244548b206b6ee6e4bfa29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841380", "to_ids": true, "type": "sha1", "uuid": "8c898c68-607d-4a41-a477-b16db77b01ee", "value": "4e713ea6b6d825f38910c02339fb5410aa1c74d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841381", "to_ids": true, "type": "sha256", "uuid": "838062f4-fc49-49a1-b93c-a182cb409a7d", "value": "5100cf381d7cc1c6c1781730e325fa7669c8090a4492faff317611de5535af53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841380", "to_ids": true, "type": "ssdeep", "uuid": "159f307b-7d80-46ca-9f07-32847b46fac3", "value": "24576:4ZmPErHbcf/vJYsf5KUHBzgHbUqkaB4IUwv3:4umQf5x8bFka1UwP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841380", "to_ids": false, "type": "size-in-bytes", "uuid": "f7612987-038b-4bf8-855d-bc1bf75b704a", "value": "867620" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841380", "to_ids": true, "type": "vhash", "uuid": "17313501-2785-473c-82e4-c8543290b3d2", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841380", "to_ids": true, "type": "filename", "uuid": "0bf30fb8-52b8-4229-969d-095946303e3b", "value": "f8689e419f244548b206b6ee6e4bfa29.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841380", "to_ids": false, "type": "text", "uuid": "efa7c471-be0a-497a-9225-f3a0da19182d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841402", "uuid": "ba453b25-d8e7-4b81-b747-d3bc6ffb28d4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841402", "to_ids": true, "type": "md5", "uuid": "6468105f-09d3-4619-ada3-119177b9356d", "value": "5fa7e85aecf41e95b8bb6515ffda6234", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841402", "to_ids": true, "type": "sha1", "uuid": "f8ac5fcc-d288-4eea-a7a7-ac441916674c", "value": "67677a9d358aab98519a70ab038fc65eb8636793", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841402", "to_ids": true, "type": "sha256", "uuid": "f758a5f0-8b55-40e2-8d3c-33a54a492f69", "value": "0fa15bb2135747426e30242137f67b4264d760d21d3533dfafd883c3acea2ce5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841402", "to_ids": true, "type": "ssdeep", "uuid": "311373ff-ba88-4e10-8d2c-10f265841411", "value": "24576:DNZmPErHbcf/vJYsf5KUI3Gp4Rgz3gr71s:DNumQfB4RgzQra" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841402", "to_ids": false, "type": "size-in-bytes", "uuid": "7890cecd-3aca-4bf6-a6fc-60e08798a777", "value": "872472" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841402", "to_ids": true, "type": "vhash", "uuid": "89ea68c7-530b-4f31-b891-fd223f6b8eda", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841402", "to_ids": true, "type": "filename", "uuid": "53ff884b-9ceb-400e-9a79-f8422cded2ae", "value": "5fa7e85aecf41e95b8bb6515ffda6234.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841402", "to_ids": false, "type": "text", "uuid": "2e597924-f794-41c7-831a-4f2c9916c2bd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841424", "uuid": "1e8f9489-5689-4e67-bf9c-5a62aac2f110", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841424", "to_ids": true, "type": "md5", "uuid": "bbf48d75-959b-4e85-95c2-8f323718888d", "value": "6fffce1535bb321a8c996c0a1655148c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841424", "to_ids": true, "type": "sha1", "uuid": "f8b63b23-3aeb-4f3c-b613-ccf6b7092979", "value": "25fd220364b0fd934ef7abaa875dfbe9de5a479a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841424", "to_ids": true, "type": "sha256", "uuid": "a7c5e584-1902-474e-903b-ddc823467f0c", "value": "577743f605667b38a21af07dca20d16b946df84fb0b6e01068663cb0022739c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841423", "to_ids": true, "type": "ssdeep", "uuid": "97219659-37b3-4ec4-9af0-63d93adae088", "value": "24576:uZmPErHbcf/vJYsf5KUonYpKSfL+dapzFyL8:uumQfrpr+OzcL8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841423", "to_ids": false, "type": "size-in-bytes", "uuid": "26efb2f6-a90b-4e1a-b057-e6016634bfe0", "value": "872833" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841423", "to_ids": true, "type": "vhash", "uuid": "40c69432-3330-41cb-a905-959e93566e78", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841423", "to_ids": true, "type": "filename", "uuid": "d2937b02-4b8b-4926-99ad-0d8d4e153652", "value": "6fffce1535bb321a8c996c0a1655148c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841423", "to_ids": false, "type": "text", "uuid": "db6e35dc-8fc5-49f5-bc65-2a7f7022dd73", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841446", "uuid": "e2d68941-7506-46f7-9279-fd3745fd0088", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841445", "to_ids": true, "type": "md5", "uuid": "d39e8e68-3d9e-4180-a16a-2b985e8abad0", "value": "0946f64adda83a9cf16401db2958b249", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841445", "to_ids": true, "type": "sha1", "uuid": "09e4cdf4-1a92-4445-9e9a-d90b7a9dce14", "value": "426fd64ca556db1173bcf9159daf6d6274f88f2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841446", "to_ids": true, "type": "sha256", "uuid": "18daa268-cd1c-452a-bfa4-dbba9de8c637", "value": "7133b1418415981c05aac309f9dd5e4d5b5504a43bdbaa197383e667e0df0d7e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841445", "to_ids": true, "type": "ssdeep", "uuid": "76f497e4-be68-4f7b-917a-e8fff7db5c1f", "value": "196608:EZ9vXkzUjKBqTVRG6xPA2IiZcFz6APFb1:wXk4gqZDA8uBh1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841445", "to_ids": false, "type": "size-in-bytes", "uuid": "1c48997c-4d53-4851-88ff-0988d04d44d6", "value": "7061271" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841445", "to_ids": true, "type": "vhash", "uuid": "b022473a-baae-4f66-875a-80361932892c", "value": "53301e620e41f7b0f61f5f619aff9950" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841445", "to_ids": true, "type": "filename", "uuid": "dbb80e8e-dd31-46bd-a388-1dbd70f7aaf9", "value": "0946f64adda83a9cf16401db2958b249.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841445", "to_ids": false, "type": "text", "uuid": "b5d7ca02-9c98-4424-bd53-86fe28092924", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841467", "uuid": "84b4e639-bf35-42ed-ba98-a784e0988ef8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841467", "to_ids": true, "type": "md5", "uuid": "3d487f6a-6a5c-4967-ad77-b33e6f149b39", "value": "130519a13516d8926eed8a8d9b4ea033", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841467", "to_ids": true, "type": "sha1", "uuid": "d9eab486-4f4b-4fc3-a972-e996cf0ba58f", "value": "84af6b460ac8d9d25ea084c37768404d48198234", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841467", "to_ids": true, "type": "sha256", "uuid": "610f362e-5a8f-4e25-9873-837fc653bf80", "value": "8f4e8c80cc99bd61e37f29137cfa6189808db58bc74eebb4b56d1060f7edaf84", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841466", "to_ids": true, "type": "ssdeep", "uuid": "289109dd-c5ff-4c1a-b587-457e15b265d6", "value": "24576:6PZmPErHbcf/vJYsf5KU8gjlXaVInvPqOZl+Qw0:6PumQfdN4QvbB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841466", "to_ids": false, "type": "size-in-bytes", "uuid": "873d43e3-12b8-4d5d-9f98-85a99c8e2aba", "value": "872394" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841466", "to_ids": true, "type": "vhash", "uuid": "72362dfe-cc06-41e6-991c-be40b83c4521", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841467", "to_ids": true, "type": "filename", "uuid": "7c42b022-07af-4547-bba6-be6bd869a0bf", "value": "130519a13516d8926eed8a8d9b4ea033.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841467", "to_ids": false, "type": "text", "uuid": "6c50f576-4749-47b0-9fca-f50dac5f7456", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAD7\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841489", "uuid": "12565803-3ba8-4a87-8ba9-ab45cc7e195d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841488", "to_ids": true, "type": "md5", "uuid": "8d751499-5aa0-4fcd-ab6e-25950763f2d7", "value": "ec7eadd14ef978b00c6993a5096e8583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841488", "to_ids": true, "type": "sha1", "uuid": "6689be62-6f0b-403a-aead-7ad31074737b", "value": "6abb105fb449bfdf7170a1d9dd8b8f564b1f269e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841489", "to_ids": true, "type": "sha256", "uuid": "27abd2e4-0136-42ed-9065-5e255e38fb83", "value": "ec1d6a77cd49b7ede70059424c5d18991557d2713235535a1502eca29b0dc4f6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841488", "to_ids": true, "type": "ssdeep", "uuid": "27f1c5ad-5c4b-4229-84b8-d7bb92aee0b2", "value": "24576:rZmPErHbcf/vJYsf5KUpnYpKSfL+dapzFyLa:rumQfwpr+OzcLa" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841488", "to_ids": false, "type": "size-in-bytes", "uuid": "f6e8769a-8445-4148-8e68-1ddede1b67dd", "value": "872842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841488", "to_ids": true, "type": "vhash", "uuid": "aa77703a-1587-4a0f-844c-df854b5757b7", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841488", "to_ids": true, "type": "filename", "uuid": "a22ab6c6-14f7-4ef4-a6cc-941a8a4f8fd2", "value": "ec7eadd14ef978b00c6993a5096e8583.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841488", "to_ids": false, "type": "text", "uuid": "f84e2421-9123-4474-87c4-da57fbecf44f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/Glodegl.A\nVT Total Detection:29/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841510", "uuid": "98f135a3-638f-466e-b283-92012bfd5c33", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841510", "to_ids": true, "type": "md5", "uuid": "6c43be70-94f3-44c8-8f15-d83edff32260", "value": "ea4336201d00710b2011ebfaf1c92801", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841510", "to_ids": true, "type": "sha1", "uuid": "20c31b51-8db3-49f3-9326-026787fcf97e", "value": "ebad4351528c89dbc43b178da59a812e5561fbca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841510", "to_ids": true, "type": "sha256", "uuid": "08f7cfe7-b985-4637-90a9-d3851f13223b", "value": "2f4b85b6dfb42a5ab90300be46bf727fd2f376e4f8c63a950b86e0482b273b48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841510", "to_ids": true, "type": "ssdeep", "uuid": "440ebed5-915b-4dc6-b6e2-fb37127a500c", "value": "49152:jwqDdlW99o4DAKFvxUtbx3MNNfmxLd/u44zeNjai:jwqDkC4DAai5xcNNfYuXCNOi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841510", "to_ids": false, "type": "size-in-bytes", "uuid": "532f40db-831b-48d2-b695-4d53e86ee0e5", "value": "2261148" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841510", "to_ids": true, "type": "filename", "uuid": "9439aba3-e9c9-4e22-b138-e4440b712baf", "value": "ea4336201d00710b2011ebfaf1c92801.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841510", "to_ids": false, "type": "text", "uuid": "49249f7d-237e-404a-aa19-82eeeba016d7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841532", "uuid": "4c30651d-dc93-4bac-9dd5-c614e0b706ec", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841531", "to_ids": true, "type": "md5", "uuid": "1ab6348e-b648-4989-ba19-aa998bbe5323", "value": "0bf0b4cca8cfb644856da77a5c241be3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841532", "to_ids": true, "type": "sha1", "uuid": "92f64491-ae22-4813-933a-e78d7e2e99bf", "value": "153f9272effe3432ec895d8dc0493621bebe43e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841532", "to_ids": true, "type": "sha256", "uuid": "dff23cfe-4824-49ff-8ac9-12bd962fc111", "value": "3106315581935610fd6f6dc446b0c86d496763fa52ed4b1093150031620cdabc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841531", "to_ids": true, "type": "ssdeep", "uuid": "5f273887-8fe8-40c3-be75-1ba21c35e8ea", "value": "6144:CW4p4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxb2:CRmf+vRrdmFOBwoFgLgPeqyuGC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841531", "to_ids": false, "type": "size-in-bytes", "uuid": "16eaaa9b-8e7f-4657-b4f5-1c87c8b43a69", "value": "365635" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841531", "to_ids": true, "type": "vhash", "uuid": "fa2189dd-e295-4cbd-ba02-c090be2836c4", "value": "4479a21fd3cad7da01d38d25735575f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841531", "to_ids": true, "type": "filename", "uuid": "5658372a-ca4b-4cea-9c70-8cf7cb27b6fc", "value": "0bf0b4cca8cfb644856da77a5c241be3.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841531", "to_ids": false, "type": "text", "uuid": "17becfb8-372e-400d-8931-314cd9033f18", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841553", "uuid": "8a4aa8a9-1ea1-41dd-85ae-a9269a4798ac", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841553", "to_ids": true, "type": "md5", "uuid": "3a034a33-6522-43e2-af25-9185771f47cb", "value": "318fbb887ce296224625c79960f78fe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841553", "to_ids": true, "type": "sha1", "uuid": "4dd24fb6-7edc-442b-9d65-964f54e15f28", "value": "dc088bcceae0668806ace46c7a0927b85d08ef22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841553", "to_ids": true, "type": "sha256", "uuid": "2c31a3f7-9d2e-4950-a893-40819d0f3fc9", "value": "8db4f32864eacb1099b73b0dba245193cc88a1df60c4a3a6a14e02977bf042be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841552", "to_ids": true, "type": "ssdeep", "uuid": "9ec5e0de-7965-44e8-9ca5-bd92451a0710", "value": "196608:dPemnN6eMqQ7jXv+xkJ5c42v18c0FHYW3uD7J:dP7nDMtXWxkJCnv18lBjuD7J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841552", "to_ids": false, "type": "size-in-bytes", "uuid": "6b01ce09-3855-4655-923d-39aa74cfe5b3", "value": "6840626" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841553", "to_ids": true, "type": "vhash", "uuid": "bb32823d-ca1e-490d-b756-69d99afcf99b", "value": "8ac5f44f0354b8bd988265932da51439" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841553", "to_ids": false, "type": "text", "uuid": "ba6f606f-35e8-4011-9f32-32a34f1bdaa5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA2A\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841575", "uuid": "10b0b124-4ce2-492a-ae82-8ecbfdd9c1d7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841574", "to_ids": true, "type": "md5", "uuid": "ba7b6ebd-57a6-4242-ae7e-5d0513cdbd70", "value": "fc2c765e561fc2c2c4ef1fd68a12c5b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841575", "to_ids": true, "type": "sha1", "uuid": "91fb7427-1d99-47cf-a2f0-aa74254109b7", "value": "52898556b1c26f3c3723bee4d911f1d704e59012", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841575", "to_ids": true, "type": "sha256", "uuid": "6d403da2-6ac7-489c-8002-5a5ff7b1f4a7", "value": "bb23d65ffca983d26d88e3b8dd51c7c4fb180843001d34e16f083a448f955d8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841574", "to_ids": true, "type": "ssdeep", "uuid": "aca49ae6-f19a-4685-8f31-3e3285b5a84e", "value": "98304:TK0JpD4Kj2p6WEKMpO0TzliMdK+Z6ecuHa6KPYy8ibQh6uv:hsjqDHliMtkecp6Q8P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841574", "to_ids": false, "type": "size-in-bytes", "uuid": "28974fe6-bf54-49db-b81d-a1365c1d5054", "value": "3369186" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841574", "to_ids": true, "type": "vhash", "uuid": "f4a63657-fea8-4fa0-ba1c-97deac3da09b", "value": "a993ab764c3320a430eabcbfebca899b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841574", "to_ids": false, "type": "text", "uuid": "4c4e8aed-550f-4613-9149-6392536e597e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841596", "uuid": "4e75fd03-c154-435e-b391-2535c0da76b8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841596", "to_ids": true, "type": "md5", "uuid": "1fa3f90a-b7eb-4775-93be-11429a01bf0f", "value": "6b1a02d91bab36cf129cd1057c825ebb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841596", "to_ids": true, "type": "sha1", "uuid": "e9baef58-8aff-4b66-b464-ad4b180d03b3", "value": "f4b44fc9fd7ab38409b459944ec7ecd56ad3625b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841596", "to_ids": true, "type": "sha256", "uuid": "0b095462-b453-484a-9d56-79233eede1eb", "value": "7591fa4d81612837818c6a390619c18356e1fec26edd15bbb506f0ed45d01361", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841596", "to_ids": true, "type": "ssdeep", "uuid": "afa39824-dad4-4c68-a54e-79a01e31a8aa", "value": "24576:lZmPErHbcf/vJYsf5KUCPa0zpCv2dGLf0K+XJ:lumQf/upRwLEXJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841596", "to_ids": false, "type": "size-in-bytes", "uuid": "bdd2f10b-2511-40f8-a3c4-52d6aa0fc313", "value": "872357" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841596", "to_ids": true, "type": "vhash", "uuid": "56a19b9c-8291-464a-aa6b-37e3caa65e8f", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841596", "to_ids": true, "type": "filename", "uuid": "b1553444-5f51-4b44-9f11-ce209377ccd8", "value": "6b1a02d91bab36cf129cd1057c825ebb.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841596", "to_ids": false, "type": "text", "uuid": "092c4d6e-615e-46ad-8832-803d1fcc8e26", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841618", "uuid": "d89f9865-e9bd-4e8a-9bcc-9da3513c2285", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841617", "to_ids": true, "type": "md5", "uuid": "22f72c61-2c58-4117-bde6-893afb2b3a9d", "value": "71e820b8f58c2c6105805f4cbc57fa39", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841618", "to_ids": true, "type": "sha1", "uuid": "ed466499-4015-48ae-b483-0b69268570c3", "value": "b0daa921d0f49d7e69f515fcdcdc278582420838", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841618", "to_ids": true, "type": "sha256", "uuid": "79c9cc03-4639-4684-af38-8a144aabc6e8", "value": "0befdfe35c9ad459a54152ab135b4aacb9f86d6f30122db56fffc3139a49397b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841617", "to_ids": true, "type": "ssdeep", "uuid": "33a821d4-efcb-4bf0-a909-691e5e97901e", "value": "24576:LZmPErHbcf/vJYsf5KUnPa0zpCv2dGLf0K+H1:LumQfMupRwLEH1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841617", "to_ids": false, "type": "size-in-bytes", "uuid": "dc041b83-d2dc-43b0-bebe-2cae490ad2a5", "value": "872348" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841617", "to_ids": true, "type": "vhash", "uuid": "ce41937b-da62-4bfb-a22b-a4ffd5e91dfe", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841617", "to_ids": true, "type": "filename", "uuid": "63fddc61-6de4-4aca-9015-c05dacdca18d", "value": "71e820b8f58c2c6105805f4cbc57fa39.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841617", "to_ids": false, "type": "text", "uuid": "13d83947-6b82-4137-aa30-a70344a43eb4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841639", "uuid": "eb50f7d6-b833-4e1f-9601-dd11f7e3d85f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841639", "to_ids": true, "type": "md5", "uuid": "abe4e223-6e0f-4fc9-9acd-7f2977471fd5", "value": "490a5e0483388e9f6425babac603e948", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841639", "to_ids": true, "type": "sha1", "uuid": "8d009c0f-dd7e-4851-ad12-ac973eea88de", "value": "3251602552a34248bcb5b12ec41a797c0ee3f12d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841639", "to_ids": true, "type": "sha256", "uuid": "65c19be3-6b17-42d5-a760-675f0117a472", "value": "458e7a4663b4a9c7d6bbcbebac4ba918eeec688a5a87ccfd9a64bad5a5ae1f1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841639", "to_ids": true, "type": "ssdeep", "uuid": "c7399f10-abfc-455c-86b0-0209da2f8e2b", "value": "24576:QZmPErHbcf/vJYsf5KUwIhkvAVgCIc2Hihg:QumQf6IhB6DChg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841639", "to_ids": false, "type": "size-in-bytes", "uuid": "3e3e41a1-49d1-4210-bf75-3d4a36e67033", "value": "871918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841639", "to_ids": true, "type": "vhash", "uuid": "f1b048a2-802b-4372-8adb-b40662930640", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841639", "to_ids": true, "type": "filename", "uuid": "aa003b95-5035-4a4e-888c-3f81c3953379", "value": "490a5e0483388e9f6425babac603e948.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841639", "to_ids": false, "type": "text", "uuid": "6b12ca02-f45c-43dd-9241-cfc06b102b05", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841661", "uuid": "62927c62-514c-4105-a780-08c62c6a7e58", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841660", "to_ids": true, "type": "md5", "uuid": "8e3fa1fe-4eb9-42b2-8b75-9d73449e9e7e", "value": "517517ef41dfe2f3509c72bf320e3299", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841661", "to_ids": true, "type": "sha1", "uuid": "863997bc-e3f9-4b3f-9fea-f42e4ea7985c", "value": "ba46c85efd5415cbb501972483690f221764d9e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841661", "to_ids": true, "type": "sha256", "uuid": "4fd71159-718c-4bd2-b293-789a0bc21fa4", "value": "d72c7e35919edb3fd6a7904a77ee6a30dc061b9619ffc81714ef7b8e77e168e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841660", "to_ids": true, "type": "ssdeep", "uuid": "1b6ad2ac-c799-479d-b05d-245219039dd9", "value": "12288:3Rx+5QJQdsBZifgOFM0VuUBgw1+jSCddI13iMoVGSGc5aPdnVyfSadI/AXnv8//:3XXBwfgOFDVNdoc3iM0lgAQ/Mc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841660", "to_ids": false, "type": "size-in-bytes", "uuid": "21a88a71-0e2e-4f0f-962c-edbbf96db4f3", "value": "876142" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841660", "to_ids": true, "type": "vhash", "uuid": "ee0834c1-5282-45bf-a906-81e052238ad0", "value": "858f44c09176116f208249bc1c3c08d3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841660", "to_ids": false, "type": "text", "uuid": "d56edb55-46cc-4871-9f56-bbdbd5d00463", "value": "GoldenEagle\r\nType Description: Android\nNone\nMicrosoft: None\nVT Total Detection:23/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841683", "uuid": "9a1d000f-5787-4bca-83ad-81e4714742fa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841682", "to_ids": true, "type": "md5", "uuid": "5ff0b8c1-68c3-4f43-b380-d5a104b32b13", "value": "0bcf82182de931f0f9e2a0cb4df94be2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841682", "to_ids": true, "type": "sha1", "uuid": "d403feb3-34ff-4994-acb4-43696556a15a", "value": "a1d2940b319dd73daa37a495955589ae30bf3446", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841683", "to_ids": true, "type": "sha256", "uuid": "db966423-3ec2-44f6-b8b1-c30e747dfd92", "value": "6ae3d4f3c5ecac293b39357f2eabcfb45ef96b3213927e6df24aeee8d4a3a631", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841682", "to_ids": true, "type": "ssdeep", "uuid": "fa2b7f37-7282-45c5-977e-f0d2d2cc9677", "value": "24576:fNVhMlrA16NFAayKXK2P+N7yC241hzNK3HMALI/4CFMFi:fNVhj6Tz6s+Zh1hz03f84CFMFi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841682", "to_ids": false, "type": "size-in-bytes", "uuid": "2fd1e245-edf8-46cb-ae2c-bb54ef4fc46e", "value": "1069140" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841682", "to_ids": true, "type": "vhash", "uuid": "e34700df-66a0-4459-9cd3-01b9d6c27044", "value": "63d58347964c442971bb5c12c8d7cb41" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841682", "to_ids": false, "type": "text", "uuid": "2cd49946-1705-46c2-81cb-4dbeb14f8f42", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Occamy.C37\nVT Total Detection:33/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841704", "uuid": "1e484d26-f0f5-4f4d-a130-a32446fdc794", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841704", "to_ids": true, "type": "md5", "uuid": "5cd03cf0-b73d-4297-8875-ba8a697f45a9", "value": "c433314544792fbf7224511c41c950da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841704", "to_ids": true, "type": "sha1", "uuid": "af6efda1-7caf-4db4-9aaa-b00802a67bd8", "value": "6f91882247213b6cde85f9c7c26da448777c39c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841704", "to_ids": true, "type": "sha256", "uuid": "d27e5242-1258-4dcd-b3eb-2cd8caa3f986", "value": "b66d858cb4e81e63b6956d8f77601e039e5e224e409e75f2ee23ef7ad7251fd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841703", "to_ids": true, "type": "ssdeep", "uuid": "3e20c1f1-f212-4b1f-a57e-f152a2ca1dfb", "value": "24576:XZmPErHbcf/vJYsf5KUaDF82vjsZ/WxkCpSJ:XumQfoDPvjhC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841703", "to_ids": false, "type": "size-in-bytes", "uuid": "9cf039a3-d69c-4b2d-9f23-14040f9fb59d", "value": "869076" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841703", "to_ids": true, "type": "vhash", "uuid": "f4c7996b-dd4b-47dc-bbbe-7cc7cb97a404", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841703", "to_ids": true, "type": "filename", "uuid": "75e8df03-307f-422d-8440-9da93b41fdc1", "value": "c433314544792fbf7224511c41c950da.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841703", "to_ids": false, "type": "text", "uuid": "a892fccc-9158-4260-8cdc-c1a401882009", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAC9\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841726", "uuid": "066df333-232d-4b65-823a-d81ba0f6ef09", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841725", "to_ids": true, "type": "md5", "uuid": "74ef3b29-0c73-4812-bf5c-a3700ea4ca78", "value": "3ad010d4bfb10526fc1ab84898bcf395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841725", "to_ids": true, "type": "sha1", "uuid": "e182df05-6864-4d33-86bb-4db72d36d36d", "value": "b40d1d7919a1392308c9559e2a4756886602a495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841726", "to_ids": true, "type": "sha256", "uuid": "55e9f0c7-3ac6-4823-b075-dc4c3cd67b95", "value": "817476d1a18fa9d0b857f55f8dcae2489ad3adce76f3a9b854d84151f40c77d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841725", "to_ids": true, "type": "ssdeep", "uuid": "5b8a6c7a-3f5b-4d6a-b38e-b4e485e0c9e3", "value": "24576:8ZmPErHbcf/vJYsf5KUADF82vjsZ/WxkCpSX:8umQfCDPvjhQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841725", "to_ids": false, "type": "size-in-bytes", "uuid": "01e57e8f-f46f-4040-8e6c-b8a60965ae7b", "value": "869064" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841725", "to_ids": true, "type": "vhash", "uuid": "21430938-12ab-4e50-a0cf-faa8df8a1a2c", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841725", "to_ids": true, "type": "filename", "uuid": "2069fc58-8bb3-42dc-acac-26e63f9e673e", "value": "3ad010d4bfb10526fc1ab84898bcf395.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841725", "to_ids": false, "type": "text", "uuid": "b9b0cedb-f3ff-421e-b7a3-5fc08ed41217", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAC9\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841748", "uuid": "931b2b26-1fa9-4b9c-9c10-f7e5cdb37acf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841747", "to_ids": true, "type": "md5", "uuid": "1d314622-4308-4f10-ade3-50ed88374ffb", "value": "4cd91c57cee58a7b880496ddf4daef08", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841748", "to_ids": true, "type": "sha1", "uuid": "159f6d98-e812-4203-b07d-35d986e00884", "value": "1663b53f5e177d6b99918a3a226fba137ab76a33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841748", "to_ids": true, "type": "sha256", "uuid": "0370c07a-4fd0-463a-9dc4-0fe5377d5019", "value": "51dcd3d6415fae605d5ccebc944264a40c4a857d40a0db9171ff8989dc093ca5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841747", "to_ids": true, "type": "ssdeep", "uuid": "e218f319-b9f3-4906-80e3-a473c4577e45", "value": "24576:QZmPErHbcf/vJYsf5KU0MgBSZHbBNIz6PM6E:QumQfTZ7B26PO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841747", "to_ids": false, "type": "size-in-bytes", "uuid": "127985ca-33cc-4ed3-956d-0fd2dddceeb1", "value": "869022" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841747", "to_ids": true, "type": "vhash", "uuid": "1ead7fde-5957-4ddb-976e-384a6e48effd", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841747", "to_ids": true, "type": "filename", "uuid": "2c16b5c8-8d92-416f-812c-386e96d8e9f3", "value": "4cd91c57cee58a7b880496ddf4daef08.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841747", "to_ids": false, "type": "text", "uuid": "b3c306d6-6fbf-4e24-aad8-a1eba7a4e0aa", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA7F\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841769", "uuid": "0ded6bc9-da86-451d-b241-5d3b600e44dc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841769", "to_ids": true, "type": "md5", "uuid": "0cb4fba1-8d4a-4d4a-9a96-0809e2a9b259", "value": "c51a52148f8f8ba514bb425112dcec4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841769", "to_ids": true, "type": "sha1", "uuid": "86c36cb5-1e61-417a-9117-321eb0e355a0", "value": "cf7d81f513d258c97b91ed97b3c9a81e688ff6fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841769", "to_ids": true, "type": "sha256", "uuid": "444d2978-784a-4fd2-9506-d486136da2fb", "value": "17209734bd3f64ef47f56737119b6c91abe163804b0b2b6d677d11490627c56a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841769", "to_ids": true, "type": "ssdeep", "uuid": "d48bcda8-8515-40bc-812c-762209eab55e", "value": "24576:7ZmPErHbcf/vJYsf5KU2MgBSZHbBNIz6PM6v:7umQf5Z7B26PJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841769", "to_ids": false, "type": "size-in-bytes", "uuid": "606d012b-86f8-4100-90d3-95b7359341a0", "value": "869034" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841769", "to_ids": true, "type": "vhash", "uuid": "525001fd-ca60-4be8-8def-448ef65078eb", "value": "8e9007030b0319f7234ce3dc84c9d475" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841769", "to_ids": true, "type": "filename", "uuid": "a9c32776-da28-4a2e-b19d-fc9b67176de5", "value": "c51a52148f8f8ba514bb425112dcec4c.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 26/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841769", "to_ids": false, "type": "text", "uuid": "2e04b982-f4ab-45b2-bd72-20aba68e885b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841791", "uuid": "8f16cf24-7369-4c31-8aab-07f298368850", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841791", "to_ids": true, "type": "md5", "uuid": "10c32ca0-a174-4691-8ec3-46d0d81a2bfc", "value": "80002f6fd06c481ea34a2262c4ca38ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841791", "to_ids": true, "type": "sha1", "uuid": "2e762e59-9ff5-4ad9-bf7c-99551fc6985a", "value": "ffd3ba9e0cb8e789b9a72a3b6f7b5fa97d50ac5b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841791", "to_ids": true, "type": "sha256", "uuid": "d444d49e-7cca-4358-a6cc-c01538d6d29c", "value": "e9aa4fe90c2f8d73d2864475b2279c4f2baa0581377ed3060d5fa2010e5240b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841790", "to_ids": true, "type": "ssdeep", "uuid": "036e0eac-8b5d-4e3f-9f08-6fa7fd8b525b", "value": "196608:UOv0BQh+wonHRhM60LM5xM7A3PrKJxEM0Me:UOv0OhT8xb0AM0WJn0Me" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841790", "to_ids": false, "type": "size-in-bytes", "uuid": "874dc482-13b9-406a-a707-e44886d42a50", "value": "7700653" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841790", "to_ids": true, "type": "vhash", "uuid": "1ca9f253-b23d-4db5-af45-128974ee9dfe", "value": "b9dc411cf9b4152bcbe77a35aef1fc84" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841790", "to_ids": true, "type": "filename", "uuid": "05aa989e-4b31-428a-a5c8-8a9472097d03", "value": "80002f6fd06c481ea34a2262c4ca38ae.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 19/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841790", "to_ids": false, "type": "text", "uuid": "2ef21ce3-3104-4179-a411-5be160c18d58", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841812", "uuid": "56b05a72-9b88-481f-909c-ca0031b3c4e9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841812", "to_ids": true, "type": "md5", "uuid": "26287071-c69a-4e64-9873-a8d0176e2439", "value": "06d4ee0009cac497fd336a665ccda3aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841812", "to_ids": true, "type": "sha1", "uuid": "76d66a5c-5a83-4ff9-82e7-a92fc8cc16a2", "value": "e4b0c4a1e7747c4b1c25655f839089291f08cff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841812", "to_ids": true, "type": "sha256", "uuid": "949a40a6-5c0c-430f-bbb9-9b62d5568d66", "value": "d4a32118a5bbefa5478b6f7c42557c5cf86ce66db34b7aee9bc5acec4472b6b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841812", "to_ids": true, "type": "ssdeep", "uuid": "d15b5ca9-a906-4c94-af31-e984080fe346", "value": "196608:NE8VhnktFvSPemnN6eMqQ7jXv+xkJ5c4W0h:NE8V5QFvSP7nDMtXWxkJCqh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841812", "to_ids": false, "type": "size-in-bytes", "uuid": "49219e72-3340-4566-b7b6-2be14747d035", "value": "6841999" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841812", "to_ids": true, "type": "vhash", "uuid": "95555444-fc7f-4a3a-88c9-f7025e72bd34", "value": "ac49f228a43fc193ef2c29ad2116f264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841812", "to_ids": true, "type": "filename", "uuid": "f9b19473-51e1-41c5-a744-7ce44362089d", "value": "06d4ee0009cac497fd336a665ccda3aa.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841812", "to_ids": false, "type": "text", "uuid": "c5606d19-91ce-4858-85ab-169dca2320f4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841834", "uuid": "709f3965-cc98-421b-bbcf-c9a816213a4f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841834", "to_ids": true, "type": "md5", "uuid": "06056033-84c7-4511-a0ae-3a4f3a18eb7f", "value": "e4efa2c4a1048df897315d5a616a21e4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841834", "to_ids": true, "type": "sha1", "uuid": "0f2d95fb-cbd9-48ba-bb1c-1be4adc9bfb9", "value": "7b5ae2450fff2fcaf14757cbdad11f85fa6ee751", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841834", "to_ids": true, "type": "sha256", "uuid": "f1096508-d1c9-4af6-802e-2d1bd352a48b", "value": "6b4a861c65d8413307b05b32ea1073e6eb8212d68f3c19b64d81a6c7aebd8d82", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841833", "to_ids": true, "type": "ssdeep", "uuid": "398f13db-1b66-418f-9384-0e653d99ff72", "value": "12288:Mv1zJqMTPOxt0XyNEj+2/PP3AJmWLYex8aHt:M9yxqXfjR/PoJdLYe7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841833", "to_ids": false, "type": "size-in-bytes", "uuid": "b1723c92-681c-4949-a8b4-97b0910bb580", "value": "438511" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841833", "to_ids": true, "type": "vhash", "uuid": "f404fe0d-96d6-4197-b9ae-7e704c88f479", "value": "97c387314c068632458831731fe02393" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841833", "to_ids": true, "type": "filename", "uuid": "63dedd97-5441-4277-b5c1-4f277029dba5", "value": "e4efa2c4a1048df897315d5a616a21e4.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841833", "to_ids": false, "type": "text", "uuid": "f3c7bae6-12a2-4858-b6a1-87af4e788074", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841855", "uuid": "d73e9ea0-2651-481f-ac65-927b291feaf4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841855", "to_ids": true, "type": "md5", "uuid": "776f5d41-4906-4637-abfe-56fae8e998bb", "value": "f6f38b003ff31e4057a67756c9081d35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841855", "to_ids": true, "type": "sha1", "uuid": "8bb33ce3-0a1e-41df-9036-6e8580c4aa2e", "value": "d39971e3e55195dc23132cb10d1da6ee188ee458", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841855", "to_ids": true, "type": "sha256", "uuid": "0a8b12d4-7b50-49f9-84c0-83bfaabfe19b", "value": "6da440d41b2f9b3d0faa8bf249106d5386ad92b68749f84c85717f2728aa5633", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841855", "to_ids": true, "type": "ssdeep", "uuid": "d8fa92a1-246d-408c-9d35-8eec739291ee", "value": "6144:p3wiy5GemR3zEeuMIS68s6iYUgKeJh4Wbkjvfw53Nmc0VqYOfhZJ4F0v1eYug4:qiy5GemRTI8E8hLkjv4mc0GhNv174" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841855", "to_ids": false, "type": "size-in-bytes", "uuid": "af4a1544-22de-4db4-9b63-0f6449fcef66", "value": "449191" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841855", "to_ids": true, "type": "vhash", "uuid": "d408ae84-1c12-4a1c-84f0-609fddff5fe0", "value": "f3bc21a342f9246f1f8438f3af228e3e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841855", "to_ids": true, "type": "filename", "uuid": "700b57f9-590a-47c7-b0fe-f877dba445ba", "value": "f6f38b003ff31e4057a67756c9081d35.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841855", "to_ids": false, "type": "text", "uuid": "8d860abc-5abc-46f5-9740-6aef3eca69da", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841877", "uuid": "16ad8f7a-312f-4e20-8bc4-33c6c0231ed9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841877", "to_ids": true, "type": "md5", "uuid": "79ade43e-12a4-4dcb-aa32-94c56926b8fe", "value": "cca67ac9cf571fa2f284179a231ab1de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841877", "to_ids": true, "type": "sha1", "uuid": "1f460bc5-6f48-4cba-a67e-e9c21bde3a6e", "value": "17c728f072f57417e6b764b89d6cb149e3956dc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841877", "to_ids": true, "type": "sha256", "uuid": "a957ffea-3c01-48e6-bd40-b5d632f74ff9", "value": "7bc77454623d8eda5d56de7cf8c6820b7767363cf347d8d3675b89f8e5866c18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841876", "to_ids": true, "type": "ssdeep", "uuid": "dc67d5a2-ba16-4335-9028-359780262cdb", "value": "6144:Fv1eY93wKHID1xbt8GMFF9gdwX9PLmC//NkvVIwYEKdUW183j29MVjO7jk63othR:Fv1YRxxbt/sIU9dAIn1Oj2kj843Hx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841876", "to_ids": false, "type": "size-in-bytes", "uuid": "4577c782-cc47-45aa-9a65-f5baeab1d7f8", "value": "442832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841876", "to_ids": true, "type": "vhash", "uuid": "83ff8417-8780-4149-826b-5b619d10ba23", "value": "97c387314c068632458831731fe02393" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841876", "to_ids": true, "type": "filename", "uuid": "448b38f6-f2d6-42bb-b692-f0d9945d308b", "value": "cca67ac9cf571fa2f284179a231ab1de.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841876", "to_ids": false, "type": "text", "uuid": "44548174-bb5e-4445-a825-e8a52aaa7ba1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841899", "uuid": "6f3c9c0d-51a8-44e9-9191-c2ce6ef83f78", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841898", "to_ids": true, "type": "md5", "uuid": "2b9adbcc-e703-407c-99be-db458b388290", "value": "29dc4847ccb9d49ba11fd770b7661094", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841898", "to_ids": true, "type": "sha1", "uuid": "bd59f87d-c53d-4e4a-920c-dc0c9272f735", "value": "578689b394f9f6f1e99bb5928b6bc96ace4c0498", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841899", "to_ids": true, "type": "sha256", "uuid": "cc4882f7-ac8e-40a6-bb06-5e2be1f12e49", "value": "fd4a4646c8758472aa71bb4d49c84d18fa8e9593eafac54689125abf99c10243", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841898", "to_ids": true, "type": "ssdeep", "uuid": "0719ea20-f574-4090-a8fa-6eadefe71802", "value": "12288:Zv1qnZdZeZNZ5ZxJFF9n+tw0WrCmPhOvW3LXl:Z9c7sDfXDn+vkXl" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841898", "to_ids": false, "type": "size-in-bytes", "uuid": "f49e4405-17d2-4830-90bf-eab3d136114b", "value": "461053" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841898", "to_ids": true, "type": "vhash", "uuid": "3a751ab4-409c-4563-9aeb-a28da9b58010", "value": "97c387314c068632458831731fe02393" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841898", "to_ids": true, "type": "filename", "uuid": "723d2e76-6694-4d0f-af7b-a70f5632c7cb", "value": "29dc4847ccb9d49ba11fd770b7661094.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/09/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841898", "to_ids": false, "type": "text", "uuid": "2a2ae366-1fc6-4c54-a03a-d02beb722425", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841920", "uuid": "7839c863-f24c-4451-b5d6-306406aafa0a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841920", "to_ids": true, "type": "md5", "uuid": "f7f3f10d-9bf0-4f14-92f5-024df4f12448", "value": "192d2419b5383ea751e14b0e4d6f059e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841920", "to_ids": true, "type": "sha1", "uuid": "f91da431-0471-4245-a7b9-9470cf8cd59f", "value": "a62e131399287bdbfa477770776ab4e293ded9d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841920", "to_ids": true, "type": "sha256", "uuid": "f2c86305-7a2e-4e7c-a26c-668a127807b0", "value": "8eeeeb411c28a1edf2fd829f87e93ac3472d213a2a591c742bd76547a6b83ea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841919", "to_ids": true, "type": "ssdeep", "uuid": "0589aa01-047c-4513-beab-a158fecc0a12", "value": "24576:T6NFJVhMlrAQ/XuNK3HwFyUaJDPLJotyxO0UBwfgOFDVNd9:T6pVhOe03wFzaFPFo3rGfgAx1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841919", "to_ids": false, "type": "size-in-bytes", "uuid": "42513be1-eb56-4d94-b6b0-9ba3d02d74d2", "value": "1144908" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841919", "to_ids": true, "type": "vhash", "uuid": "98663545-2f3b-487b-ae88-3e313dafed3e", "value": "63d58347964c442971bb5c12c8d7cb41" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841919", "to_ids": true, "type": "filename", "uuid": "e3708066-d621-4d1e-8cd1-18fc05b6321a", "value": "192d2419b5383ea751e14b0e4d6f059e.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841919", "to_ids": false, "type": "text", "uuid": "e41be6c9-b2db-4153-aea9-a67107e4baf2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841942", "uuid": "0d91d908-844f-4f18-80a1-45de1bfdea43", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841941", "to_ids": true, "type": "md5", "uuid": "f10e7ed4-5df3-458f-a292-e21e61f3fcfc", "value": "187b7865f6d1315c6116dc5a26d1cb50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841941", "to_ids": true, "type": "sha1", "uuid": "8d29e4e5-9919-4a0e-bd24-c0351a329711", "value": "820615e51440db2c68d05a70dbd478969777238a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841942", "to_ids": true, "type": "sha256", "uuid": "aacc5b89-5f7b-4d6e-9113-710b155ac558", "value": "ffcd46e9181682e5113a936e57803fd26ea52bc8b0b123ff4860063238ee9959", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841941", "to_ids": true, "type": "ssdeep", "uuid": "b48da4ef-b09d-4505-bbc0-4c482f789706", "value": "12288:RjJOouAePPnlfOO4FOxSX7d7oN/uW+FVAUtuxibsFN:9QXhtO7KSi/m67xibmN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841941", "to_ids": false, "type": "size-in-bytes", "uuid": "903f6569-3ca8-453e-b1b4-e61e2fae9807", "value": "484845" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841941", "to_ids": true, "type": "vhash", "uuid": "390fc854-bd9a-434d-95de-65209cefa6ca", "value": "06a07b1a50e9f18244ade165820b26c0" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841941", "to_ids": false, "type": "text", "uuid": "865e10d0-cb5a-402b-8326-fabbd5962718", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841963", "uuid": "c1632968-2f14-4bc4-9fe7-ec13900e1a32", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841963", "to_ids": true, "type": "md5", "uuid": "48616992-98c1-446d-9420-e7e2f6c7b6a4", "value": "af8577927ef6ff5da5dc79255d76ba90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841963", "to_ids": true, "type": "sha1", "uuid": "5eab317c-682a-4082-9510-40959365f315", "value": "a06b9b8fff7c336b4035ce36a5244b775460a190", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841963", "to_ids": true, "type": "sha256", "uuid": "874f1686-c52b-4ad7-b876-91e89ec533d7", "value": "88627d7e18c8fbf4f0021dde6669298b61dffb86a5e3e9ae2ebc202bf755b729", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841962", "to_ids": true, "type": "ssdeep", "uuid": "eab2815b-ec9f-48c9-8d4e-05935e4efcd3", "value": "24576:M6NFcVhMlrAX/XDNK3HcAktl2G6KsKySOfgORwRwONO0:M68Vh9T03BkH22sKCINv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841962", "to_ids": false, "type": "size-in-bytes", "uuid": "64a829ec-6e3e-4cce-bbb8-a5b86013bf68", "value": "1062207" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841962", "to_ids": true, "type": "vhash", "uuid": "805fe8a6-73ce-4db0-860e-0968a5fc066a", "value": "63d58347964c442971bb5c12c8d7cb41" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841962", "to_ids": false, "type": "text", "uuid": "10649845-2e47-444d-8e82-c176fe520d9d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA73\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740841984", "uuid": "5bd31252-495d-49cb-adb1-62c932f086c6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740841984", "to_ids": true, "type": "md5", "uuid": "f3d93ea1-bf8f-4c30-b5b9-0762a5946a9f", "value": "197d7c49d925253dee7c0436de514610", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740841984", "to_ids": true, "type": "sha1", "uuid": "538cb7fb-4549-4ea6-9842-15f4f372f79f", "value": "9bd1004ed6168e40f83353073e1394fef1807ae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740841984", "to_ids": true, "type": "sha256", "uuid": "491c563f-7073-4375-8cce-3d18bce35b29", "value": "994e987fcbb8ef4a6b11112d51f4000fcc4abed749d7bf520ee0430ddaf8dedd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740841984", "to_ids": true, "type": "ssdeep", "uuid": "75fc0a0c-fb3d-4a60-8bdc-72103ba37955", "value": "98304:f+LSVH1VGTUqZ5mkm9NJiBE9Y6MqOsU1ZmxDtQOuyUgw7nPAUGZ4+sLdm:f+LSVVoTUdDJiB0O1uQyz4nm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740841984", "to_ids": false, "type": "size-in-bytes", "uuid": "0da4a25b-279d-4407-a9fd-6608d250d361", "value": "5625154" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740841984", "to_ids": true, "type": "vhash", "uuid": "f1ab019c-db4f-43a5-8ebb-8a7b2d6f0222", "value": "bd91f308452c0cbca92607e501c5c93f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740841984", "to_ids": true, "type": "filename", "uuid": "53124abc-2b95-4c7e-a61e-21f7700d882a", "value": "sample2.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 04/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740841984", "to_ids": false, "type": "text", "uuid": "359d068a-7df8-41e2-9234-b5bd8fbde1e3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842006", "uuid": "8728c83c-50e7-4e50-bc86-5fd874b88d46", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842006", "to_ids": true, "type": "md5", "uuid": "5cd18732-d2c4-403b-b4e5-7d8ef087c43a", "value": "f186de4321e27f682f216251841147a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842006", "to_ids": true, "type": "sha1", "uuid": "7465bba4-0c2f-4bb0-a780-c9eee8ce51d8", "value": "2aaaa3cb3169c2e8aa37d8375981c6ee487db1fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842006", "to_ids": true, "type": "sha256", "uuid": "7ac2b676-10cd-42de-a559-3cd2055dab7f", "value": "4d6e4bc17a81488a68de3a72800d2aca0ab23908f1db1f102d43abf969d16a4b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842005", "to_ids": true, "type": "ssdeep", "uuid": "4f6db916-8a8a-4352-b81a-fdd3c4919485", "value": "98304:HlM5lKHJ+T16HF42zsxmNRYAMUjUvAkv3d3rAhZ7OnY:Ng6H+2zsJAMUjwJt3rAhZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842005", "to_ids": false, "type": "size-in-bytes", "uuid": "6ac1f132-96ea-42c4-ba46-4c45062a24e9", "value": "4922552" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842005", "to_ids": true, "type": "vhash", "uuid": "c93563d1-2c64-471e-922e-a859d002722d", "value": "9491b2af01739168a3ae91107b9694ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842005", "to_ids": true, "type": "filename", "uuid": "a717e976-46a2-43b7-8076-83f995fa1b50", "value": "filename" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842005", "to_ids": false, "type": "text", "uuid": "eea29d56-7cc0-4a17-8bdf-65b6c0f318ab", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842028", "uuid": "4b3af352-55b8-45ee-89d1-85f6389604a8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842027", "to_ids": true, "type": "md5", "uuid": "e952f686-43f8-4fea-af29-870607c5128c", "value": "cd1b5b20828d225137f7f3c3e500e8c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842027", "to_ids": true, "type": "sha1", "uuid": "ff056da8-2552-4959-9ed6-f0f0f5f3d2d3", "value": "457d4f69fd718e74d37218df81bbb409eb0d226e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842028", "to_ids": true, "type": "sha256", "uuid": "875ffe00-8d1c-4ea9-83e8-fd97bf7de325", "value": "8bf6680732f7997784db76f3e8fb4643333e24141642ede5c1d3e26a93327cd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842027", "to_ids": true, "type": "ssdeep", "uuid": "58f55307-416e-4b1d-b4a7-d64269bb42d3", "value": "49152:Kl/3rayomH0lGWQh1iTL3xrhc9uVvrbM9DJWkchH4XtFCKg2JW:kMVlG71GL33bv6QzhH4DTgj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842027", "to_ids": false, "type": "size-in-bytes", "uuid": "2cebd52c-045d-400e-86ae-8da477230697", "value": "1661619" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842027", "to_ids": true, "type": "vhash", "uuid": "bfa121ad-e60c-4555-aa53-bff498b809bc", "value": "f71ed60fcd4374fd6c550c79fe9b3ea7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842027", "to_ids": true, "type": "filename", "uuid": "52c89699-4ef9-445a-97f3-d90ad239390e", "value": "filename" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842027", "to_ids": false, "type": "text", "uuid": "255b0045-cddf-422e-b9b1-5c7e8ba6bccd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:35/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842049", "uuid": "d9d446aa-0615-46fc-ad29-bed942d91b84", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842049", "to_ids": true, "type": "md5", "uuid": "e20cdbbd-147c-4ea6-9411-0de1c5be277b", "value": "f28077d67c2d592255a55e3468af1058", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842049", "to_ids": true, "type": "sha1", "uuid": "30f9a2dc-65e9-4383-9771-3320d1b30968", "value": "3f36f6cc62283d7cbfd1df8680592fdf205bf7ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842049", "to_ids": true, "type": "sha256", "uuid": "697dc766-5359-44d8-8420-98929bfd8259", "value": "44c65114dad7e6312696e1c882f610ba9b48e0314ab3cfc78d43a8ae6960bea7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842049", "to_ids": true, "type": "ssdeep", "uuid": "bdc49caf-1f95-4908-a99d-9a77438a65b4", "value": "98304:7YM5lK3JwYTL7s/5pYQO1QwIaoM+U4WbByGAOXu4XBVVR7aZI0kVEiCyjcPFGBIP:IO+8sDIYZyZOe4vVFLjc0MURuIaB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842049", "to_ids": false, "type": "size-in-bytes", "uuid": "9dd61d25-4945-4fa5-a427-5588b334d778", "value": "6539798" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842049", "to_ids": true, "type": "vhash", "uuid": "282e463c-7faf-4167-899d-2299ad1516ca", "value": "9491b2af01739168a3ae91107b9694ba" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842049", "to_ids": true, "type": "filename", "uuid": "66365dfa-0032-4d1e-9357-6f37a5821266", "value": "filename" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842049", "to_ids": false, "type": "text", "uuid": "6a6786b6-5760-4d0b-b06a-8feb95c4116c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842071", "uuid": "330f1e9f-f08c-438a-be66-83a64b81e1a7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842070", "to_ids": true, "type": "md5", "uuid": "6a58b628-86e9-4702-8e61-149cf5e8d89d", "value": "55cbf2e20c0c623d3a2df503cdb64ac5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842071", "to_ids": true, "type": "sha1", "uuid": "0729f139-dbde-4af4-962b-15cdecf073ea", "value": "5578f62352d2624335e855838309e2e80f55a791", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842071", "to_ids": true, "type": "sha256", "uuid": "0b4a0555-0eb2-4546-9ba3-ebef6fcae4a9", "value": "0d07ad06e39ebcdd6200c21e553d060f4950788415d9c02a1c13b46d8ef1006c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842070", "to_ids": true, "type": "ssdeep", "uuid": "f7149f98-9ead-49b0-996f-cfd9a04c4d25", "value": "98304:MkBl/wIexLCMvQtE8453xLOdEOdTxi9tD6gKXPKMEle5Ltkqpon8edfH3pwxdh:Ml7GMZ5hid/TMW1EoLmSe8ehw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842070", "to_ids": false, "type": "size-in-bytes", "uuid": "14d9f749-8325-44b5-a51d-042309bf200f", "value": "7324555" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842070", "to_ids": true, "type": "vhash", "uuid": "3e9a4602-c040-406d-b34a-e715f30548a7", "value": "b45f2899720d9bcf5421d4ad0e0f11f2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842070", "to_ids": true, "type": "filename", "uuid": "262c21ed-aaab-487a-b8d3-57ed34dcb8c0", "value": "55cbf2e20c0c623d3a2df503cdb64ac5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842070", "to_ids": false, "type": "text", "uuid": "c2409a62-9c41-41b9-aaea-f25f3eff2106", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842092", "uuid": "b6f05a2a-67e0-4be9-ba3a-705cd875c60d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842092", "to_ids": true, "type": "md5", "uuid": "5c1ba8f4-cb28-45a2-8946-bc723773b80c", "value": "81b8e60913bfb541a8c8dce40a1b2ac6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842092", "to_ids": true, "type": "sha1", "uuid": "d5f64ebd-bc82-4fdb-a14f-45a112f25545", "value": "9fd7d811bcd57fe589176f75426cf93a53a9b898", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842092", "to_ids": true, "type": "sha256", "uuid": "eb9084c4-d291-4200-b0ad-21df15bf324d", "value": "18552b3b943ba64d89ce136f3dfd195cd597a6900f2eab438506e14d9fe21781", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842092", "to_ids": true, "type": "ssdeep", "uuid": "df9476f2-0432-4443-869e-1ac2f3acad21", "value": "49152:Tjyg7undAODBan8gEqJTlcxFswTzrUbmZzK+H7mCn:T9Kn90NHdlIaMfUSZvHn" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842092", "to_ids": false, "type": "size-in-bytes", "uuid": "ac9b307f-8a89-4a49-a44b-8163ea512d21", "value": "1846926" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842092", "to_ids": true, "type": "vhash", "uuid": "5d66fced-88b6-47ec-93b2-4ae937a34fb8", "value": "822c40e759c3484d3ca6ad6c959773a9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842092", "to_ids": false, "type": "text", "uuid": "87b0350d-e431-4804-b1cc-2cabb8890b86", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/JSmsHider.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842114", "uuid": "194afa73-f05a-43fa-9da9-f3ca42083560", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842114", "to_ids": true, "type": "md5", "uuid": "46962d07-04e3-4001-a937-c6eb9742a625", "value": "12ae509ed782d8b6ac518faa8cbef82d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842114", "to_ids": true, "type": "sha1", "uuid": "43df9e7c-3473-47b4-8dc9-fb9440e6849f", "value": "1ce10de70e64660eb3e0173b8c97e7d2c2cd4fad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842114", "to_ids": true, "type": "sha256", "uuid": "2cd30550-b2fa-4c50-86d9-f68d43f69a2a", "value": "80728804a7548dc76dcb191f266b43eedf0de9dae156e66193f72254b03a5213", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842113", "to_ids": true, "type": "ssdeep", "uuid": "aa4e4646-d002-4513-943d-f2e1ed700dc3", "value": "768:aybxRhkKmHFN4xTu+FqFc/B/kCs1TE1AKMsO0sw0BAepyZQOBCy:aehkKoFcTudF2MCcsAKoxmepyZPz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842113", "to_ids": false, "type": "size-in-bytes", "uuid": "85ad55a4-6ccb-492a-bebb-a7193eede083", "value": "44900" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842113", "to_ids": true, "type": "vhash", "uuid": "adfa74a7-1f15-40ee-b7f2-d50cda486093", "value": "19a0f2e0f9206afb83601e27b3875a71" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842113", "to_ids": false, "type": "text", "uuid": "b064f73f-a15b-4646-9076-e7910b2bb4ba", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:12/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842135", "uuid": "f8eb8033-a170-42f2-a3ed-469d7ff9ee9d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842135", "to_ids": true, "type": "md5", "uuid": "696ad0dd-8fa7-406f-9ff0-cb699430bd0c", "value": "92f5231fb880fc46934f17be1ece6ee5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842135", "to_ids": true, "type": "sha1", "uuid": "7343d304-31ce-4244-86dc-b1311812b858", "value": "b87556541a19a560f874d7a8a594243f7c3fcaad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842135", "to_ids": true, "type": "sha256", "uuid": "b90b4392-26a1-4a58-94c1-e88a3583f5f3", "value": "967092b8c867d6abbeb88b84393f3abafd812b2cfff620eab5e49d0b0fff0e0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842135", "to_ids": true, "type": "ssdeep", "uuid": "04e3eaaf-2a94-4bd4-bf43-f7962efe04cf", "value": "49152:2Pn2+49U/5WLLiaDLQNGSmvhUj+R73Gtf4V5hq3:SnY65ZyUj+93GapM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842135", "to_ids": false, "type": "size-in-bytes", "uuid": "98eac2f4-6ab1-4942-9d14-8f0b16ad6703", "value": "2283449" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842135", "to_ids": true, "type": "vhash", "uuid": "37640531-4b2c-4a0a-8586-0c62b6607425", "value": "a2ca79d04ba2e6bdbeeca8b5179af3ba" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842135", "to_ids": false, "type": "text", "uuid": "8890d71e-bfad-4de6-af03-35234fd32d62", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842157", "uuid": "f77aefc8-9b96-41ac-91c3-792f4ffb0daa", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842157", "to_ids": true, "type": "md5", "uuid": "c2550c64-f2a6-4997-80fb-d912b922f8fa", "value": "adc1dd7d842074841904fb040cfd917a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842157", "to_ids": true, "type": "sha1", "uuid": "0f0e4711-bbf3-4f0c-aa7b-e7e33398dd3a", "value": "8410c29c9df95799c5ce57fc39a85c2397eacfcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842157", "to_ids": true, "type": "sha256", "uuid": "a0bb83d6-8765-42f5-8968-f931765255bf", "value": "8e41c6b3b43464aaff3941d0a8c865c1b94a01bc9e6d6ef3b394c326c2744650", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842156", "to_ids": true, "type": "ssdeep", "uuid": "5b8528a6-7248-4659-9573-1f467a42bfe0", "value": "49152:jwqDdlp99o4DxKFvxUtbx3MNNfmxLd/u44zeNjai:jwqDPC4Dxai5xcNNfYuXCNOi" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842156", "to_ids": false, "type": "size-in-bytes", "uuid": "29a3c49c-b94e-4125-ab00-84c506741988", "value": "2261148" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842156", "to_ids": true, "type": "vhash", "uuid": "85ad201d-95ef-41b4-a1b9-d42f84e2dfe8", "value": "09f35a9cf3c1523ad6815a6760a3576f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842156", "to_ids": false, "type": "text", "uuid": "4421971f-c715-480d-ba37-4c1fbb808e4a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842178", "uuid": "14e816fa-a9db-4600-b7e8-8ad10321c468", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842178", "to_ids": true, "type": "md5", "uuid": "28f9be17-d3ef-4c0f-9d66-937bd801cbc6", "value": "81f1e081996c79878864d247a7d8f1e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842178", "to_ids": true, "type": "sha1", "uuid": "94e3b7dd-381a-4a45-99fb-d71b8a292c49", "value": "4df2b7fc56e2ec1a54b14f67e0dd32db05596d62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842178", "to_ids": true, "type": "sha256", "uuid": "b4852fae-7f3e-433c-be16-12eaf6bdf712", "value": "f2f7bd2b0114b9724deb81ea8a15da1f30a75491d6a4c640cf8428e6d40dca57", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842178", "to_ids": true, "type": "ssdeep", "uuid": "e35c0b5c-687e-4a37-8a23-1b1e9d4c92ea", "value": "6144:vQlMx3wQWG1TRRXokJ4kKUAYAkl4ewFB37eKfOnC74wtglKU8arIhRSR:FiQWwR1okRh9AmLwXaK5LDakhRSR" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842178", "to_ids": false, "type": "size-in-bytes", "uuid": "25de37a1-f719-4944-bf9e-2669852b9622", "value": "370052" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842178", "to_ids": true, "type": "vhash", "uuid": "9d40c03c-ead9-47c0-b8a0-d303a02cc7ef", "value": "3e4b13edeca2e7b01e9c0f49c9bfb086" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842178", "to_ids": true, "type": "filename", "uuid": "43a9fa09-d29d-459e-be36-ec706bd70574", "value": "f2f7bd2b0114b9724deb81ea8a15da1f30a75491d6a4c640cf8428e6d40dca57.file" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 27/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842178", "to_ids": false, "type": "text", "uuid": "71ed92db-a625-489f-8714-a9bf00246a67", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842200", "uuid": "095566b4-50ff-42c9-a4cb-564ba1558c80", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842200", "to_ids": true, "type": "md5", "uuid": "fa8f325f-7efe-4f13-bd75-50a9f6672328", "value": "88fa56ff80fc6dccf8da81a03cf48012", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842200", "to_ids": true, "type": "sha1", "uuid": "8f3d5336-94df-4c91-a3f4-b614c20ac516", "value": "222839c52600d39d231d72b8afabb4b421461a34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842200", "to_ids": true, "type": "sha256", "uuid": "87b6be6a-f873-4bc1-be4e-fee51b2dbdfe", "value": "33af6001c2775bd37474d4c212beda6f684d1fba7e30ed2f2e73993b39cbcdd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842199", "to_ids": true, "type": "ssdeep", "uuid": "e52db99a-e17c-4807-b2bc-2ab97330a732", "value": "49152:4OosyqnFz8f0xBk1ESxUrs+HcDw1tE+a1sv:Zdy2z8f0xOd+Aw1la1sv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842199", "to_ids": false, "type": "size-in-bytes", "uuid": "15a62d0e-df08-427a-aa64-53f52c0903e5", "value": "1928533" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842199", "to_ids": true, "type": "vhash", "uuid": "738db052-a969-43b0-a426-b27d88e2df66", "value": "5ec70387c34c79ad7938d0b1fd09d055" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 02/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842199", "to_ids": false, "type": "text", "uuid": "81ffc94b-46d6-43ae-b5e8-e0b7264d9b32", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842221", "uuid": "2dd429c5-0200-4e78-9cb1-b5454f65606e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842221", "to_ids": true, "type": "md5", "uuid": "5ca58b6c-70cc-4fa0-a395-5064aeced388", "value": "40610584b106330c321b7254d04664bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842221", "to_ids": true, "type": "sha1", "uuid": "02fb933f-09cc-4c67-8368-57a03379784a", "value": "1ad8554f3946b0cf59fe9611bdc85060051a81da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842221", "to_ids": true, "type": "sha256", "uuid": "3684c552-842c-4e98-9aba-81daee36bf6a", "value": "10022e0bfde9895148d8932763567932a548b51c2359f34f645589a25542565d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842221", "to_ids": true, "type": "ssdeep", "uuid": "17eb8acf-998c-479c-a7fe-a0b5d37e5e51", "value": "49152:mQ8OL5K5+RKt2uqZ+F9mDiuxwiH+AJQOAB2cGzFPDgKgF:GO4dkdZ+F9mDiuv+AywcCDgKgF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842221", "to_ids": false, "type": "size-in-bytes", "uuid": "eed333dc-a7ac-45de-a4fe-a5edac1ea4a7", "value": "1852157" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842221", "to_ids": true, "type": "vhash", "uuid": "32694ccf-5b44-480f-9996-8e025af245a3", "value": "6a104094d7aff2fdb1e0b28c817101c8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842221", "to_ids": false, "type": "text", "uuid": "c25de749-c87e-4504-8944-474b7b818033", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:32/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842243", "uuid": "ffaa9262-8fd9-4166-a56b-e9a6efbc4b46", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842243", "to_ids": true, "type": "md5", "uuid": "fc0164d3-de16-4a41-bc57-4820d709c712", "value": "202d683a464b1e10dea3ade7e644ebed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842243", "to_ids": true, "type": "sha1", "uuid": "6ce5f3bc-9fef-4467-8195-b6a87df243bf", "value": "eff5bac51dd79c609bcaa63a956ef14b8386f473", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842243", "to_ids": true, "type": "sha256", "uuid": "326d676d-ba1f-4d45-be28-ba252827a96d", "value": "20e850aeb82462f41c0c5aa8c62be1ec720d33829cec9128acce805cce06a46b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842242", "to_ids": true, "type": "ssdeep", "uuid": "2a8f7e40-0849-4274-8f74-4fd3bc605f13", "value": "49152:/hezkkb0OevfwAg+dfMi1iREwKndnw+X4dPbILHezMkkFGqP/6sUUrmKFON8PMoD:QzkC0OQy+dfMRzKlw9PELHerkFGqFU1M" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842242", "to_ids": false, "type": "size-in-bytes", "uuid": "0bb574c0-e96a-4bdc-bda9-361aebb88843", "value": "2150679" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842242", "to_ids": true, "type": "vhash", "uuid": "9c66f2c0-3e5b-4412-9a46-26c54a01c015", "value": "7b83f17115ce2a4625493e901a6a4a35" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 11/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842242", "to_ids": false, "type": "text", "uuid": "0596ff2f-c024-4218-854d-518e61fd1104", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:AndroidOS/Domob.B!MTB\nVT Total Detection:33/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842265", "uuid": "09bad41b-f2f5-4684-b129-e5f4c9042e5b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842264", "to_ids": true, "type": "md5", "uuid": "3fdd4e7a-88a0-4aa3-9ea8-977fb027a983", "value": "c64964bd8ed03340e6bcdcbb63194c87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842264", "to_ids": true, "type": "sha1", "uuid": "a09373ed-589b-47c2-b60c-77a11300f8f7", "value": "574c5d67d89b0d3c6e111a7c959b2171feb9aa85", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842265", "to_ids": true, "type": "sha256", "uuid": "27b5688d-fd0b-465c-ae4d-3206269aeab0", "value": "8a780bac406b390802a3e759f7f2d865a8a7908f03ae4e177cbb70f15144bbe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842264", "to_ids": true, "type": "ssdeep", "uuid": "66af4ce2-3b25-4dc6-a67c-456e3ec829a9", "value": "6144:3920gxLRQwMrID40/MzgddI8lW5kUgF4uYL4L0tl3rlNWjkb4:NP24CBdd3lW5ngF49So5Iz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842264", "to_ids": false, "type": "size-in-bytes", "uuid": "2c37e52c-13e4-4a13-a536-4ad47b330c11", "value": "398575" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842264", "to_ids": true, "type": "vhash", "uuid": "fdb27217-8930-478a-9a4f-210e7fb9f058", "value": "839ce47e5aba54f003d489d2ef939226" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842264", "to_ids": false, "type": "text", "uuid": "f183cb1f-977d-4eaf-accd-c91d71aa4a00", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842286", "uuid": "76294e9a-a0f1-4c18-8608-9803a5fc99cf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842286", "to_ids": true, "type": "md5", "uuid": "840e69c0-d17f-4c25-b408-0380a0158afc", "value": "a4077ff60549ef8a112807e87c26f3e5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842286", "to_ids": true, "type": "sha1", "uuid": "8958b09d-c17f-4182-8344-6af8e0107e81", "value": "81ac6026004103dc21dabbc1643c4aef39208161", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842286", "to_ids": true, "type": "sha256", "uuid": "ff3ca6ab-e236-41d2-9d18-bf69f849c9d8", "value": "0463e5b3009347e05912f997ede1f00a4ab095ca9829bf32d254f31c433c5ad8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842285", "to_ids": true, "type": "ssdeep", "uuid": "21b2e87e-95ec-4ff5-b954-a8c8cc2f9c58", "value": "49152:RumQfgumQf/umQftumQfoumQfLdHZJGXhorv1:RRaMtgRGXhoh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842286", "to_ids": false, "type": "size-in-bytes", "uuid": "3633082c-80d5-4a9e-8502-7a46ea39fa3b", "value": "2574171" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842286", "to_ids": true, "type": "vhash", "uuid": "ae14e220-effe-40a1-81e2-cef37b94235f", "value": "87920ce971bdd961159b830d72433b87" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842286", "to_ids": true, "type": "filename", "uuid": "0baef141-9766-4429-a7d9-5dd906524c42", "value": "81ac6026004103dc21dabbc1643c4aef39208161.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 23/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842286", "to_ids": false, "type": "text", "uuid": "942b96e2-0d60-4304-8124-dd9d9e9d00e2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Backdoor:AndroidOS/Multiverze\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842308", "uuid": "1f91430b-4e6f-4f1c-abec-c7ae87b9e784", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842308", "to_ids": true, "type": "md5", "uuid": "b30ed518-b356-4977-9b81-671e51e25e2b", "value": "8ebf628b1767c6ba0716541a1f3e8f0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842308", "to_ids": true, "type": "sha1", "uuid": "d80bd2ef-6b3a-4d09-af65-cf8bf2362e07", "value": "d2fd7517a9132c822d0e53787d365d38678ba6f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842308", "to_ids": true, "type": "sha256", "uuid": "9a590a0b-318d-4234-9776-0cc09d038887", "value": "ae880312b61de8762b993e4d622800f88f6214572951bae634bdbbff691f95c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842307", "to_ids": true, "type": "ssdeep", "uuid": "021d11dd-ee55-4605-a95c-fc4e0305cef8", "value": "24576:NBjfSf7VsYDnGsdjs/hwDQrbvoUs7F8XUJi0GB5oRHGFk3AF+XdV:NBjKjLnGlh+QwUs7F8XUJi0GB5olAF+L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842307", "to_ids": false, "type": "size-in-bytes", "uuid": "f221378a-a112-4216-a410-2e00701b5161", "value": "997969" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842307", "to_ids": true, "type": "vhash", "uuid": "4c5ffa09-3147-4a86-bcf6-0c58df9bf383", "value": "700ae16ce2cc7b1695e4bb2b85c98f8c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842307", "to_ids": true, "type": "filename", "uuid": "45716320-7600-411c-b6c2-35c24c722856", "value": "d2fd7517a9132c822d0e53787d365d38678ba6f5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842307", "to_ids": false, "type": "text", "uuid": "b4ef0995-bf2c-4be7-9b69-943536dba49b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Phonzy.A!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842329", "uuid": "cb40e4dd-d9b4-445e-8450-0abd030c1865", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842329", "to_ids": true, "type": "md5", "uuid": "3d433961-d5d1-4e9c-b528-dcbd23116edd", "value": "f21c2f3f915d113d1e6dff032f518f2a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842329", "to_ids": true, "type": "sha1", "uuid": "c3c197f9-cbac-4c80-b5be-44ff38f3a07b", "value": "84f934fa54c31b0104e5ea016ed341bc6d1fe533", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842329", "to_ids": true, "type": "sha256", "uuid": "9219d029-fafb-4481-b694-a3094808834e", "value": "7314e5e60210b7cd866dce1c163384a3a0b9b7db8fbdcf2f9a8ce33ba1bac435", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842329", "to_ids": true, "type": "ssdeep", "uuid": "0383cb05-fae2-4b71-817f-534a65f70fb7", "value": "12288:adUd5KdpheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zddsNeGH0rrO:P7yJI6XD2lORj4gd6H4Ad0m" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842329", "to_ids": false, "type": "size-in-bytes", "uuid": "5b685690-6f2a-4c3b-bf0f-b16079e4e0f4", "value": "536745" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842329", "to_ids": true, "type": "vhash", "uuid": "9ed3fb13-cd55-4e4d-b0fa-7b51ae3f2f46", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842329", "to_ids": false, "type": "text", "uuid": "d3a83119-0f00-4fd6-83de-a7a9fcbeaeb6", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842351", "uuid": "5ab5bede-5723-4cf4-9037-0203f788a5f8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842351", "to_ids": true, "type": "md5", "uuid": "783cca3d-4dc4-4538-a1ea-883330bd5c73", "value": "70b7882104551e54e3daa5db72e3aec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842351", "to_ids": true, "type": "sha1", "uuid": "63533af0-0b64-4202-b015-0d2d4fe5cadc", "value": "93d2821565c35307fb0d38728a2176ab151a7137", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842351", "to_ids": true, "type": "sha256", "uuid": "2cb507d3-7288-41a4-8eb3-f3e0e78f41ec", "value": "3fa5df4496a4505bed856df0c688678b7b170fa317dcef46f566caf742609ae8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842350", "to_ids": true, "type": "ssdeep", "uuid": "7868511c-beb7-43ca-8c55-ff7d3b17a3f2", "value": "12288:6d5UheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zQFGH0rrK:MFyJI6XD2lORj4gd6H4t0C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842350", "to_ids": false, "type": "size-in-bytes", "uuid": "f7fdb23d-7aca-4d6b-b05a-b906fa2016fd", "value": "539470" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842350", "to_ids": true, "type": "vhash", "uuid": "40cb1986-d756-4bd9-93ab-ba963cfbd731", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842350", "to_ids": false, "type": "text", "uuid": "65f75df6-c348-4613-8a4c-64f8f5edb225", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842372", "uuid": "e54daef1-f1e2-4d16-ab70-d6392edde790", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842372", "to_ids": true, "type": "md5", "uuid": "cb580b09-b25d-4863-b7a7-54950552a74a", "value": "9b7cf861c653898bba1f7fd6f3fac926", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842372", "to_ids": true, "type": "sha1", "uuid": "0dd22ea8-657e-4435-99a4-d7eecbcc4423", "value": "ba60888f18205e8e961e1ade2598a7171825d0fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842372", "to_ids": true, "type": "sha256", "uuid": "319303a1-9aad-4f6c-862f-c31e761d03c6", "value": "fd7060fd0f14a5f7405aec17ffef762800e7ab501912015c8907b87a73a348d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842372", "to_ids": true, "type": "ssdeep", "uuid": "4b3f74e7-66ec-48e5-87a1-ecd4e5a910dd", "value": "12288:7VSwuheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1z0FumHGH0rrJ:PzyJI6XD2lORj4gd6H4v0x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842372", "to_ids": false, "type": "size-in-bytes", "uuid": "738a71df-a6b0-47b2-932c-b8d198852e4e", "value": "560414" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842372", "to_ids": true, "type": "vhash", "uuid": "2b393739-db09-40b9-8ede-b772a3ca5727", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 31/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842372", "to_ids": false, "type": "text", "uuid": "d0d7db79-f431-4290-88f8-00024dcd1e47", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842394", "uuid": "26ae994b-c3fd-47f8-ab65-818e3cf83304", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842394", "to_ids": true, "type": "md5", "uuid": "33abb49b-0c89-4cb8-8752-e4e12b833628", "value": "275e64fa6ec72d9df4702597104b72c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842394", "to_ids": true, "type": "sha1", "uuid": "ff3f9bc7-451d-4a03-988e-58e9f092ee07", "value": "d6822efb9bf0944952daedfcf64b989afdbbb24a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842394", "to_ids": true, "type": "sha256", "uuid": "ae3bfe5f-3a63-49cf-a957-750e2dd7ba94", "value": "3d0392e2e3dc2798f0e9bce88eb1c5dd6fdb26c5a0aa2f82de88e737e3c8667c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842394", "to_ids": true, "type": "ssdeep", "uuid": "a4f88b35-ebde-4652-b994-76432f4dc17e", "value": "12288:EwqheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1z9FGGH0rrk:TfyJI6XD2lORj4gd6H4N08" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842394", "to_ids": false, "type": "size-in-bytes", "uuid": "bc2a15d8-5f53-42d9-a067-1add074197c6", "value": "539621" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842394", "to_ids": true, "type": "vhash", "uuid": "300172d1-0b95-4758-b8bb-a454e41fd695", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842394", "to_ids": false, "type": "text", "uuid": "3f702d40-838a-4d9d-8f78-7672bd9e2ee0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842418", "uuid": "c9e73831-5d9a-4802-ad84-fa44630449c8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842417", "to_ids": true, "type": "md5", "uuid": "2019c9cb-2212-452f-b3c9-93fe112c21e7", "value": "3998425712a4f9434a5b98c830180424", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842418", "to_ids": true, "type": "sha1", "uuid": "ea4fa74d-82b0-4741-a106-ab25cb893c4d", "value": "cf11b15717afd973331bd1bb63c399dca363cef6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842418", "to_ids": true, "type": "sha256", "uuid": "9425505e-84b0-4ae0-9acd-571dd7b72b8b", "value": "0fabbb052d75e9fe95a25ebc857f498edd655a5ac03b2735177c1b60b1b82509", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842417", "to_ids": true, "type": "ssdeep", "uuid": "3965bd38-659a-4d27-ab27-3b5e78a051ad", "value": "12288:md5xKheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zzzGH0rrw:Ax/yJI6XD2lORj4gd6H4a0o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842417", "to_ids": false, "type": "size-in-bytes", "uuid": "9fa573b3-86a7-4994-b3e4-6f302b1a2550", "value": "533059" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842417", "to_ids": true, "type": "vhash", "uuid": "d737e353-8188-4789-8a5c-00e553cb6bf9", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 01/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842417", "to_ids": false, "type": "text", "uuid": "6d0a6e4f-69db-48fa-af2e-1f63242d26ea", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842439", "uuid": "2d669b41-30c7-4f46-948b-1bc4cf5abb06", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842439", "to_ids": true, "type": "md5", "uuid": "7f3f1dfb-cbd4-4b39-b942-01e719ae9b7a", "value": "f0492149b50605e4e9f891e9a74ac7b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842439", "to_ids": true, "type": "sha1", "uuid": "4b6ebed7-08f9-4c2f-9a85-5a8d2413b690", "value": "d4938819d6bb6e35f3474d753da8b3f13c3c88bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842439", "to_ids": true, "type": "sha256", "uuid": "7ce47bb9-7a1b-48a2-bd83-de8b8efe7d71", "value": "0faefae2371fa46911f6db78887bbb205fc9b7d5922e671a7f093994faa6eeba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842439", "to_ids": true, "type": "ssdeep", "uuid": "29d7dd49-f904-4468-afc7-234722d9245b", "value": "12288:ywLheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1z9OLGH0rrF:hUyJI6XD2lORj4gd6H4J0t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842439", "to_ids": false, "type": "size-in-bytes", "uuid": "2f276670-6f84-4b90-a815-b853f3f9d6dd", "value": "545283" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842439", "to_ids": true, "type": "vhash", "uuid": "fbbe9cf8-a150-4272-92b6-77fb2bc6c3cf", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842439", "to_ids": false, "type": "text", "uuid": "fc21bee2-fad4-4ac7-91af-a7937e9805f0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842461", "uuid": "a47c6ece-aec3-4ac3-82ff-dc77db1185cb", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842461", "to_ids": true, "type": "md5", "uuid": "54bd3fc4-ec1e-40d2-9d0e-d8dbcfcf0677", "value": "29cb2d70cd43329ba0b628b9f817f4d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842461", "to_ids": true, "type": "sha1", "uuid": "a7d01dcc-4534-43d3-89b0-10f05244d847", "value": "68ccea577ea7fa40ccc81ca1913d763d355e1efe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842461", "to_ids": true, "type": "sha256", "uuid": "ab16e5d0-3f71-4021-a8a0-2aa7c1012958", "value": "12bc4973c78941779fa8b81908d3044a519082d9ac8468185253f8de9e0e02a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842460", "to_ids": true, "type": "ssdeep", "uuid": "446fb621-026a-45a2-8622-9371c7f27c81", "value": "12288:RwOheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zaOoNTGH0rr0Y:6TyJI6XD2lORj4gd6H4aO8W0MY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842460", "to_ids": false, "type": "size-in-bytes", "uuid": "3f95e30d-1eb9-4353-8f18-857c5d4b6167", "value": "534008" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842460", "to_ids": true, "type": "vhash", "uuid": "bd10ac03-dae6-42ad-841a-46ab71b56371", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842460", "to_ids": false, "type": "text", "uuid": "83b31a55-2574-461f-aa43-2868e15c8a06", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842483", "uuid": "bb9d6436-fe1c-4121-b436-2fd1596f46ed", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842482", "to_ids": true, "type": "md5", "uuid": "d522ef9e-2c17-4134-a066-63eb7b8ee408", "value": "fd96ed526fade8674adc0b9b00cf7f75", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842482", "to_ids": true, "type": "sha1", "uuid": "0df6706b-fecb-433f-8654-f5fbebb1d097", "value": "f1bbd1cd1c2e3cc6643ac7973849c176397b4d80", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842483", "to_ids": true, "type": "sha256", "uuid": "147e7e5d-cdc8-4b5b-ae4a-04f5225dabfd", "value": "57ae166f128ffb2eda4b60fb4b0ef79fbf3f41a8c366c305c070e3de44bba6db", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842482", "to_ids": true, "type": "ssdeep", "uuid": "74fa8e61-8f86-454e-8562-48e034dc69bc", "value": "49152:Vmt9YlT82ARvU2LowYIPhPUuAfuBBa0SBp3nD6TdQ8ipAo1T0TOLQP:VsYa2ARvU4PGCRi3Dcd/s0F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842482", "to_ids": false, "type": "size-in-bytes", "uuid": "f1a8103b-8acf-465b-a921-c4669fb7ca46", "value": "2748534" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842482", "to_ids": true, "type": "vhash", "uuid": "7dd976e8-668e-4983-8b34-ef337bdc19cd", "value": "87ca0efca5d6f833126940e3b8b7263b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842482", "to_ids": false, "type": "text", "uuid": "dba238bd-ffbd-454a-87ab-3057b7e7adf4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842504", "uuid": "51f395a3-f9a9-44dc-a257-52e0ddc336cd", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842504", "to_ids": true, "type": "md5", "uuid": "5033de15-b019-481f-863b-1de6803b58b7", "value": "be8e38b17425845c0304b9020622eeca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842504", "to_ids": true, "type": "sha1", "uuid": "852b56a6-df5d-4d3f-ac04-793733fc4a44", "value": "fc37725f6ea5659ff88f92b6f04edd827c5d478a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842504", "to_ids": true, "type": "sha256", "uuid": "330894c8-0d47-4bc4-a376-8fa2109e6e3e", "value": "3d4815caf596058bc6a63cfb5038402c791b295f2bb39572c13708a594921772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842503", "to_ids": true, "type": "ssdeep", "uuid": "aaeff084-e247-4728-bcfd-2025d704e77f", "value": "12288:CwVheyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1z0bF0GH0rr7:RKyJI6XD2lORj4gd6H40p0j" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842503", "to_ids": false, "type": "size-in-bytes", "uuid": "c784732f-3bef-43a8-b317-d359381e959c", "value": "538243" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842503", "to_ids": true, "type": "vhash", "uuid": "9b3717e4-985d-43a5-abe2-b8da4e95d8af", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842503", "to_ids": false, "type": "text", "uuid": "6a43d9d4-a852-42d8-b019-c1a0d3f49399", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842526", "uuid": "0d8c3a95-1c9b-4a9e-88e2-fe653364137b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842525", "to_ids": true, "type": "md5", "uuid": "f718806a-096d-47c5-b03a-db35ab82fcbc", "value": "e3cb99c7b5d92a043edbe17df056bf8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842526", "to_ids": true, "type": "sha1", "uuid": "78b5d74c-c173-4970-9e0a-7a3d0172a34a", "value": "2d67a75e7b119c0a806f70b054e23175f75109d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842526", "to_ids": true, "type": "sha256", "uuid": "159a6fda-dcbb-4970-a0e8-747f1c7fd0ea", "value": "167d26245a7d24e9cebb0e0e523edff3b1c7c72dfd3bff99077d316e59a3b78f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842525", "to_ids": true, "type": "ssdeep", "uuid": "3da26449-063d-431f-8a88-b89d837a98f4", "value": "6144:scDk71AzURw4w5C4urmyn3MOot533/pEAEjNlhPwRDstlS34keINthqIi1gilckd:nbwRwvA4VPfpEFjNlhoRws3X3vIIi3WC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842525", "to_ids": false, "type": "size-in-bytes", "uuid": "30ff61ee-fd29-4690-81e1-397b8421d470", "value": "374473" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842525", "to_ids": true, "type": "vhash", "uuid": "ae1f3919-f627-43fa-bad4-a21efafd6d83", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842525", "to_ids": false, "type": "text", "uuid": "8c9485c9-184e-435b-a759-ef070b3cf348", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842547", "uuid": "5f48713e-10cd-4b90-bdfd-596b282729cc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842547", "to_ids": true, "type": "md5", "uuid": "cb544803-3c16-4812-b44f-31f893a4a5ee", "value": "382bc31044484f03261fd6737bb6bdd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842547", "to_ids": true, "type": "sha1", "uuid": "96232041-d2d6-46b6-b200-42fd1a04330c", "value": "c12e2d0b2d7920dc4b64d0d31be4aa8c1b8e497b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842547", "to_ids": true, "type": "sha256", "uuid": "8e05652a-f595-446d-9c8c-ca220e0ed42e", "value": "49ea4cb5a11241c3da61fe899bb7062f48d1f853e8c5da05e82fd6c890b2821d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842547", "to_ids": true, "type": "ssdeep", "uuid": "64dd0609-12eb-4865-9cf2-b4f254d445cf", "value": "6144:VZxIuox0CuNb2WQFNYcJneHdrpJlWZHn8hKWtLQn0hSZIMWvuUGM:VDox0ONYynOZ1LFhzuUr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842547", "to_ids": false, "type": "size-in-bytes", "uuid": "62331200-bcf7-4058-beef-46bbae541d90", "value": "364842" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842547", "to_ids": true, "type": "vhash", "uuid": "14f09019-79f6-456f-9750-482a4f805e95", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842547", "to_ids": false, "type": "text", "uuid": "37e41260-d69e-4790-8100-bd8cc9a610b5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842569", "uuid": "650b8f91-15a9-4c44-9116-11b2016fd59d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842568", "to_ids": true, "type": "md5", "uuid": "d38d6f4b-9787-4fc6-8266-b3f76bce9eca", "value": "b2dbf46a64be841c94d8be33930f799f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842569", "to_ids": true, "type": "sha1", "uuid": "4befa886-0b99-4ba8-9856-61e84bd764dd", "value": "fec8f0c34c5575f85ba4a2c956711ac0c7670dcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842569", "to_ids": true, "type": "sha256", "uuid": "006c0f3a-bea9-44b6-89f1-9afba571b77f", "value": "976ecaff14cb87b000c07c18b58acacd7fa14422366a42eb49b6cb865c4f3865", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842568", "to_ids": true, "type": "ssdeep", "uuid": "c4b4e5af-8bfc-40dd-80d2-aa0f3784c4db", "value": "6144:K/Fk6T5kgIkgQEqj8Ll2OCiAi0/CswMH+GlLgC1IIPx+nYEMhe4cFuHh8Wmspskp:WOUgQwkEswMHFdgYNx+YEqYuHvmszp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842568", "to_ids": false, "type": "size-in-bytes", "uuid": "e1367b86-1165-4ee5-acd1-811bf2b28428", "value": "402407" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842568", "to_ids": true, "type": "vhash", "uuid": "dec4e30e-399c-461e-869b-c1e47f8b3fcb", "value": "1e57102f6422dc5c14eaff0a500d7e9d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842568", "to_ids": false, "type": "text", "uuid": "f5be7bc9-fb8a-43e9-8d4c-208b85874272", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842590", "uuid": "d9f045fe-cab6-49ee-a68c-a8992080c642", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842590", "to_ids": true, "type": "md5", "uuid": "2f5123bf-0eec-4e88-a459-263f286f848c", "value": "850d8f505009956dc2f079b59f715bd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842590", "to_ids": true, "type": "sha1", "uuid": "b2ef5a8f-b721-43b3-a05a-ce99d111726c", "value": "9ac1bfe526788a1367291329206dbb585675b060", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842590", "to_ids": true, "type": "sha256", "uuid": "60bddf92-6479-4093-b634-06bca3ddefd2", "value": "32c0df052883ab159c6330e2bf51ee9fd063edfe27b830741f480fb49dd9cbf9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842590", "to_ids": true, "type": "ssdeep", "uuid": "b2d482b2-413c-4fbb-8e15-11e4f0de2732", "value": "6144:KA1sWAZWG3qgGHBs+3VXsakKxCUWhrUgCCW66Z+iWRaB4dOth64me6t4:j1sP45zGakzTIgCCkUbaB4YDUe6t4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842590", "to_ids": false, "type": "size-in-bytes", "uuid": "63131ce2-7c7d-427f-873a-d3fbb200f359", "value": "372481" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842590", "to_ids": true, "type": "vhash", "uuid": "66196e93-652d-452e-b196-1874cd669dfc", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842590", "to_ids": false, "type": "text", "uuid": "d636d440-57ca-4a74-954f-c896df48088d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842612", "uuid": "94af4304-07a2-4d59-aacf-fe84e1cac463", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842611", "to_ids": true, "type": "md5", "uuid": "4e4d0be4-dcaf-4339-8e4a-d649ea420eb8", "value": "31ffda2c91acb9bce48665e1b29e8239", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842612", "to_ids": true, "type": "sha1", "uuid": "0d9be311-f9be-4a87-b4a2-ab32247e9e34", "value": "55e707569a523d9ea473bcc11b77459a21c5101f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842612", "to_ids": true, "type": "sha256", "uuid": "067fe323-2c0c-438b-ba5a-38b0cfcc023e", "value": "bde81bd4552ab419688a0110d46205d807432e908db5608e3326770b005827d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842611", "to_ids": true, "type": "ssdeep", "uuid": "02ef4142-7016-408f-ae0c-c408c4a9aa2e", "value": "49152:Rvprsb3XheUcEa7Ou2T14Ls6gcPyS63MGzLBZo4YmsTh1uTTQYzo80sOjToR5X15:khd6Ou2TMs6gcqpgBE/X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842611", "to_ids": false, "type": "size-in-bytes", "uuid": "ee09eaf2-52d9-4920-b4ca-5b9c1f9c0a04", "value": "1685538" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842611", "to_ids": true, "type": "vhash", "uuid": "b6d96d98-affc-45b2-94e8-e4a28ed59039", "value": "1be48bafdce8dbdf25fbcfd2a49459e4" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842611", "to_ids": false, "type": "text", "uuid": "06f71668-1471-44dd-b8b1-f6f681c15b3e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: PUA:Win32/Vigua.A\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842633", "uuid": "d3464dc2-067f-4a49-bb3c-86f1477edd49", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842633", "to_ids": true, "type": "md5", "uuid": "7a93f390-adfa-4f30-b3b2-d9d99c4c0ec3", "value": "1672e8eaea1314278410b9902cbd2bb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842633", "to_ids": true, "type": "sha1", "uuid": "7eb942bf-bf4b-4844-a57f-b22bd68f975d", "value": "994bcea1cf0c4a708ccff5ea1f351d9d6323c83d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842633", "to_ids": true, "type": "sha256", "uuid": "68bbc452-24d6-4f44-91e8-093ee3e16588", "value": "ad84e9cc5ca0800e42c412d360ed927349afbdb18c06bdacd7fe3d89c17c9cee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842633", "to_ids": true, "type": "ssdeep", "uuid": "5d1b7bdc-73da-41e3-8d5b-8cd6aa3b1c10", "value": "6144:MYKY/GpQb0j1PGq/E3VKhkCkETEku9JJiRgeLR4cxZX+HgQ6nNVak:JKY/QtPGq/2EIku9JgH4wVnNwk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842633", "to_ids": false, "type": "size-in-bytes", "uuid": "57c37687-3752-4336-9acf-ce725fdd9fe0", "value": "369797" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842633", "to_ids": true, "type": "vhash", "uuid": "577c0419-3508-4fb3-85aa-c767c9bc9e89", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842633", "to_ids": false, "type": "text", "uuid": "47506042-bfa4-4249-87b5-5f0f7f90c9ed", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842655", "uuid": "1c05e02f-a557-4fb4-bf5b-a09579456577", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842655", "to_ids": true, "type": "md5", "uuid": "b515443c-243c-45b5-9673-b670334d9fd2", "value": "9b01594b11f08978414816c801170937", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842655", "to_ids": true, "type": "sha1", "uuid": "38facd96-152e-4d20-8a3d-d199e7a68e7b", "value": "526866a446e4fefbab765612630c9f0d44f8a03b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842655", "to_ids": true, "type": "sha256", "uuid": "cd8b6289-f63e-4b68-b900-835cfc131563", "value": "3616f1f94c478f31ecf789f4c4ccb048d86d32cb499b38ea176bf4f6af90a049", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842654", "to_ids": true, "type": "ssdeep", "uuid": "a3401410-3485-4428-9285-531a3e44ccda", "value": "12288:DIoHg/dJdh7R0Ghgv3NTH5nbe2ZII1GiJNNIixJlYwEncbkaIK:8B17hTgvVHJbkI1GqWHncbkaD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842654", "to_ids": false, "type": "size-in-bytes", "uuid": "d4e655fc-daf5-4347-93eb-baa781455fe4", "value": "644241" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842654", "to_ids": true, "type": "vhash", "uuid": "c3941736-6adb-474a-aa19-854117680fc7", "value": "7859e9c58b22e036009aaff722740bf8" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842654", "to_ids": false, "type": "text", "uuid": "ea5a0f8c-1386-476d-96e8-6990b9477514", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842676", "uuid": "6d8d1b30-725b-4c51-bb55-3219c2d6a850", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842676", "to_ids": true, "type": "md5", "uuid": "c8ea17c1-4957-4630-9bd2-0d3d1edf97f5", "value": "b822b4fa6c953bfa51c2fcc685881045", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842676", "to_ids": true, "type": "sha1", "uuid": "7bea7aac-0d0a-489e-9c6e-b4af853c91bc", "value": "a53d3c91e7691e00291c91f25c90532d93e7a8a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842676", "to_ids": true, "type": "sha256", "uuid": "9ac53448-8403-42b8-ba50-a4357d18ada1", "value": "fdabfc0a88a63975324dca96fae9e8d5e1f4bad395d7bdf94d30d2fcceec0f1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842676", "to_ids": true, "type": "ssdeep", "uuid": "1ad69b10-42a8-4522-a31f-25ab4c35ff50", "value": "6144:/tMD/QpccaGq03KZTieLAhl95uvMWgjUj0HI6jmJLw4Vbznh1L73WfttUjLQnTKz:C/ettKZTi2AbZnju0HI6joNt1LK3mLg2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842676", "to_ids": false, "type": "size-in-bytes", "uuid": "8f88f43f-1719-4ed4-8d63-d6e5c8b740af", "value": "369786" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842676", "to_ids": true, "type": "vhash", "uuid": "f993c917-2a3a-4413-880c-9eb4a210ac12", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 30/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842676", "to_ids": false, "type": "text", "uuid": "28ff275f-5b56-4165-84dd-9fac6026770d", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842698", "uuid": "91197927-d3f6-4ac9-a5fd-855e1ef909c7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842698", "to_ids": true, "type": "md5", "uuid": "409995b3-f577-4049-89b0-63b25ae4abbc", "value": "583c9c7c39505b5321a08e5ecbd4e996", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842698", "to_ids": true, "type": "sha1", "uuid": "78570fb9-dd51-4f95-a1c8-37781cef6b3b", "value": "0a078b519a4e9612cd646fc6d19c472ff71d7177", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842698", "to_ids": true, "type": "sha256", "uuid": "e8c351e7-571d-47f7-ac22-779871f364c9", "value": "58c5781800ceba0cabe5b5860796afc7ebf4eb144efaff40e931e08e77432184", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842697", "to_ids": true, "type": "ssdeep", "uuid": "a83afd68-156b-410a-b83c-063c0b61e37d", "value": "6144:lcDkciAzURw4w5C4urmyn3MOot533/pEAEjNlhPwRDstlS34keINthqIi1gilckt:cfwRwvA4VPfpEFjNlhoRws3X3vIIi3Wq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842697", "to_ids": false, "type": "size-in-bytes", "uuid": "07f82e75-cc6b-434a-8f3b-9b1b3c83ee0b", "value": "374467" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842697", "to_ids": true, "type": "vhash", "uuid": "45d6b474-fec7-4f81-bdf4-d30be50a12ed", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842697", "to_ids": false, "type": "text", "uuid": "ebf38e77-af16-47c8-a6aa-f46f9ee062c0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842719", "uuid": "270cd2ea-1332-4f8b-90d5-a9bcd121d374", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842719", "to_ids": true, "type": "md5", "uuid": "553be2d3-0e8e-4db8-a703-638fb462a818", "value": "279a0f7971e3c26af4b979eaa0f0a57f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842719", "to_ids": true, "type": "sha1", "uuid": "384fb024-d955-4ede-9034-a6ecf5a575f8", "value": "4009f4af56aea5169e754db66cf21d02a05fe8b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842719", "to_ids": true, "type": "sha256", "uuid": "6611a2fc-ffc4-4e4e-a1f7-fc8d059bf132", "value": "fa3bd07369b0586760e88572c5a742340150f0f358bf9f430adebc410bdfb157", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842719", "to_ids": true, "type": "ssdeep", "uuid": "b8c8f4e8-5d64-4ba4-9a3c-8214c06570c6", "value": "3072:Jx8gkl5VB+dfXF1eZ54rAxz1yBmD5QuPFxXWizbbRj7nso:JS5+17eJHyBAQOXnzHZ1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842719", "to_ids": false, "type": "size-in-bytes", "uuid": "1caefbca-d7e1-495f-bc04-7335b7ae6c1c", "value": "151272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842719", "to_ids": true, "type": "vhash", "uuid": "7c950aaf-efd8-4517-affa-d488be40f05f", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 25/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842719", "to_ids": false, "type": "text", "uuid": "8e07910c-a30b-4b31-a00c-08f0ab85dded", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842741", "uuid": "16dc21c9-daff-4df3-b552-3acafebe89fc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842741", "to_ids": true, "type": "md5", "uuid": "d0e360ac-7557-4e17-a1d0-c05a25d92820", "value": "707db904acbc14e3c6662e43a757027b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842741", "to_ids": true, "type": "sha1", "uuid": "20391d92-d20f-4e28-bdec-e7de6a93bda0", "value": "69d1180eec5f4c66acfa28a004953b68d72b5b2c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842741", "to_ids": true, "type": "sha256", "uuid": "4ece1d1b-b6cd-45f2-8824-233aa985549b", "value": "e75fd5a533ccfe4658c744e852db4542cf09b4c45f0ff631d4b0d10effb712a0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842740", "to_ids": true, "type": "ssdeep", "uuid": "6f3e0e01-6ab9-4f43-8488-b3a8d301cd16", "value": "12288:Qw2heyJoBFOxXZX52ySMzo8HDRec4gdDm9C4+p1zhMyOSGH0rrP0:HbyJI6XD2lORj4gd6H4hM/0E" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842740", "to_ids": false, "type": "size-in-bytes", "uuid": "04ca67a2-7de4-48e1-b4d5-939a089e4848", "value": "606027" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842740", "to_ids": true, "type": "vhash", "uuid": "47ad7cd2-cce1-4d1a-878d-8910ab90bff7", "value": "e7e2400c21bf8c1bd20eab3880d78cb8" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740842740", "to_ids": true, "type": "filename", "uuid": "40312bdc-7852-4eae-b1ad-0b4cbdd5cdd2", "value": "apk52AB502F53BC2A48EF43F36B0E0483689CFB37B34.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/03/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842740", "to_ids": false, "type": "text", "uuid": "28354b39-231c-4670-b333-25a2a3667dc8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842763", "uuid": "f2024221-d151-42f0-aa85-7d7885897069", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842762", "to_ids": true, "type": "md5", "uuid": "edb5e57b-1bdf-493b-a2cb-ef05befaccc8", "value": "a05ebf81041f15d7dc26feff936dc44b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842762", "to_ids": true, "type": "sha1", "uuid": "04ea266f-ea68-4952-b14b-a8434b139051", "value": "38a36722cb87e2dff96092747f5878f5b6574396", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842763", "to_ids": true, "type": "sha256", "uuid": "6a095739-6463-4e4d-955e-b88ab6ff4091", "value": "5f8dd07a670052837789884d065851aac57fa44c3c071d9aedc752c3969bbe6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842762", "to_ids": true, "type": "ssdeep", "uuid": "6a1616ec-d101-4f6c-b15e-c78365c3ca7b", "value": "6144:llnAG8McQO2YneeiKzXLlXfavqfAcLBjaiWRaPgn/nAMSluFrroY:rAhM57JhUFfavqfAcL0bao/AMSGrroY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842762", "to_ids": false, "type": "size-in-bytes", "uuid": "ec41429e-94ca-4449-b8f7-858025bcead1", "value": "367828" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842762", "to_ids": true, "type": "vhash", "uuid": "70600da3-b79c-4cb3-8a02-d81e19f946ad", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842762", "to_ids": false, "type": "text", "uuid": "bee5cac5-b639-4769-bd1d-544baddacc30", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842784", "uuid": "a9b51224-17e8-40c8-b5ad-98c56b63ce06", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842784", "to_ids": true, "type": "md5", "uuid": "fb40c5e8-6e08-465b-a19c-6fc4db0adef8", "value": "aa7df0de82107a0006c4f2dfe21b2373", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842784", "to_ids": true, "type": "sha1", "uuid": "b981ca23-9219-4a43-b977-07f4b410686d", "value": "3e2496638fde3cd31788160935aab5e2fa58d409", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842784", "to_ids": true, "type": "sha256", "uuid": "afca94f1-a73f-423d-a488-419ddc54b169", "value": "124034098affa00532b243954f22120fa9f1605b975f311a81845146a432b290", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842784", "to_ids": true, "type": "ssdeep", "uuid": "87b7c470-bf60-40ac-bf3e-0e1bd3c71e74", "value": "6144:5IFhEB7MryPZu/RfUW1tTNAcS0Rd01jeVJNcQBLR4cXf998PFWbxulZRnr9:q+7MrL/RfV1tTNAcS0RdGefmQD4MV98p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842784", "to_ids": false, "type": "size-in-bytes", "uuid": "3609c7a4-d93c-4f21-8184-04834ed0d0b6", "value": "373307" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842784", "to_ids": true, "type": "vhash", "uuid": "475feace-67b5-4d9b-b41a-b8f0e2a47908", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842784", "to_ids": false, "type": "text", "uuid": "714a0f16-2f01-41f5-8ae7-91d9839a39ae", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842806", "uuid": "7c07238c-fad5-42a3-b6af-3a7863930076", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842806", "to_ids": true, "type": "md5", "uuid": "0d453ab2-79ca-4845-8289-c544b1ca0993", "value": "65a3e7bbea3b117ff9e3efd91a6b9189", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842806", "to_ids": true, "type": "sha1", "uuid": "eac0b353-9cb3-4bb6-bdb3-2adff9120c57", "value": "c1eb5a58fb0740d0e2021cc0a6c23a320f50abf3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842806", "to_ids": true, "type": "sha256", "uuid": "44183376-2159-4a2a-a483-68feb8bb9d23", "value": "b9a1488c3647070f8dc636f77016130e4854e1536150483b0b1b681b4dc49ae1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842805", "to_ids": true, "type": "ssdeep", "uuid": "97484081-f794-4891-837e-d75eedd980ea", "value": "3072:GdVBYTxgMN1SQtPSouzZPKcDpJ38Fqxu2yCfzK+zamxk69jv+LHsITtmd:kqgMfg7ZPjlpkc599jU1tmd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842805", "to_ids": false, "type": "size-in-bytes", "uuid": "a6b9f9f3-bb0d-4f39-9e63-c9910ab9eda8", "value": "140916" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842805", "to_ids": true, "type": "vhash", "uuid": "91edfb8e-a6fa-4c0c-be25-43a0c4fac778", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842805", "to_ids": false, "type": "text", "uuid": "9c9bf1ea-d9e8-4881-969a-5fde399f393b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842828", "uuid": "37b1baf6-8003-45f9-a31a-18a711d32377", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842828", "to_ids": true, "type": "md5", "uuid": "516c8b24-4911-412c-876d-284d1c385439", "value": "0b3f989f03a3934d920a0cfa6866828a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842828", "to_ids": true, "type": "sha1", "uuid": "c27c0028-50aa-4689-9562-289f943f94d7", "value": "ca5e2adaeb4369e4ea0b0616e928d31625634b3e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842828", "to_ids": true, "type": "sha256", "uuid": "dfdbe65f-762d-4c8a-8ab3-f6a11fa3f15a", "value": "194c73f6a45385b2496563e07d80886ca26f1c57839e2efbed0102b528ed6123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842827", "to_ids": true, "type": "ssdeep", "uuid": "ddd375ff-bf73-4a5e-a5ea-3d88dac2d170", "value": "24576:IZmPErHbcf/vJYsf5KUtiEvESlnoTr05TGyb:IumQfTc4noTryCu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842827", "to_ids": false, "type": "size-in-bytes", "uuid": "bb5416cf-abcb-47c2-8bcb-da6d2aadeb95", "value": "890926" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842827", "to_ids": true, "type": "vhash", "uuid": "20321aae-ff25-40ea-9c59-a4444b640ce8", "value": "87920ce971bdd961159b830d72433b87" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842827", "to_ids": false, "type": "text", "uuid": "df5c144b-c605-4106-bf28-b52f203d2460", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:26/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842850", "uuid": "0bae0ea4-2f4f-43a4-9087-8c02157b9d32", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842849", "to_ids": true, "type": "md5", "uuid": "3601451c-cf22-4409-a30c-59cfd25ed814", "value": "fc93c6b79a6be5f924fbc8ac8dc11cea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842849", "to_ids": true, "type": "sha1", "uuid": "edfa430c-30ad-45b0-ad66-e436da50be98", "value": "828d93f5348a1ed51f2d11da80abd128fa90d552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842850", "to_ids": true, "type": "sha256", "uuid": "6058cb68-101b-47a2-8925-d9e3bc54b4e0", "value": "3ee105825915ea3be349113669eb3d73329fd8a4e994ae1d4768c0f1b263902f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842849", "to_ids": true, "type": "ssdeep", "uuid": "d33e996e-fbef-4ff2-87f9-1d9e3fdddfe3", "value": "3072:+xORtTtNN8OQon7jcDobzbfanjhpdArGGeqOzaL3:+k/rN1QonDvfBrvezzy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842849", "to_ids": false, "type": "size-in-bytes", "uuid": "109017ef-5393-4d36-a814-863a29bdfdac", "value": "148424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842849", "to_ids": true, "type": "vhash", "uuid": "f51ad79e-63fc-499f-8503-9a01bd63ab6b", "value": "545324eeb03d1b380145450bd2a55591" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842849", "to_ids": false, "type": "text", "uuid": "d60c4b5f-d415-4603-82b0-2501b9bac094", "value": "GoldenEagle\r\nType Description: Android\nNone\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842871", "uuid": "52b921cb-1249-45bb-b9af-055f9cc76519", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842871", "to_ids": true, "type": "md5", "uuid": "22a5de88-478f-4ffa-88ee-b8120062aa48", "value": "a770b2919203d648d6e49c16d148fb45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842871", "to_ids": true, "type": "sha1", "uuid": "880a7647-376e-48fd-bed6-c835d77883b8", "value": "85242e1fa7e01dd913b369e695d8b979e47a9f66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842871", "to_ids": true, "type": "sha256", "uuid": "c102582a-eba4-4c5f-9116-8d4bacd12409", "value": "a80a3bcbce23217b8abaa5e376e5f67ccccb21e74ba5b98ed031d7ddbcb02462", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842870", "to_ids": true, "type": "ssdeep", "uuid": "078e30d5-3d63-4d07-9b1a-be7a9468e4a8", "value": "3072:J90ZVBNgh4TDpPq4SVwR/CBijh0YQGWCQtwaSVdDwtr450bunOdWlItQe:ToeGTDpPYVwRy2qLGJDwJ45sXdW2tz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842870", "to_ids": false, "type": "size-in-bytes", "uuid": "72c07d41-e862-4bde-b59d-cc96a065aa62", "value": "141864" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842870", "to_ids": true, "type": "vhash", "uuid": "3cf890cd-ec1f-4b14-99c0-8f4dd8ecccab", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842870", "to_ids": false, "type": "text", "uuid": "a25210bd-8a9a-475c-b6e8-6904bc831eb5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842893", "uuid": "585b3641-2e28-4407-b7cc-33c03a9ff979", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842893", "to_ids": true, "type": "md5", "uuid": "1d46c4ea-8c17-4c30-964f-516a6da87d26", "value": "cadd305299d74457bf442f6d2939dae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842893", "to_ids": true, "type": "sha1", "uuid": "9e8faebc-74c7-40c0-a800-98aabb442b27", "value": "7aa054fbe3f1e2d99cd0a40caf12efd69c8fc9cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842893", "to_ids": true, "type": "sha256", "uuid": "2405b116-f52d-4ca8-b022-86bf859b7925", "value": "d2c6dae70af9c443c814d1496e1c6878d16df5da7acbd3004a422658a0e6ebd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842892", "to_ids": true, "type": "ssdeep", "uuid": "df6b7190-eab0-4947-8a60-ec55fc8a083c", "value": "6144:6clbS57qJXJlpsDnhHWBZgTX6vDlzcPQ+fkftHYj5BUwiWRaSgn4PP9EgdK20:ypqFJlpsLhXTX6xcPrkOj5iwbaX4X9aH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842892", "to_ids": false, "type": "size-in-bytes", "uuid": "f3bfec61-fe38-4a71-8423-22a4d7704b39", "value": "372456" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842892", "to_ids": true, "type": "vhash", "uuid": "ecdc155d-f6d4-4edc-a7f2-6421b3563637", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842892", "to_ids": false, "type": "text", "uuid": "979a3f0c-623c-44a3-9332-a109ac7c9f06", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842915", "uuid": "814ecf40-55d6-4316-bfa8-de025f864058", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842914", "to_ids": true, "type": "md5", "uuid": "0803e3eb-4008-4b52-9800-870580d100dd", "value": "e60397615a0140f0db58f52231334b01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842914", "to_ids": true, "type": "sha1", "uuid": "4b76be54-b3e6-4185-a6c2-72304b751704", "value": "2c7795270633d2940837a32f4d897b9dd923e1ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842915", "to_ids": true, "type": "sha256", "uuid": "6e9d206d-e3c0-42ca-8276-14a8ad6f831f", "value": "21c2a8e9b044c29f059ea71ca7cfda4344d4709c1b059b9f47a6794a65fe0e9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842914", "to_ids": true, "type": "ssdeep", "uuid": "562ec53f-846b-49e0-b59c-92665ec8bf7c", "value": "3072:kFEVB7Uj60zAXjrR6hhmHzR1N0ix8gAaCVVof5Ts:kFq7UO6h0HzJ0q8gAtVVoTs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842914", "to_ids": false, "type": "size-in-bytes", "uuid": "d282599d-4e6a-4b60-a638-1ef8cc560788", "value": "138161" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842914", "to_ids": true, "type": "vhash", "uuid": "1638933c-698d-421e-a65d-6cad7b726045", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842914", "to_ids": false, "type": "text", "uuid": "fc95ccf8-58fb-4dbb-b413-593f6ab72ad4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842936", "uuid": "19463d9b-dd84-4e27-9789-1acd72075634", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842936", "to_ids": true, "type": "md5", "uuid": "31ab6427-b62b-4024-a3ae-2dea547f6839", "value": "b90dfb649e59a71a018397d8c4fc61b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842936", "to_ids": true, "type": "sha1", "uuid": "7791188e-9b99-4f76-9184-75cfe4e7275f", "value": "0e6ca5f74ad538552977d09e1694bc4e671803e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842936", "to_ids": true, "type": "sha256", "uuid": "5a766259-edbe-4d01-b768-8e51d978b8e6", "value": "45b0089b0c4815d77e9a7de6e0c0ac8a58e51abdb8fbe7f9786bbf1525651b1b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842935", "to_ids": true, "type": "ssdeep", "uuid": "7183b53d-bc00-43ca-bb7d-5962d37419ca", "value": "6144:CMDD/NHMpn2n761Z32lDCN821Xla9mnvUx3u0S0gidVoAh7ag6j7U8y2:fnwoDCW2n7nvUx3/XoARZ8y2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842935", "to_ids": false, "type": "size-in-bytes", "uuid": "226a31ae-8026-4dfd-a953-6e630944a595", "value": "367889" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842935", "to_ids": true, "type": "vhash", "uuid": "d125b9c9-e967-4ce4-a7ed-acff3c1ddf29", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842935", "to_ids": false, "type": "text", "uuid": "7607a117-686b-4211-a48e-2b8128b0480e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842957", "uuid": "a6b5f40e-1c9a-4abf-a9b4-30dbda43c025", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842957", "to_ids": true, "type": "md5", "uuid": "b5864cb7-bc81-4a24-9b3e-8493416d3e78", "value": "7cfc598240f41852a18953139390c90d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842957", "to_ids": true, "type": "sha1", "uuid": "ff2ec211-6fc5-4639-a477-99cc73d4fd4a", "value": "c5f5b4d7a3ffc067d1ffab160ea61bc68389e5ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842957", "to_ids": true, "type": "sha256", "uuid": "c90450d1-132b-4c1a-9700-64eb04b291e1", "value": "161fe640aba65e3faa22f206b74bca97d11563906aa122e0d59b30edde125cd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842957", "to_ids": true, "type": "ssdeep", "uuid": "3e672e78-9018-47e5-8057-06cb7fb20620", "value": "12288:BZN4rJ/rEeErkOxcSclXVF0tGvU8ATodfDFdJiU9Few/14bj2sG4xoKIGqEjTpTa:BZmPErHbcf/vJYsf5KUCcyqWovW8zLB7" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842957", "to_ids": false, "type": "size-in-bytes", "uuid": "801dc280-cecb-458e-a704-8ce9646b6a8c", "value": "890691" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842957", "to_ids": true, "type": "vhash", "uuid": "d6005dd0-924b-4418-8a72-7c085d08b095", "value": "87920ce971bdd961159b830d72433b87" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842957", "to_ids": false, "type": "text", "uuid": "7c0afcb2-8a61-4cf3-843a-872e2a89f18a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740842979", "uuid": "0da6cc47-3bf8-4a34-9c28-6a9035fd5e8b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740842979", "to_ids": true, "type": "md5", "uuid": "866beefd-11db-4e15-bc47-c31d288d1b45", "value": "a453ead29000889a9e7b234539b6b4ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740842979", "to_ids": true, "type": "sha1", "uuid": "49cb76b2-b552-4b82-84ea-dd36b5f3a0ef", "value": "ba2f191801e930f4fa810450c9678de5f4017276", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740842979", "to_ids": true, "type": "sha256", "uuid": "2aaabdc6-f718-4bf4-ad35-49a3cf015c04", "value": "7980ff654a989a65f3f15e4be8f760d4c90eda5e20d592333b2d2a886d2d0d0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740842978", "to_ids": true, "type": "ssdeep", "uuid": "80745ab5-89b6-4fcb-9d26-43e115e1f97d", "value": "3072:8VBJQP1l1vFYcn/yuCl/5Jots1qp/JbunOiRUNtdB:SJQPHQM/AJY5lXiR6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740842978", "to_ids": false, "type": "size-in-bytes", "uuid": "69d213d3-c84f-4fae-b620-1bfc62237f92", "value": "140058" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740842978", "to_ids": true, "type": "vhash", "uuid": "ef9151d2-3c8a-45c5-ad1a-2d7670f68855", "value": "d20f7b4b5b7bd9dd4ea7bf575bdd8ab3" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740842978", "to_ids": false, "type": "text", "uuid": "5f8fb6ed-1c8c-4532-99c9-f33acab929ef", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843001", "uuid": "d669e91c-a943-4bed-aea6-5896738cb5b3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843000", "to_ids": true, "type": "md5", "uuid": "c6271004-3174-42c3-aaea-3c334957ea72", "value": "806b9a9cc1c9dcc09d7f09f7edd8f9b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843001", "to_ids": true, "type": "sha1", "uuid": "4da51a42-5d97-4eb4-97b9-eef3fdbaf3fe", "value": "481193e2e882f5856aac0bfbec0afb74bdff98fc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843001", "to_ids": true, "type": "sha256", "uuid": "119a3dae-4b04-44c2-b275-41fe5f31abd5", "value": "3c1e65c42cb7ee13aef19a9f9401a4af9d56dabb20fdfbbf62be0ee1b84e8b53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843000", "to_ids": true, "type": "ssdeep", "uuid": "2f4a01a4-e515-4ea7-9265-e70ea38dd9e6", "value": "6144:kDKIKvi+dkRTqh77jdZLPpqeRv1iwo/gpVEdTXr+OQMJIx4LB:mKO1RTqhHLhDjiwcAEduOQMu4LB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843000", "to_ids": false, "type": "size-in-bytes", "uuid": "a71f9b04-66ff-401e-91f7-1c667810e063", "value": "274325" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843000", "to_ids": true, "type": "vhash", "uuid": "b5af5d20-5245-4a64-99d0-b161446b7fe2", "value": "b20a659f02c6f5574927694ba1a9b382" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843000", "to_ids": false, "type": "text", "uuid": "947328c4-097d-4a16-96df-49749bde5c99", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:24/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843023", "uuid": "eb3227dc-d4d7-4414-b783-ecad65e8b548", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843022", "to_ids": true, "type": "md5", "uuid": "0cd5d772-4eea-4493-bd2b-ce062d8291e7", "value": "ba0b4004d5d141d04bbda8cc1ca7563c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843022", "to_ids": true, "type": "sha1", "uuid": "c5315346-e684-416b-a331-3baec1d05491", "value": "12bd7e9309522b74f0aa2532cd4a704a666e3fcd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843023", "to_ids": true, "type": "sha256", "uuid": "007fe21d-2c06-4a70-b593-550b6406563a", "value": "f14e813506aad98f0587cffa30fbfb44adaafef596b832dc2c3f7be60985b916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843022", "to_ids": true, "type": "ssdeep", "uuid": "33f02421-ad94-470a-a1f4-236b6ca02d42", "value": "3072:bKFEoU1VXx1Oyr8N7Xn0F+J+ohx+6kfe4y0DlJ4AZFCqs8O3aLi:bU4p8Efe4TbTC4O3H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843022", "to_ids": false, "type": "size-in-bytes", "uuid": "53e19f7e-4250-41a3-ad32-05e4f50de025", "value": "170301" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843022", "to_ids": true, "type": "vhash", "uuid": "15132f4f-d3d9-4acf-9c92-12c495979fe8", "value": "bb40dd0a2688f757d362b60a612c9f9c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/11/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843022", "to_ids": false, "type": "text", "uuid": "3595e315-0a0d-4881-b697-ef31402653e3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843044", "uuid": "a65f34f4-2145-4e60-b1e6-6611c97780e8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843044", "to_ids": true, "type": "md5", "uuid": "6670f941-1903-4824-8c21-2d9cfd0e2cd8", "value": "0683ca888140c202727b5718b5a560c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843044", "to_ids": true, "type": "sha1", "uuid": "1f1940a0-e5ce-4507-bf74-46d8839ff4ec", "value": "2ba9a4649eaea16d6a4891ea91de56b091ff3715", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843044", "to_ids": true, "type": "sha256", "uuid": "c10419ab-bd13-42d8-8660-82673329aace", "value": "535d63beb6628745c823fddc53bee195b4accd5233e07c13068de19b330cb8e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843044", "to_ids": true, "type": "ssdeep", "uuid": "bb692414-d304-49db-9429-dbb7040e77b6", "value": "6144:vyv1eYp3wWQq8CfGXMNEq7a9Ikjd0gmLxL2h5lfYF08DbJoMLkeccIz:Kv1k5Wf7GgkjdLmZ2a3Lkpdz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843044", "to_ids": false, "type": "size-in-bytes", "uuid": "8b3af37e-7bc7-480f-9909-c18bd6ce4c60", "value": "312627" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843044", "to_ids": true, "type": "vhash", "uuid": "d4e2f726-337b-42b1-a903-4739b283be8d", "value": "f5d756d230236901006b581cc874ebc9" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843044", "to_ids": false, "type": "text", "uuid": "b5ab8131-30a5-41bb-9df4-44ab503fe953", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843066", "uuid": "d2267aba-22d1-4faf-840d-862eb6fb179d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843065", "to_ids": true, "type": "md5", "uuid": "d4c9aad9-d166-4b03-84c4-4ef87cecad05", "value": "0fef4e51edd5396897297dfda4f03011", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843066", "to_ids": true, "type": "sha1", "uuid": "47496777-83eb-4146-b865-d9d9bc69d879", "value": "c1376a6da6a10d28f4a483141f2fe53434136cf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843066", "to_ids": true, "type": "sha256", "uuid": "3122dd28-b170-4eca-9ce8-f52f00d6c59b", "value": "0b2c38f22ea2160dfe62df2d80a5a108d9117ffc84ba26d9e65f9aa37b5b6bee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843065", "to_ids": true, "type": "ssdeep", "uuid": "72691f54-7466-4e27-980a-d8a9edae5610", "value": "12288:QqE4b1rXxlPWzW3tfAdrgL9bhVJ/lU6lRS:g4Jdl7xxhVXc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843065", "to_ids": false, "type": "size-in-bytes", "uuid": "b738cd4f-54ab-4faf-b2e7-f0ff4ff1fc32", "value": "458755" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843065", "to_ids": true, "type": "vhash", "uuid": "ce2cf43a-7e21-44fb-a726-55a5443acf0a", "value": "758fd56c4f7e35ecc0a48fb84de0b0a0" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843065", "to_ids": false, "type": "text", "uuid": "c3c91963-f9d2-4f34-b036-680aad9e7e62", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843087", "uuid": "3312ad0c-f95c-48bb-b85c-bf474b3ed32e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843087", "to_ids": true, "type": "md5", "uuid": "66edfa4e-4aea-4da0-93dd-79555c428a0d", "value": "9abdd31b3845fb5937b4d7e46e98a1a1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843087", "to_ids": true, "type": "sha1", "uuid": "d543c30e-15fe-4245-bc49-b34198cbee54", "value": "6115adc88b8006af897a18b5cfee0cd7607da938", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843087", "to_ids": true, "type": "sha256", "uuid": "1427b094-0c0f-42fd-ba18-cbfd6181c9f5", "value": "4781cdcad6bf797c6c6d1ae578fc9eeb087fa02a2e6b9552b4a80ec0a2d37867", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843087", "to_ids": true, "type": "ssdeep", "uuid": "f8d8c00c-7f90-4ccf-9509-edc4c1da34f6", "value": "98304:LnFlXG2qElsOXNjViQ6Jf/7ssLHoSroAdkmLppD09yB:LW2b6++AsAAycpWy" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843087", "to_ids": false, "type": "size-in-bytes", "uuid": "6697aa4c-1bad-4eeb-b365-f57ed0fdaf11", "value": "4549683" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843087", "to_ids": true, "type": "vhash", "uuid": "5a7f93c2-7a1e-458f-ba8f-81fbcf453289", "value": "25730c61dda21656fe98ddd0265a3596" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843087", "to_ids": false, "type": "text", "uuid": "8457dbc5-e936-47ae-9977-55723e03f5fc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:29/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843109", "uuid": "9c35d387-f9b0-4c4b-9732-df10972c409b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843108", "to_ids": true, "type": "md5", "uuid": "44384400-d892-44da-8ca3-038222f1793c", "value": "737d47d595e3b8cb44c51c93af9a2af8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843109", "to_ids": true, "type": "sha1", "uuid": "bb7c1097-8518-4b4a-9781-e6b5d5ad3558", "value": "b0512e5f26e344b76a2d11f9bb04d8dbcda77e3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843109", "to_ids": true, "type": "sha256", "uuid": "749d243b-54a9-47c0-9074-e9bc9e8fb79e", "value": "8bbc7d63da32ec60600223522a472c3010990d8f8fc474174d6601447d1e4968", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843108", "to_ids": true, "type": "ssdeep", "uuid": "eefd259a-c6b5-441b-9196-ea157ef489b6", "value": "196608:+8uqMfUvyPemnN6eMqQ7jXv+xkJ5c4Y03:+8uZfUvyP7nDMtXWxkJCY3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843108", "to_ids": false, "type": "size-in-bytes", "uuid": "3aca13c8-405d-43cd-98dd-b6b19b420f71", "value": "6839360" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843108", "to_ids": true, "type": "vhash", "uuid": "abd9a704-8fe4-495b-a393-106d9142a526", "value": "ac49f228a43fc193ef2c29ad2116f264" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843108", "to_ids": false, "type": "text", "uuid": "c56c12c5-7c04-4a15-b6cf-5b1900f5f5f0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA6B\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843130", "uuid": "2ed98127-b1c6-4e95-beb8-e7a857fa4a69", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843130", "to_ids": true, "type": "md5", "uuid": "b81ae5e1-2f4b-4ad8-952d-68f505d58019", "value": "2dd1977eb9e175c68239c9fb242a1ce1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843130", "to_ids": true, "type": "sha1", "uuid": "c81c602e-7dba-48ef-acf3-e1b47dabc8e2", "value": "53685512c4d58f4c470a0883123d455b89c01ac3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843130", "to_ids": true, "type": "sha256", "uuid": "81223c8a-fc8c-4351-b14d-7a59bf743dd4", "value": "48063527ca85056def4a64720ef7d20aa6029e61a70845723802eeb43ac982f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843130", "to_ids": true, "type": "ssdeep", "uuid": "49ec897d-911f-424f-8b4c-e625e208dd3d", "value": "6144:cb03HJJHo6IvsOYFfTgyqx0aIY2hYw1anr0SM0xQO3KWUSr0/v/GpYCGzj0M/do:x3JJI6IUOYFfJpiQSxp35hGUGdo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843130", "to_ids": false, "type": "size-in-bytes", "uuid": "74667b54-9794-4901-a1f0-bfaa1765cca0", "value": "323406" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843130", "to_ids": true, "type": "vhash", "uuid": "b1b15f49-3292-477b-a460-9c4c898dbada", "value": "4f899ec45c6ef42ad91d8533ede1d72b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843130", "to_ids": false, "type": "text", "uuid": "07c7b3b9-7864-4d2e-9e78-2062af506dfa", "value": "GoldenEagle\r\nType Description: Android\nNone\nMicrosoft: None\nVT Total Detection:27/62" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843152", "uuid": "d93566d2-2888-4775-a80d-41f11d467bc6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843151", "to_ids": true, "type": "md5", "uuid": "0482dea7-5622-4887-bf7d-b78bc00dc39f", "value": "5159d350ce473711c15ae89cd7e2d2ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843152", "to_ids": true, "type": "sha1", "uuid": "32b4dca3-54dd-48e9-aeb7-995a05973847", "value": "17aefee2a290ea7575d803ee27042cd247c546e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843152", "to_ids": true, "type": "sha256", "uuid": "c210a727-6f98-4d20-8f89-e883c5d746b5", "value": "12809c479741350e38aa0d18bd5d8ae7102c6d534e92738cfc85cb04e6475355", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843151", "to_ids": true, "type": "ssdeep", "uuid": "ee0ac5d7-529b-44d4-9cb0-d1c811d3b96d", "value": "6144:xS/P+WIIwLh2cOpRaPcmLX1EYvmVB8IVZac/269MfpXfGM4n+TuRcxqn+dSG:e+nLzmRqFLXmYuVB8cZd/ZU++TuRpIJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843151", "to_ids": false, "type": "size-in-bytes", "uuid": "b6fc2631-9ea1-4bc7-a351-20e5cb96abe1", "value": "388932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843151", "to_ids": true, "type": "vhash", "uuid": "5084974d-4377-4cd0-adc1-4926db8b0065", "value": "8a264405cf6cda930638850c6c835c29" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/10/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843151", "to_ids": false, "type": "text", "uuid": "3d41cfb6-2954-4fcc-a9a6-50d73ef31ff2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:26/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843173", "uuid": "da613e9e-3e7d-4660-b078-4ee6e53cee26", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843173", "to_ids": true, "type": "md5", "uuid": "8674b089-f01c-47e1-a74c-d7e57ab942f3", "value": "383a7e3ab1653bbcedc5579754794eb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843173", "to_ids": true, "type": "sha1", "uuid": "7fdbc922-7be6-4f1a-8b9c-d1d7673a2b88", "value": "9cd977982aa8e00d3cdfd43b18e2cc386fe285ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843173", "to_ids": true, "type": "sha256", "uuid": "48dc53fd-aadb-40c7-87ee-56465d26bc24", "value": "bf012f0fa9de1bd29f25630ee325527e3796fbfac1678c0dccc9f11185d6e7da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843173", "to_ids": true, "type": "ssdeep", "uuid": "4680d8a9-ff4e-4169-9ac3-b6177d4be162", "value": "6144:ES/P+WIIwLh2cOpRaPcmLX1EYvmVB8IVZac/269MfpXfGM4n+TuRcxqn+dtE:5+nLzmRqFLXmYuVB8cZd/ZU++TuRpIK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843173", "to_ids": false, "type": "size-in-bytes", "uuid": "46aba4f3-d126-43a8-a55c-33fb3d56ec76", "value": "388932" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843173", "to_ids": true, "type": "vhash", "uuid": "d0e564d1-3e34-4699-a381-a16dd4a83021", "value": "8a264405cf6cda930638850c6c835c29" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843173", "to_ids": false, "type": "text", "uuid": "0dbfb0d4-c9ca-404d-b7bf-6e4cf813e509", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF3\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843195", "uuid": "ad7c3b84-0b81-4fd1-8e22-ca4c3f6694b3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843195", "to_ids": true, "type": "md5", "uuid": "633a61b8-d834-4f74-9d66-90a675cb1146", "value": "4121b6cba3eb04987ec7f946c4b0db31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843195", "to_ids": true, "type": "sha1", "uuid": "d9ae6824-0218-47d6-bc2c-a65502524940", "value": "c9288d5626a4e458e688a16a6d81b8de8363e53b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843195", "to_ids": true, "type": "sha256", "uuid": "f1f4925d-0b33-4f91-8a0f-3b6eab45209c", "value": "ab0e808ef3d63ca444833673ecdee73df1901e3ba08c916750f76d3c337ba4ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843194", "to_ids": true, "type": "ssdeep", "uuid": "2c7eb6d0-54b7-4e9f-af2f-6b43ca77b4f6", "value": "24576:0MR91X0LBoSe+KNRCnBSUWF5WaKXYRVnVt:04EL6Se+KNRWwUkUaKXYRx/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843194", "to_ids": false, "type": "size-in-bytes", "uuid": "3f6332b2-bac4-4563-8524-f20ed8ed9c01", "value": "860994" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843194", "to_ids": true, "type": "vhash", "uuid": "4b186e78-3471-40e7-ab82-6a01da3e2d1d", "value": "9d1b25b6eae17b320959b3566c8cd5cc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843194", "to_ids": false, "type": "text", "uuid": "98b134a7-86ae-406b-bd3a-1df68567ffca", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843217", "uuid": "2fbd7e4c-385d-480a-8e39-63eaef667e34", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843216", "to_ids": true, "type": "md5", "uuid": "9a7c1604-2589-48b6-868c-b84f51470ab7", "value": "1edc7ad973a6e2db84ff213fdb924292", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843216", "to_ids": true, "type": "sha1", "uuid": "5d6b0951-c334-46d4-99c6-717df98a5a31", "value": "29738b969e4bdd11aa7d50d629db538d3cbd6a05", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843217", "to_ids": true, "type": "sha256", "uuid": "0270c3fe-c66b-4afa-bbe7-d0673890222b", "value": "d054f79990bf760713395d4aea98d38398bad1eb9926fc92b07ce52cf2f96d48", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843216", "to_ids": true, "type": "ssdeep", "uuid": "b2d450dd-17be-4cf8-8f0a-be4d402c64d3", "value": "6144:Oza6OSv7vGN4d4vMOCnBmogb1HzoDwyziL/Af2I/eNcEBciUc6OPh4td2L:J6nG0Az0C1TodAYNeuE6GwdG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843216", "to_ids": false, "type": "size-in-bytes", "uuid": "7f64f9f0-d15e-4ead-8ddd-baf69db48a70", "value": "398314" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843216", "to_ids": true, "type": "vhash", "uuid": "835a261c-a072-43bb-8e7d-083ce00f4af2", "value": "e01647e4652ea48dfdcc60bf1f4a61d1" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843216", "to_ids": false, "type": "text", "uuid": "c4c4f696-e286-4dc7-8332-cbadea48a8d1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843238", "uuid": "b0811977-97d8-4f1e-af24-c5859240940e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843238", "to_ids": true, "type": "md5", "uuid": "eed2ecc3-aa0d-4400-8a95-5325261f4618", "value": "9c5f9b4fb7ed0547930231825c7e7fa4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843238", "to_ids": true, "type": "sha1", "uuid": "fa3de76f-c692-4c6a-856f-20ba3f37a53c", "value": "6abc64a4f05692419fc2f168392fca8db13d32e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843238", "to_ids": true, "type": "sha256", "uuid": "27556e54-e06e-481b-883c-dd213c67fb78", "value": "1d9744d8940b283a9e91a5e8446d6d94689e6a93a7f4e7e7319015046863fdf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843237", "to_ids": true, "type": "ssdeep", "uuid": "e8e47575-699f-4f72-b632-6d39207baac2", "value": "6144:fRza6OSv7vGN4d4vMOCnBmogb1HzoDwyziL/Af2I/eNcEBciUc6OPh4tdS:06nG0Az0C1TodAYNeuE6GwdS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843237", "to_ids": false, "type": "size-in-bytes", "uuid": "416c6fd1-cbe7-4080-99f1-0278f67ecfd6", "value": "398320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843237", "to_ids": true, "type": "vhash", "uuid": "88c13c3c-bc62-4323-9feb-b27e87ac8b01", "value": "839ce47e5aba54f003d489d2ef939226" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843237", "to_ids": false, "type": "text", "uuid": "b10bfa9e-dbc2-4f46-ac03-d8aa9312af10", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843259", "uuid": "937b46af-61ee-4410-89c1-eb5da793ed11", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843259", "to_ids": true, "type": "md5", "uuid": "187b665d-1863-46e2-bc86-81e7c687b773", "value": "70454f6b1c8c8fbb1410b9a0cb8f38b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843259", "to_ids": true, "type": "sha1", "uuid": "bdfffb3f-d976-427c-8575-a93616c8ec72", "value": "43b9c2c4774a0fac1eb138cb2db8f98093f56563", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843259", "to_ids": true, "type": "sha256", "uuid": "e4e54f6d-6a10-4147-955e-552c4dfe80ee", "value": "de9f12f37eb64ae69d403da4963c5c2fbf98503f221cc7674682d2e1ccf4da31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843259", "to_ids": true, "type": "ssdeep", "uuid": "0c23c3b0-c71c-4d85-b19a-6c74b13b562a", "value": "6144:9S/P+WIIwLh2cOpRaPcmLX1EYvmVB8IVZac/269MfpXfGM4n+TuRcxqn+dEd:q+nLzmRqFLXmYuVB8cZd/ZU++TuRpI6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843259", "to_ids": false, "type": "size-in-bytes", "uuid": "7d74eb0b-2c63-4c3d-a1ab-5a59ca61987c", "value": "388938" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843259", "to_ids": true, "type": "vhash", "uuid": "9e1462c5-c5b1-4cd9-a742-28c19275eb99", "value": "8a264405cf6cda930638850c6c835c29" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843259", "to_ids": false, "type": "text", "uuid": "81121ca9-28ef-4a2b-b69a-623346a4806a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF3\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843281", "uuid": "e4a94d95-8063-4c06-b08a-f50de3aa0a3a", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843281", "to_ids": true, "type": "md5", "uuid": "49ed86b0-fa1f-4e4c-a54e-c630265afcf7", "value": "6d1a2ac7b5ee2ef553f2ef98aab8e1c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843281", "to_ids": true, "type": "sha1", "uuid": "5ec011b1-d70d-4bc3-a363-10a4d18293b7", "value": "32032b3866e5bf4362e2c52be0276344e37857cf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843281", "to_ids": true, "type": "sha256", "uuid": "a182691f-7696-4d2b-b020-96c639d3c3c3", "value": "d6afb6e7b95aa19622b890f49e9b570656fa8cdb1323f9730a40664ca00ea2b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843280", "to_ids": true, "type": "ssdeep", "uuid": "97e493b3-95af-4dba-b671-0cd3500e19dc", "value": "6144:HcCBJ/ThUS9H0CjXLatCfqUllfAeaaTgQapa/zGVFGMs8qhQ4XrmYhpKxqxb:8w1UdOatCf1asgQri6Squ46Owqt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843280", "to_ids": false, "type": "size-in-bytes", "uuid": "f85dd38d-2983-4e32-8011-97ec89c0c3fa", "value": "398583" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843280", "to_ids": true, "type": "vhash", "uuid": "8f241b4b-787d-40e4-9874-c23dd1811f18", "value": "839ce47e5aba54f003d489d2ef939226" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843280", "to_ids": false, "type": "text", "uuid": "f21e06f5-9c9b-40cf-9b06-5045e035b0e8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Bitrep.B\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843303", "uuid": "64d63007-e205-48f6-ab56-0460b4b11063", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843302", "to_ids": true, "type": "md5", "uuid": "ed4b6816-9670-485c-a563-a256fbaea3c3", "value": "e76a1eb59d49f997d030a24799432859", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843302", "to_ids": true, "type": "sha1", "uuid": "27e446ef-bfe1-48d7-80fb-9b70994917c9", "value": "c3c1fbf8a1292e69fd8543f08c9803f29ad59b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843303", "to_ids": true, "type": "sha256", "uuid": "c710eb2e-af8d-482d-9334-f3c2d79f9ae5", "value": "88e9ff093831b0fec7f537e60dabe7bacdbab6a5523c1b4b23dbb0b0ef0ce3d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843302", "to_ids": true, "type": "ssdeep", "uuid": "d7cc70aa-4241-4bfd-bcea-e79fd0ccdbbb", "value": "6144:/S/P+WIIwLh2cOpRaPcmLX1EYvmVB8IVZac/269MfpXfGM4n+TuRcxqn+d/5:0+nLzmRqFLXmYuVB8cZd/ZU++TuRpIh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843302", "to_ids": false, "type": "size-in-bytes", "uuid": "5de53946-6bc3-47ed-a02f-b80504053b0c", "value": "388939" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843302", "to_ids": true, "type": "vhash", "uuid": "8dbe1e5c-99d8-4d9a-9818-e9d6ca82e947", "value": "8a264405cf6cda930638850c6c835c29" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 06/01/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843302", "to_ids": false, "type": "text", "uuid": "844f07f7-bb2c-4c5b-986b-17998f4ed12f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAF3\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843324", "uuid": "c282f8a6-b254-47f6-be3b-8e6a4536962e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843324", "to_ids": true, "type": "md5", "uuid": "c00d353e-5861-4a3b-b450-5fc1e2f0a70e", "value": "7ccf2f436387888d0be1b7d86b3260b2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843324", "to_ids": true, "type": "sha1", "uuid": "44f9e779-cb45-4688-bf90-4ff260e40c16", "value": "b9e9abb3b391e513299f13a2bd341008475cc39f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843324", "to_ids": true, "type": "sha256", "uuid": "82494903-6ad3-4b0e-9024-6f5d17a37448", "value": "88fa9b541b9871e52fa594ba8678414870111b67f4baed62e2444b431d59b43e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843323", "to_ids": true, "type": "ssdeep", "uuid": "33fcd0d4-e0c5-4a8e-b743-17c12e094e3b", "value": "12288:9WsH38WWfb+e9uZjo4NK3ptTLXbiKRrp5AzJwrAzI:9WI8WWj/Q5o4gZtriKRczGAzI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843323", "to_ids": false, "type": "size-in-bytes", "uuid": "5982192d-7cbb-4b52-8eee-b934ecafd2ce", "value": "398561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843323", "to_ids": true, "type": "vhash", "uuid": "9424a5a3-323a-4fd0-ae80-4844fb8151f5", "value": "e01647e4652ea48dfdcc60bf1f4a61d1" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843324", "to_ids": false, "type": "text", "uuid": "0aae3398-5b46-42b6-90b9-0d06f76b4894", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843346", "uuid": "a35d9fd1-85ae-4426-9907-a8da266f122c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843345", "to_ids": true, "type": "md5", "uuid": "8e8091a5-fea4-4a31-8b08-9d05aa4faad6", "value": "87099aa14e44fc05b80c8aff3eb125f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843346", "to_ids": true, "type": "sha1", "uuid": "5a6f38d3-bf86-48c2-9657-26a361ff481d", "value": "9227a68ccb59aba48b09bb16834546047cf53b3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843346", "to_ids": true, "type": "sha256", "uuid": "ce5c1722-7cad-4bf9-9194-f33c9a2110bb", "value": "9a7af1362ff72ff44f1aac300cf1628f308f9d504484d1b53c9b12285eaedcf7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843345", "to_ids": true, "type": "ssdeep", "uuid": "fa53860c-a676-4396-b637-2e924ef9b6be", "value": "196608:J58PDREQiAvQPemnN6eMqQ7jXv+xkJ5c4L0o:J58P9EnAvQP7nDMtXWxkJC1o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843345", "to_ids": false, "type": "size-in-bytes", "uuid": "c190ae88-637f-4395-bb3a-1442c465a340", "value": "6839828" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843345", "to_ids": true, "type": "vhash", "uuid": "d319cffe-0be6-496c-b6af-f1d5a37ecc65", "value": "ac49f228a43fc193ef2c29ad2116f264" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843345", "to_ids": false, "type": "text", "uuid": "614c466e-1b84-40f4-bd0d-66822d9c07ab", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA36\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843368", "uuid": "54cbb49e-dbd1-43fb-983d-9186d47fc7b3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843367", "to_ids": true, "type": "md5", "uuid": "924ed405-0e59-440e-a5af-be9bb992533b", "value": "42bbb9cb625d0b10eaa910b56680bea3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843367", "to_ids": true, "type": "sha1", "uuid": "2ae27136-e89b-4c06-942b-968dd3e7aaed", "value": "e1609d9afe0e0e7caba9d80f1e833cd7947f66bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843368", "to_ids": true, "type": "sha256", "uuid": "a86cba12-4f05-435b-ade0-f3235ddf6cd4", "value": "f4ad63087f13dcc71371a5b1c7d83f1417e7baf98f46aeaf63cec359c5e4f344", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843367", "to_ids": true, "type": "ssdeep", "uuid": "9efa9475-99fe-40e5-8088-57418020c47b", "value": "12288:ipRx+5QJ1KyLED+2rnSXoT3g8rvzzW3aO/hbHW+dqzwsBZifgOFM0VuUBgw1+jP:oXGyLED+SnS6PPW3aO40oBwfgOFDVNdm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843367", "to_ids": false, "type": "size-in-bytes", "uuid": "74496861-c464-4b51-af8d-53bf8c85468f", "value": "861765" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843367", "to_ids": true, "type": "vhash", "uuid": "6de2ad44-618f-421e-8480-212e3645177a", "value": "9d1b25b6eae17b320959b3566c8cd5cc" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 17/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843367", "to_ids": false, "type": "text", "uuid": "e154bc45-4e5a-4639-8012-382bd40c6def", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:32/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843389", "uuid": "cb4ad353-4827-4703-ac51-9c1f0b810e90", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843389", "to_ids": true, "type": "md5", "uuid": "facc1482-080c-4ee6-b8e7-5a95999672b8", "value": "000bdb6f6c6a6b8faf1938d4116d18dc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843389", "to_ids": true, "type": "sha1", "uuid": "63c338cb-9902-4fa3-98e9-71af28834538", "value": "50bb54348e0ef8601514ed2aa953a4914fb3a93e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843389", "to_ids": true, "type": "sha256", "uuid": "2cd73c4c-a83e-4b08-9af1-c18af0c4ecec", "value": "07ebd768435486572f4d46afa2c5c5983fd6754884d452e11661f4c755ad8164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843388", "to_ids": true, "type": "ssdeep", "uuid": "40702ffa-59b4-45ed-9678-7e29843a4dcf", "value": "12288:OWsH38WWfb+e9uZjo4NK3ptTLXbiKRrp5AzJwrAzp:OWI8WWj/Q5o4gZtriKRczGAzp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843388", "to_ids": false, "type": "size-in-bytes", "uuid": "5167aacd-7926-4cd0-8b95-1ff06e9fb23f", "value": "398570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843388", "to_ids": true, "type": "vhash", "uuid": "d3aadad8-24f5-4cc3-9323-88c9fd6b94ec", "value": "e01647e4652ea48dfdcc60bf1f4a61d1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843388", "to_ids": true, "type": "filename", "uuid": "722fde9d-74b3-4f6d-b66f-d42b5df9e15b", "value": "000bdb6f6c6a6b8faf1938d4116d18dc.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843388", "to_ids": false, "type": "text", "uuid": "a5200c14-3f69-4147-bfb0-f8beb10eced9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843411", "uuid": "f18a3e89-85b0-48db-8125-a16e2eee3fe7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843410", "to_ids": true, "type": "md5", "uuid": "f95695fa-5c1a-4c99-8543-54891a1c23ff", "value": "994c0ad4c19cfc5455f4cae6515d7779", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843410", "to_ids": true, "type": "sha1", "uuid": "a3101652-4f26-4de9-91bc-35374ec589ab", "value": "bb1b5ee6f24884781c28fe07f08af186421938b6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843411", "to_ids": true, "type": "sha256", "uuid": "87f4f4da-606f-4633-9f33-a43b3251c665", "value": "4fadcf878a5b1babb907be850e715af8af5718c4d7cc1f201d08fa07d7f7a757", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843410", "to_ids": true, "type": "ssdeep", "uuid": "c94bdd86-3c4f-493a-9a23-3d5b4e6e9da1", "value": "6144:rkESXhBz0pCwl7JaS2GU1XMtOmpE+6XhB7KRp/q+yPapLek7iZWlV:QIpPJIsQcNpq7ELeEH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843410", "to_ids": false, "type": "size-in-bytes", "uuid": "f50df9df-7cd4-457c-a574-fe15b10808a0", "value": "389185" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843410", "to_ids": true, "type": "vhash", "uuid": "be0b3ba2-387c-4d2a-b311-324b4be94f1b", "value": "8a264405cf6cda930638850c6c835c29" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843410", "to_ids": true, "type": "filename", "uuid": "70c85839-dc7c-419a-a029-ac9724e9fafc", "value": "994c0ad4c19cfc5455f4cae6515d7779.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843410", "to_ids": false, "type": "text", "uuid": "6c97b0c7-c82e-4bca-9e9e-16e9319450f1", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843432", "uuid": "9a14b43d-041a-4404-8da4-97d7e84cbfd9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843432", "to_ids": true, "type": "md5", "uuid": "e7032ea9-e85a-426f-a2b3-af318b9b0a36", "value": "23cda9400028fd18ce1ef5b2834f1fac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843432", "to_ids": true, "type": "sha1", "uuid": "5633227b-24e4-4279-8ec0-a2fc69e71a81", "value": "764b3880e1f6e294a2c7fea50d70c92861728f03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843432", "to_ids": true, "type": "sha256", "uuid": "32fb3df9-185c-4571-b2ab-177241ef70e6", "value": "2f95c5e8626101f31f140493b0372b6bedf16c1d5dead609bd1a7e4c6e6805fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843431", "to_ids": true, "type": "ssdeep", "uuid": "ad914c12-db8f-46ce-b7d8-0eda56d41bb5", "value": "12288:bWsH38WWfb+e9uZjo4NK3ptTLXbiKRrp5AzJwrAzT:bWI8WWj/Q5o4gZtriKRczGAzT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843431", "to_ids": false, "type": "size-in-bytes", "uuid": "fe6f4ca2-b913-4ca1-8355-356c9e31b4df", "value": "398557" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843431", "to_ids": true, "type": "vhash", "uuid": "04a356a4-8d3a-4fbe-92f7-ce4f2aee86d1", "value": "e01647e4652ea48dfdcc60bf1f4a61d1" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843431", "to_ids": false, "type": "text", "uuid": "723254d6-b270-4582-8d3d-9d91f9d7ce17", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843454", "uuid": "ace4906e-8c08-4c51-be46-1c60848dfa24", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843453", "to_ids": true, "type": "md5", "uuid": "cb8b8a70-e9ec-466d-beb6-c1bf993e7b99", "value": "561bf239c74743a8b600f64c700de0f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843454", "to_ids": true, "type": "sha1", "uuid": "47344502-151e-46f9-8895-9e87b3c9256e", "value": "e21bd9ea372beee45b191fd7a892a534fd0afc3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843454", "to_ids": true, "type": "sha256", "uuid": "22b101ae-33ba-47c6-ab32-1d8f246b404a", "value": "a783364a8f111620dc7d33453a50d96d3a20b1ec782c05d3890ebd870330844c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843453", "to_ids": true, "type": "ssdeep", "uuid": "06dfe52b-3ee3-494e-9132-263ed0c7b40d", "value": "3072:8tFEoU11Xx1Oyr8N7Xn0F+J+ohx+6kfe4y0DlJ4AZFCqs8OraLH:8f4J8Efe4TbTC4Or+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843453", "to_ids": false, "type": "size-in-bytes", "uuid": "ff7c29d4-181c-4f58-a5e1-b83c6c7826dc", "value": "170303" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843453", "to_ids": true, "type": "vhash", "uuid": "fe5d324b-f975-4bfc-afaf-7c28248cd5d0", "value": "bb40dd0a2688f757d362b60a612c9f9c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843453", "to_ids": false, "type": "text", "uuid": "1051cc51-481e-447e-8eb8-23e17f265ba4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843475", "uuid": "9dc04648-eb06-45f9-bdea-daf3365a236b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843475", "to_ids": true, "type": "md5", "uuid": "dd9a0957-b9c5-4a08-8032-50099daad1a8", "value": "944d26d4180b4f23d902bd03aa9e3acd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843475", "to_ids": true, "type": "sha1", "uuid": "6af0f4c6-1f9b-4584-bbf4-3a37d6e0168a", "value": "5b7bd8cdf905f6e37b5691c935fe6261f5bde46a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843475", "to_ids": true, "type": "sha256", "uuid": "ab02f4f3-d03b-4186-86e3-374821ad72ad", "value": "0b379ace26c0a0ecfa057e2a1512932573a9f972ecd03523e743570934860b31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843474", "to_ids": true, "type": "ssdeep", "uuid": "524ab52f-9361-4de6-9494-823f78b0119a", "value": "49152:PCGxQT0RBa2MAKUlACUe2zJ3HtW0QjoAsfFOpYcvb0Uhzxq7ID:aG+gRB2TfhHtW0O5mFONvb0TID" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843474", "to_ids": false, "type": "size-in-bytes", "uuid": "cb3eddfd-d5cb-494c-8980-5a55459c920f", "value": "3103444" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843474", "to_ids": true, "type": "vhash", "uuid": "9a595f00-87f4-4091-afe3-82f38820d89e", "value": "2863e4ea30dec1a2864321f4d317f00d" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843474", "to_ids": false, "type": "text", "uuid": "25c4b19b-6b26-4a7c-9f6a-be6eab640622", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA7C\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843497", "uuid": "54886a4e-708c-477a-aa89-71846952950e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843496", "to_ids": true, "type": "md5", "uuid": "7b31182a-e25a-4c8b-a354-f30304fb3a6a", "value": "18b72ba8d6a827d6d3fd7122f1953c63", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843497", "to_ids": true, "type": "sha1", "uuid": "5cd17e9b-9272-43cf-85c1-1db833fe381f", "value": "6a1f93227e197efb74c2b60218fdb1ed5e45cfd3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843497", "to_ids": true, "type": "sha256", "uuid": "e0c1d14a-60b6-4639-8b79-d4e1ed4d733b", "value": "fe5fa7656e4b9f454a26e652524c0b569f2dafc1f3177334160f4cd139370281", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843496", "to_ids": true, "type": "ssdeep", "uuid": "ef4a684d-cbc5-4ab4-b537-c41d82484401", "value": "1536:r2fUCYOF07u/9kCX/bgJCoQ7dfUTDyaLJ4vUOttuvbpSNelzHk6Z3eJnNIo7N+fD:SM4/NXp+fl4ZrGlg6Z3C/aLH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843496", "to_ids": false, "type": "size-in-bytes", "uuid": "9cab40ca-8a2a-4a8c-b4b5-521310f54d9f", "value": "113567" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843496", "to_ids": true, "type": "vhash", "uuid": "b38162d3-0011-4011-bcb1-15b49fb44e8a", "value": "545324eeb03d1b380145450bd2a55591" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 29/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843496", "to_ids": false, "type": "text", "uuid": "2e9645d5-3781-49fc-b4be-95a6c77ddb39", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/AVerseFalc.CL\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843518", "uuid": "17ab5606-ff93-4f25-a677-e194a138d456", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843518", "to_ids": true, "type": "md5", "uuid": "c1238c7d-43b4-44bb-a68f-9a8a67e167ab", "value": "2215d1d5e116f44f82acafa4b624efb7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843518", "to_ids": true, "type": "sha1", "uuid": "c5e254af-8e2f-4d6a-b529-96bf8706a929", "value": "0a122d03433e7f8bf71cd259fd8d728933daa0a8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843518", "to_ids": true, "type": "sha256", "uuid": "1bdee282-b26f-4e46-b3f5-c6eac2dcb1ff", "value": "b8f4426330388ff65174e5963c932cea899b9bba5798ee2300256122f052bd10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843517", "to_ids": true, "type": "ssdeep", "uuid": "f0cbfb40-cb00-45f1-8ba3-c0e8f72b19fb", "value": "6144:w4f4f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxbw:fAf+vRrdmFOBwoFgLgPeqyuGk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843518", "to_ids": false, "type": "size-in-bytes", "uuid": "d6fd326c-5381-430f-ac7b-b848f00a28f0", "value": "365616" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843518", "to_ids": true, "type": "vhash", "uuid": "e8718c76-56ba-4cec-8735-4a6dfd552c56", "value": "b57f6dd1e30fe57fd7463db16faa7fa2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843518", "to_ids": false, "type": "text", "uuid": "8f5ac768-c44f-4ad9-883c-439eaefbf12e", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843540", "uuid": "0b9aec9e-57b1-45a4-a7e5-dbb89da87ad1", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843539", "to_ids": true, "type": "md5", "uuid": "a58d4e83-1a9b-4f9f-8385-54d7b557bd3a", "value": "07945ea853ea6ab38746e3e91f89ae97", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843540", "to_ids": true, "type": "sha1", "uuid": "5f7cae79-936b-4c14-868c-ca0126fa6897", "value": "7ec47b97880bea893d2706ee1fe16f5cd665beba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843540", "to_ids": true, "type": "sha256", "uuid": "ac14b485-4de0-4120-81d7-6ea8ee78982a", "value": "54722f219c6db412c2a3390b39ef3918c43b0d2e5ead1834dd040b40331cec25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843539", "to_ids": true, "type": "ssdeep", "uuid": "72c0ba1c-c61a-4b00-b30f-91f4092c07f4", "value": "1536:d2Ex7JPV2FKwp9a/N1QRfCjwOLfMpxtceQ7c5eqmTzbSV9VxY4QEmCIo7N+f+IE:0ExVV2FHKw49LDFr+j7tmaaLE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843539", "to_ids": false, "type": "size-in-bytes", "uuid": "bb901f3b-67ee-4d5d-ae76-4dd404ad72e9", "value": "113600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843539", "to_ids": true, "type": "vhash", "uuid": "94890670-5243-4e93-9262-daef054b1a01", "value": "545324eeb03d1b380145450bd2a55591" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843539", "to_ids": false, "type": "text", "uuid": "504766f1-5d42-4038-b47d-38afcd855eb2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843561", "uuid": "fa8371a8-26d9-4d73-ad75-e9aafd4502bc", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843561", "to_ids": true, "type": "md5", "uuid": "622ee74e-1270-4419-ad56-adf21fac038c", "value": "50cd74aafa03ca6332d8a5c74aa09e34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843561", "to_ids": true, "type": "sha1", "uuid": "0c784098-e0f2-49e4-9c5f-7433b1962e48", "value": "9bb2dd80005aadb2d99b365407659645ae3d0c4c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843561", "to_ids": true, "type": "sha256", "uuid": "9e82f745-c24c-47a0-a12f-0abe0c91b3cf", "value": "9b87ae7f620b8f72d43b088b0645fc7bc5bbf5972125e2a71f08f3d29a5a71dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843561", "to_ids": true, "type": "ssdeep", "uuid": "69d0329f-7588-4f25-991a-6fd615a08f70", "value": "1536:F2mUCYOF07u/9kCX/bgJCoQ7dfUTDyaLJ4vUOttuvbpSNelzHk6Z3eJnAIo7N+fC:c14/NXp+fl4ZrGlg6Z3CIaL+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843561", "to_ids": false, "type": "size-in-bytes", "uuid": "4bbea5ae-4866-486f-8723-35086100e843", "value": "113566" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843561", "to_ids": true, "type": "vhash", "uuid": "63c85f46-c17b-4bae-93c2-01660fd4dc6b", "value": "545324eeb03d1b380145450bd2a55591" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843561", "to_ids": true, "type": "filename", "uuid": "18cbeeb3-7701-4507-a49a-7829f6805c80", "value": "50cd74aafa03ca6332d8a5c74aa09e34.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843561", "to_ids": false, "type": "text", "uuid": "3dc17421-1c99-4244-b97a-f179f5c30882", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843583", "uuid": "095d20b9-a273-4c7d-8596-3064011d2fdf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843582", "to_ids": true, "type": "md5", "uuid": "53e8f1e6-02fd-4415-a7da-e48e38dcad19", "value": "7475f009135d2ae78f939ca9e88943c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843583", "to_ids": true, "type": "sha1", "uuid": "8a6b99b4-cccf-4e17-871e-eced69abda9e", "value": "e0c5858f4b9554185bcfe3c2ac952f41ffad7bce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843583", "to_ids": true, "type": "sha256", "uuid": "fbd0d19a-f19e-4dc7-be2c-274271d413a1", "value": "298f2d6dbbda2609fe230ab09575790e1ed348bdf639dfbaec73f220e8e8b164", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843582", "to_ids": true, "type": "ssdeep", "uuid": "cc22100d-6051-4b86-a6d0-973033543a5f", "value": "49152:elwFXilcxQ22m+KlcQKnzii2tj5jH2chVRsP+5Wk:eiFXXxQ2LlZKn+i29c8vG+P" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843582", "to_ids": false, "type": "size-in-bytes", "uuid": "ed49e857-0f54-42e0-95fa-53565bae40bd", "value": "1601172" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843582", "to_ids": true, "type": "vhash", "uuid": "32e1e4d5-ee24-4f68-9a8f-20dd998c5ef8", "value": "2ba1e72eed3a41422095b791f53e643e" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843582", "to_ids": false, "type": "text", "uuid": "e65670fb-b089-43ef-bc18-80d94e3a5477", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843604", "uuid": "90675b8d-772d-4ba3-9f13-e64cfce2bb4c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843604", "to_ids": true, "type": "md5", "uuid": "035dd26b-63d3-4ab8-9655-53e0c9b8f8e0", "value": "9f32d7214f7ecff261b503029e57fb51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843604", "to_ids": true, "type": "sha1", "uuid": "d07e76be-c989-4be7-9210-256303e92ce9", "value": "56bf1aafc393d890dc4aa32f4471d9fbb0792e83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843604", "to_ids": true, "type": "sha256", "uuid": "f7550b40-7e79-4f49-aee4-2b47d199aade", "value": "5285928ecbfdea8d06367e515d12e33462fe70d4a8aaeb76f5332b9cd9289e87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843604", "to_ids": true, "type": "ssdeep", "uuid": "994e7d9b-f7d1-4fea-b1d5-50da05a99889", "value": "24576:gMR9/XYytZmTYg4ySVtj8q/IR8zOHF5WaKXYRVnVg:gu3RmSVlB/RylUaKXYRxu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843604", "to_ids": false, "type": "size-in-bytes", "uuid": "f4a891ce-6eb4-4cb2-abbf-8a66e1260396", "value": "923151" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843604", "to_ids": true, "type": "vhash", "uuid": "3c8034cb-58f5-46d4-831b-a666340ccab7", "value": "9d1b25b6eae17b320959b3566c8cd5cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843604", "to_ids": true, "type": "filename", "uuid": "0bd357fb-8486-4868-9306-e2c206e18e43", "value": "56bf1aafc393d890dc4aa32f4471d9fbb0792e83.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843604", "to_ids": false, "type": "text", "uuid": "31ee5dd2-bda8-4d73-ac0b-baca1aba1fc2", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843626", "uuid": "c2d8af28-cd56-4120-a316-bd134b3b09c0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843625", "to_ids": true, "type": "md5", "uuid": "e50cc695-bc11-4e8d-a2da-0225d759518a", "value": "efa335de30a5ef2190320c3220bdd75c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843626", "to_ids": true, "type": "sha1", "uuid": "0d71e7f5-729a-45a1-a1eb-e94a25641273", "value": "236b72bc5157fea762d4ffc9508c0edc384f1165", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843626", "to_ids": true, "type": "sha256", "uuid": "3ce634ab-e6d2-41e6-87e5-f86d3ad763b4", "value": "d075e9e532cf376cc4192cec0786db888169122ad054a7023cc5da3f192f896b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843625", "to_ids": true, "type": "ssdeep", "uuid": "b4114ab4-052d-42a6-bc93-aa45c110e846", "value": "3072:DsscYE09RHkR0AhnpLjxfkpFxvv49+j4uoE6Z6nKVBt9t:lvE09i+sn9hk934ojih6Urt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843625", "to_ids": false, "type": "size-in-bytes", "uuid": "acda0bf5-0bad-4798-b838-0c42dae64457", "value": "120344" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843625", "to_ids": true, "type": "vhash", "uuid": "75835672-9ba5-4706-8000-770c77d51a89", "value": "b9cfe18fa68a43dd85fafd02d860bee5" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 18/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843625", "to_ids": false, "type": "text", "uuid": "15bb2962-212e-4abd-ba43-08a7521ecf99", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:16/69" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843647", "uuid": "7c8844ca-22ab-4875-9145-edd4798a0b82", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843647", "to_ids": true, "type": "md5", "uuid": "8fc252b8-eb3d-4d76-abf5-9864d22cf9e0", "value": "10a93ba2aa206cdd491cd7c16302d4b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843647", "to_ids": true, "type": "sha1", "uuid": "000c41ab-5f12-42b7-8ea5-6156344872db", "value": "95301fe41c094dd839ed8f2daa64e583adc369c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843647", "to_ids": true, "type": "sha256", "uuid": "f24c698b-e94b-45ad-94fe-6bd6e0b3b93d", "value": "3b8edfb59722d02a808a7b6afad4f47565b38cc362dd2f6bd3f6a9b182a0b2d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843647", "to_ids": true, "type": "ssdeep", "uuid": "30b2ca1c-4fd7-4c6b-8095-98d5c0b060b3", "value": "98304:4BsO1b/zByOJez8Rp7yuCTOo39nGEPEbNs2e:4HDeqZHCPNnGEh2e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843647", "to_ids": false, "type": "size-in-bytes", "uuid": "2bf0baf6-59d6-458d-93df-1a3e595db180", "value": "3509085" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843647", "to_ids": true, "type": "vhash", "uuid": "76b68852-6b86-49bc-b37d-78381d248c7b", "value": "16b9747238e90acb481313386061331c" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843647", "to_ids": false, "type": "text", "uuid": "f4a6e580-557a-437b-8904-48fae970d90c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843669", "uuid": "4ba58b4e-22a5-47cd-89b1-b4c3e894b343", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843669", "to_ids": true, "type": "md5", "uuid": "8587e525-dd18-4224-96de-0c2565d01cf7", "value": "afc5aa6b3565bac17d8d1417122339bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843669", "to_ids": true, "type": "sha1", "uuid": "db9e68e0-bea7-4dbb-aad9-f9034f40c5c5", "value": "4789f0df5aa1fff6459ca078cc6ca47242ea87e6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843669", "to_ids": true, "type": "sha256", "uuid": "5b3e9333-c08a-4b12-a44b-a7d409212a68", "value": "9ee27725fd0542b96182f0f235742b0561a098135e669bb710613b06aaa1084e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843668", "to_ids": true, "type": "ssdeep", "uuid": "0ca41d6c-0667-4e9b-b636-438523f9d9e1", "value": "6144:A474f+kCjZ4WrLxmFm1ywzs56Trg8a865VsVPe7POy29rJtuxDxb6:v8f+vRrdmFOBwoFgLgPeqyuGe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843668", "to_ids": false, "type": "size-in-bytes", "uuid": "ea9e6c7e-8246-406d-a72e-0a3d3c0f4d79", "value": "365635" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843668", "to_ids": true, "type": "vhash", "uuid": "500c6df0-a762-4a77-8445-ce7349ded175", "value": "b57f6dd1e30fe57fd7463db16faa7fa2" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843668", "to_ids": false, "type": "text", "uuid": "e7d239f9-b7e2-433c-bfb3-cb12b60910ec", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AADA\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843690", "uuid": "7c77c92c-49fb-4ef5-bd61-ab76b38377b7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843690", "to_ids": true, "type": "md5", "uuid": "31f97461-f576-4d8d-8ca8-4b83b84d0711", "value": "0fc9eb74768f31c72ece6023310337c8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843690", "to_ids": true, "type": "sha1", "uuid": "ed79ba40-a078-46ef-93d8-49fae77a0f94", "value": "399ad36e79d8224a9bfe06f4703bf35856800d5c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843690", "to_ids": true, "type": "sha256", "uuid": "cdc65fdf-6902-4047-911b-7328e9f3b902", "value": "f4fb9ed09b2e78fb137aa20a0c584343bc1dc5b9792bb68d0931ba0ebac9208b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843690", "to_ids": true, "type": "ssdeep", "uuid": "fc4a84b5-99de-40e2-959c-ba31e77f0aed", "value": "24576:lbGRtCdaxIXstAosTAj/YuedIWHj15rr6ZUHTGpkCdax2F7lLWrD:FfSIXAJ0u/heSe/WUSpLS2FRKrD" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843690", "to_ids": false, "type": "size-in-bytes", "uuid": "d1fe65c9-a54b-42a0-9793-089a51dbb3aa", "value": "1473432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843690", "to_ids": true, "type": "vhash", "uuid": "b318852c-cccf-4066-9a6e-a3f582b2de98", "value": "376e42aeb3b8e77c30c77f8bc79f9aa9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843690", "to_ids": true, "type": "filename", "uuid": "3dcf4ee9-7d90-479a-bdde-bb4795f7e047", "value": "0fc9eb74768f31c72ece6023310337c8.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843690", "to_ids": false, "type": "text", "uuid": "a543a35b-d82d-4426-bbb7-282a131b2253", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:31/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843712", "uuid": "2bba4bef-3698-4405-85d3-26f52e69b98f", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843712", "to_ids": true, "type": "md5", "uuid": "a21a85ef-e6ff-4c55-a5c6-a1dd4dd5c89c", "value": "e61643e24af95e6053fc90c9ba934f4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843712", "to_ids": true, "type": "sha1", "uuid": "4bfe1663-b182-4de6-b064-32e456716acf", "value": "81b78f05bbc7e8699cff4faaa5ebda6ffcf66e7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843712", "to_ids": true, "type": "sha256", "uuid": "f91b941b-ec1b-478c-85ff-c1a303345b55", "value": "12e06445c3f71658c5144438db5c4212ce0be35c894227b46ce2321b030be28b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843711", "to_ids": true, "type": "ssdeep", "uuid": "449d6c88-949f-4d11-83d8-32c6e4404449", "value": "6144:hbtkHJJHo6IvsOYFfTgyqx0aIY2hYw1anr0SM0xQO3KWUSr0/v/GpYCGzd0M/dT:HGJJI6IUOYFfJpiQSxp35hGuGdT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843711", "to_ids": false, "type": "size-in-bytes", "uuid": "fc050417-b2c5-4d9e-8b3e-9fa4b03a1945", "value": "323411" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843711", "to_ids": true, "type": "vhash", "uuid": "f14f072b-5ddf-4b9a-a3f5-07ba97e17c70", "value": "4f899ec45c6ef42ad91d8533ede1d72b" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843711", "to_ids": false, "type": "text", "uuid": "6852a6f7-7f1e-477f-8dfb-6984500d1cc9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843734", "uuid": "60b95878-3923-4525-97a0-4a8384870e03", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843733", "to_ids": true, "type": "md5", "uuid": "fa88c4e1-ce9f-4c9e-a8ae-ad0fd4f399b4", "value": "31e6c3def060bbfdba25f94261b38bf0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843734", "to_ids": true, "type": "sha1", "uuid": "860efb43-396e-424b-9149-d7f10bb4571a", "value": "8ad04bbe3f97286003bea7801d46b4dd0a2c8cff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843734", "to_ids": true, "type": "sha256", "uuid": "54e7a071-784f-4a9d-8517-b5fae8c4fcad", "value": "fe58c1f78f90899dbc5ba42b2594f37513e5fcd090cbabd298d5f993866fb8bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843733", "to_ids": true, "type": "ssdeep", "uuid": "522ec55f-b35e-48cb-9653-7ce857eb8049", "value": "196608:Xvn3CDSfsUvPramX/13t4vFeES6q/F7I1iFzvpEfL/2:f3kAsfs13tgrpeF7IMF2y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843733", "to_ids": false, "type": "size-in-bytes", "uuid": "7d61c004-23c3-43fa-9703-5a0f0f4aa738", "value": "7211257" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843733", "to_ids": true, "type": "vhash", "uuid": "6237fe1d-e5fe-4b7a-ae86-d673e73927b2", "value": "63b303a6f5f889966d5ffaaeaab969fe" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843733", "to_ids": true, "type": "filename", "uuid": "f0be8f71-f298-43ee-9b4f-b0dbdaa8714f", "value": "alip.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 24/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843733", "to_ids": false, "type": "text", "uuid": "a867ae7e-702f-4d89-950a-3b264fb65569", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:28/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843755", "uuid": "fd435be8-0ff9-4553-b659-c2e056db172d", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843755", "to_ids": true, "type": "md5", "uuid": "2880d4cb-46a1-4f65-a34d-bd5d6b88d87d", "value": "877461394abc2018c466e3a0b28cc47a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843755", "to_ids": true, "type": "sha1", "uuid": "b0fdd2a3-212c-4c89-b8f3-be0fc3180a8b", "value": "8994b7de678e2201d5119f50987bb730572c732e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843755", "to_ids": true, "type": "sha256", "uuid": "e4e24ed6-aea2-420c-a2e0-3bf3903b829c", "value": "4bf5733f8bc9d4a6d727087ecf977ad131b9d297849755ca3f71fd97feb167ca", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843755", "to_ids": true, "type": "ssdeep", "uuid": "77742c3d-c458-44ae-8968-728d4c578101", "value": "12288:HRx+5QJZzpzwuAkRQLN/fQIeQlOo/EndlCssBZifgOFM0VuUBgw1+jn:HXfzpMuFQNSQfScBwfgOFDVNd6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843755", "to_ids": false, "type": "size-in-bytes", "uuid": "936b55ba-9498-4519-8c8e-09552ba3a2b3", "value": "638464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843755", "to_ids": true, "type": "vhash", "uuid": "888424cf-2a5f-471f-ac4c-6532f0d2ccb8", "value": "9d1b25b6eae17b320959b3566c8cd5cc" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843755", "to_ids": true, "type": "filename", "uuid": "6c481460-026b-4b04-8108-4dc5feddac98", "value": "877461394abc2018c466e3a0b28cc47a.virus" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843755", "to_ids": false, "type": "text", "uuid": "6a1ab6c1-97d7-4c64-b920-4da1a2b4d9dd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA81\nVT Total Detection:30/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843777", "uuid": "33644499-5d36-4f78-b5cc-a9a75bc2dd01", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843776", "to_ids": true, "type": "md5", "uuid": "747cc17b-35bb-4dc2-b752-5dfb15084dc3", "value": "a765325af6c8b21e042a52937fed9a6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843777", "to_ids": true, "type": "sha1", "uuid": "ee8ccb8a-064f-44cb-b324-b6227d62285e", "value": "6e25ea4f5bc179d2170da1c4778447b6ecb31ff7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843777", "to_ids": true, "type": "sha256", "uuid": "533dd302-ff5a-4497-b0e3-c86238c16f69", "value": "be559bc577d83d4dbbe64ff58424a0c1bc453672ab456a15b94089b16115ffdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843776", "to_ids": true, "type": "ssdeep", "uuid": "fae67d39-3351-48cd-8c02-f083351c5f43", "value": "12288:/Rx+5QJa1lejCjindu3SVukwqhuSIuxK/MCa720sMAUcgr:/X2lejCjmdjush7LI/4CFMF1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843776", "to_ids": false, "type": "size-in-bytes", "uuid": "0531a69c-b5ba-4c58-8bed-7ca145ef915d", "value": "562845" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843776", "to_ids": true, "type": "vhash", "uuid": "85ed4f36-8a44-4341-92cd-e2388fdcba89", "value": "9dd430561dfc3493ad3d85a1145430eb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843776", "to_ids": true, "type": "filename", "uuid": "64b8637a-1d9e-4cc0-8b95-b8a94426da28", "value": "Til.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 10/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843776", "to_ids": false, "type": "text", "uuid": "0f42eb98-0c91-4fdb-8cd7-a61f2f635951", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843798", "uuid": "e6f7d9b5-e0e7-4dab-bdfb-1defabe1221e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843798", "to_ids": true, "type": "md5", "uuid": "77e50d9e-d208-44bf-b959-201f6d2f3c37", "value": "936d19954b9225b87b6772851673c40d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843798", "to_ids": true, "type": "sha1", "uuid": "3a20bb64-8895-4812-85d8-f01ed5bf08b0", "value": "75b20addbc24da86f1dd2ea961654f981842e349", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843798", "to_ids": true, "type": "sha256", "uuid": "0141f7c5-4eca-47c1-b7f5-93ce203dc9a2", "value": "dba9ac7cf96ff1c4ffc609ff1ea99b1f3173d08d0f7b1fdca45c966f326a6371", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843798", "to_ids": true, "type": "ssdeep", "uuid": "3a7d5d65-801c-42f6-878d-8e9aa6fc5af2", "value": "24576:jH16YU/wXMTuBQSJ4WcUZhA65iF5jYgW0K+vl5ZJNcSJnxcUxL:jH1M/5TqVKWvWF9YgxKol5/NFJnxcUxL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843798", "to_ids": false, "type": "size-in-bytes", "uuid": "3b542654-b021-43f9-9d7c-6eed1cce05f5", "value": "1314674" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843798", "to_ids": true, "type": "vhash", "uuid": "9ad76d60-9802-4d85-87d4-aa25dda19679", "value": "b0998863d97a7ddb0faba4de837fd661" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843798", "to_ids": true, "type": "filename", "uuid": "a3d7c3ca-31e4-44a1-9560-127b630d0965", "value": "com.ryan.screenshot.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/04/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843798", "to_ids": false, "type": "text", "uuid": "52ca1086-28f7-4e3c-a93f-54f199aefa01", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Spyware:AndroidOS/Multiverze\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843820", "uuid": "11796ea3-f5d1-4c72-a312-75ff732deb1e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843820", "to_ids": true, "type": "md5", "uuid": "3e8d5ab5-738c-4e9c-b8d5-aec0c8c15498", "value": "695e736e2fb2b89610ce8f8f69604ccc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843820", "to_ids": true, "type": "sha1", "uuid": "1f881b8e-a10c-47d9-9ff8-eaf4ce2ad4d3", "value": "aba96eac06e3302e7d667daa37146fcce21a1848", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843820", "to_ids": true, "type": "sha256", "uuid": "297e9412-2c78-4259-a416-9efc03ed16c4", "value": "50e149576e29e2cc02d9a98ad2b39313372bc423d4b9de47066913bae807acb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843819", "to_ids": true, "type": "ssdeep", "uuid": "22f393f7-b7b3-496c-bdea-6e109102b35c", "value": "24576:JSXKwFytXN6icLd4SWa34kKr2bzeBMFKtKamKQK1CQ0ojfZV7yJWr:JrwFyflc5623m+KwcQK1CEb7eWr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843819", "to_ids": false, "type": "size-in-bytes", "uuid": "9bbe0556-da1e-4d3f-983e-ab68a4107b28", "value": "1412971" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843819", "to_ids": true, "type": "vhash", "uuid": "bb386303-5252-472c-8f1c-e9761f79ad61", "value": "2ba1e72eed3a41422095b791f53e643e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843819", "to_ids": true, "type": "filename", "uuid": "8bf64f1a-74d0-4cf7-b982-f336996bed97", "value": "Tarim.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843819", "to_ids": false, "type": "text", "uuid": "13f2c8fd-32dc-4a8b-86a5-a2cac12108cb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843842", "uuid": "cd48356e-b86a-442b-a909-56b934b17342", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843841", "to_ids": true, "type": "md5", "uuid": "1adec49a-40f8-40ea-a5f7-8ca25ff9b6b9", "value": "31139372adbef54565e8067d08716830", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843841", "to_ids": true, "type": "sha1", "uuid": "72e034f3-ba7c-4d1a-a9bd-9a20b424ada2", "value": "89124d0acfeba0a6bedc513248a5ee6018311147", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843842", "to_ids": true, "type": "sha256", "uuid": "52e20816-d77f-4da4-89d1-0fdd28812652", "value": "e6ad41a81364052a94b61043e055efb1027d966d3c9e5c1b92f6b52201c51797", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843841", "to_ids": true, "type": "ssdeep", "uuid": "9fb95e73-cc39-42e0-ae20-a05ce2bb961d", "value": "12288:BsObkDhw7ovRMG6KVRx+5QJ/He7RRw8ec1QRC6oCOnaNl:SAktl2G6KVX9Hg+JS2poCOna3" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843841", "to_ids": false, "type": "size-in-bytes", "uuid": "d4c8710b-43e6-4cc6-ad6e-3749684e96f1", "value": "555794" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843841", "to_ids": true, "type": "vhash", "uuid": "1bf11cd2-3e9a-4aed-b289-a628cdfb9f3d", "value": "9dd430561dfc3493ad3d85a1145430eb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843841", "to_ids": true, "type": "filename", "uuid": "c01661c7-3075-4025-8f36-a61a0a17b709", "value": "Kinoqi.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 20/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843841", "to_ids": false, "type": "text", "uuid": "b4b9793a-3d94-4924-be6d-8e799768cf4f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843863", "uuid": "d99d630f-1901-482f-bd31-9a6bf6926d26", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843863", "to_ids": true, "type": "md5", "uuid": "d386db83-dca1-4d6f-b4d5-c2a96f6148ec", "value": "7184ec2778af2e159f8a1d4c4c8a349b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843863", "to_ids": true, "type": "sha1", "uuid": "2af3f545-a286-45d3-a627-301c4b74e809", "value": "e062b72942c3107d4b1d7dec7d645dfb6662935a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843863", "to_ids": true, "type": "sha256", "uuid": "42a249c1-4a31-4459-9ef1-cbc9cbc542f6", "value": "9e0337ff0d0b3d08d68146c994ad1e1206f183e87ef6a6549e9b66ad0c8fd16d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843862", "to_ids": true, "type": "ssdeep", "uuid": "7d57e15d-112d-4fb2-ac9a-3cd6b47b251c", "value": "98304:OKoMioIJ279mPif392u6b+eGrtWgfP5UrtpZWhY2BGrfZ5N0NDQJmy9Rh3kEpFZI:OcNRmq/92u0n2tWO5UrrMYcGrfZUhQJu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843863", "to_ids": false, "type": "size-in-bytes", "uuid": "a289b442-ca73-4fbe-966c-ddc9428a7751", "value": "6162269" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843863", "to_ids": true, "type": "vhash", "uuid": "2bb897c0-93e9-4439-a862-bfec020ce0ce", "value": "d25f116f21a8405bf2bc03127ffd0669" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843863", "to_ids": true, "type": "filename", "uuid": "3f6d7c72-7997-4524-9a7a-08017421687e", "value": "e062b72942c3107d4b1d7dec7d645dfb6662935a.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843863", "to_ids": false, "type": "text", "uuid": "3ebf203a-506c-4aef-9318-edc57be684f5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843885", "uuid": "0539f902-6c97-4a7e-999a-03ad04ebb102", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843885", "to_ids": true, "type": "md5", "uuid": "d1ec8dfe-5a2f-47c1-9d9e-6e45dba2968e", "value": "d1a3b14e11f478233a7d589cc0af424e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843885", "to_ids": true, "type": "sha1", "uuid": "b07fe0a1-8cd9-4733-9b0e-032d4d6489d0", "value": "a0a4d1f6c981794e39f8810da54ab7e7ee31c01c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843885", "to_ids": true, "type": "sha256", "uuid": "b64d2ac9-75fb-4f09-b28d-438df0f370d6", "value": "61f581ff220bfc5f693e809bd80dc9b26a943d32e9c42e0da5a2588f5b925e90", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843884", "to_ids": true, "type": "ssdeep", "uuid": "57914d74-4353-40d8-b703-3f10b3b37458", "value": "12288:4xeOJVct68jimc7c3xX0X52ySMzo8HDRec4gdDTaBXiKOE6gwxsGGxs1v:4xeUVcRit0XA2lORj4gdfaBXiKagLGGe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843884", "to_ids": false, "type": "size-in-bytes", "uuid": "26c9ba03-17c4-493b-af13-b5d89f1dc3de", "value": "652844" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843884", "to_ids": true, "type": "vhash", "uuid": "b7edea49-fe61-423d-bcc6-62f820213e0b", "value": "665990fd7b4abe7b236f368a9c361cb7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843884", "to_ids": true, "type": "filename", "uuid": "89e82030-c7d3-49dd-aebf-293c2659cead", "value": "voice.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843884", "to_ids": false, "type": "text", "uuid": "67be0431-c148-45c7-9b5a-cef4c9ae2864", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AAAA\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843906", "uuid": "effdba4b-a0ae-44a6-8e68-5683fc533fb2", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843906", "to_ids": true, "type": "md5", "uuid": "0cefb18f-cd6d-41db-968e-3268147b8a7c", "value": "2182fbe4d5654ff086334af8a1283c1f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843906", "to_ids": true, "type": "sha1", "uuid": "e9e7c388-e65a-41a5-9199-e0985aa92290", "value": "a70e80280d198ff6c50ece6994316fcfbd0f126a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843906", "to_ids": true, "type": "sha256", "uuid": "8bbccf2e-b4cc-4311-86fe-5a2ef38b4f5d", "value": "96f19a40ebd0a33387129e19e6baff78955e6c3de553dda85cc4c0a792dc1ff8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843906", "to_ids": true, "type": "ssdeep", "uuid": "2612e245-0177-4acf-a181-342fcab6236a", "value": "6144:MVpiD0RgbR4e6xcfZlXBNaRURyTfBpBusGleN3+mMSoOopZ:upA0yF4eecfHX6emfGleE3rOyZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843906", "to_ids": false, "type": "size-in-bytes", "uuid": "9a8e9152-9106-4242-9792-134584aacb64", "value": "293767" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843906", "to_ids": true, "type": "vhash", "uuid": "856894ee-b66f-4a77-95a6-abf404fcf8c9", "value": "974760b60fcf84cdd65fe226182da3c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740843906", "to_ids": true, "type": "filename", "uuid": "001f1b57-cbe1-4467-86ab-05bf1bdf7c46", "value": "96f19a40ebd0a33387129e19e6baff78955e6c3de553dda85cc4c0a792dc1ff8.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843906", "to_ids": false, "type": "text", "uuid": "d8d23eff-52ba-48da-9851-53ac3ae898dd", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843928", "uuid": "eaa523d3-5777-4d13-9660-9210f4db0554", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843928", "to_ids": true, "type": "md5", "uuid": "ac1a2bea-e1db-4ab0-8777-5254c4910706", "value": "bae3486d88ed1188d69d0ce406048ddd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843928", "to_ids": true, "type": "sha1", "uuid": "0eb545f0-b8d6-4e24-be13-ade9a92f1844", "value": "9d58baad45b130b8d076da53f610c94b8acb7ca4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843928", "to_ids": true, "type": "sha256", "uuid": "790cac7a-777b-485e-a29b-8f83ee1499c7", "value": "8f58c0a38e5a1108aa93beec84b43a9fda24e69bc134e28320b1e0f690d0c169", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843927", "to_ids": true, "type": "ssdeep", "uuid": "7853d636-8477-4249-8672-5935c7789795", "value": "1536:PHkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwD:PrOMXxMXNYqRoD0KNKh6up8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843927", "to_ids": false, "type": "size-in-bytes", "uuid": "97f23766-7ef3-4715-ae35-cd0a69778b24", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843927", "to_ids": true, "type": "vhash", "uuid": "c3f2a489-b312-460f-8fc3-6972bcfe573a", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843927", "to_ids": false, "type": "text", "uuid": "bc4abaea-8ea4-4428-823a-12e14a90525b", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843949", "uuid": "164845aa-3617-4285-8502-ec77a1ccf773", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843949", "to_ids": true, "type": "md5", "uuid": "889ed1d1-bc66-4400-bcf6-9f04072bb911", "value": "8e380ccc1726c4f4a53ab978cff346f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843949", "to_ids": true, "type": "sha1", "uuid": "c09b40d7-a7d9-4dd5-b946-7721de8bda8f", "value": "d3cf7ff6b8c159415956a2f9110247d08058f5f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843949", "to_ids": true, "type": "sha256", "uuid": "27a426fd-20ae-459d-a2e2-b59a25741788", "value": "d5a25d00f67df0d093ddc08ed75f8ff9406f2cf6615976492ea627514420d30e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843949", "to_ids": true, "type": "ssdeep", "uuid": "b3f235a9-0cb1-4d81-a945-8a8d822988a5", "value": "1536:E0kwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwL:EYOMXxMXNYqRoD0KNKh6upE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843949", "to_ids": false, "type": "size-in-bytes", "uuid": "5d278d58-7077-4968-a023-23801db7fd6d", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843949", "to_ids": true, "type": "vhash", "uuid": "ac4355c0-cbce-431c-af95-dd9852d9f24f", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843949", "to_ids": false, "type": "text", "uuid": "1b1c4b6d-1077-4ae6-98ea-bf9b96ebae21", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843971", "uuid": "d08b631f-eca6-4449-ba39-db573273c536", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843971", "to_ids": true, "type": "md5", "uuid": "7c13e5c3-b5ee-4cd1-8429-d23ff74f25de", "value": "9d577e7d2dda3267481556072276a74c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843971", "to_ids": true, "type": "sha1", "uuid": "71f94797-18d6-4efd-8f67-ccc93e1d3286", "value": "294e8456996002e5fd1adc7f002503acd34f1d20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843971", "to_ids": true, "type": "sha256", "uuid": "01fe8b77-01dd-4b4a-979d-c5193d7c7437", "value": "df7dc7c73633e422b6f6638fd9dcabe03ce0bf96a8b1728a4b7e6601c198a67e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843970", "to_ids": true, "type": "ssdeep", "uuid": "b011ca08-30e6-4c93-adae-4790168f6043", "value": "1536:QEkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwz:QIOMXxMXNYqRoD0KNKh6upM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843970", "to_ids": false, "type": "size-in-bytes", "uuid": "ee5b17fe-bee6-4e6b-a242-bab14522cc92", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843970", "to_ids": true, "type": "vhash", "uuid": "2848fc27-96a1-48c1-9540-bbe58c5b21b2", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843970", "to_ids": false, "type": "text", "uuid": "22d13b91-d2de-4a4e-8f57-0bbb45af1ff9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740843992", "uuid": "9a3d87b8-6c6c-4dd7-b306-cae707ce73b6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740843992", "to_ids": true, "type": "md5", "uuid": "63bc5144-ab1d-43c9-8417-4d4a2cc2814c", "value": "62997ddc9c805cccc527b1b6bf50c1b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740843992", "to_ids": true, "type": "sha1", "uuid": "eb386ee2-b26e-4adc-8ad7-893556b0903e", "value": "0d97370d0e76cd019873018b117225e1c31e86d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740843992", "to_ids": true, "type": "sha256", "uuid": "7c0944c3-8630-4d67-8e92-38c6328a04d4", "value": "55b2a150242a76c2cc902ead010cb9e2606af8cdb64c8549253a0aa66316c79c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740843992", "to_ids": true, "type": "ssdeep", "uuid": "101927db-f433-4273-a05f-d8e4586f9c02", "value": "1536:+ikwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwL:+2OMXxMXNYqRoD0KNKh6upk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740843992", "to_ids": false, "type": "size-in-bytes", "uuid": "db2e9ad5-882f-4b0d-975f-768da7270fef", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740843992", "to_ids": true, "type": "vhash", "uuid": "3a8ce34a-6c55-4c4e-aad3-4b33a940dcc3", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740843992", "to_ids": false, "type": "text", "uuid": "8c5ab04b-02e0-4b84-96a9-848cd8eb0df5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844014", "uuid": "a0a16350-bf0f-474f-88c0-921b78aa5b78", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844014", "to_ids": true, "type": "md5", "uuid": "63ca3ae2-9d1f-469d-86ed-e88081dbb50d", "value": "a23b9cd92eeb21d91500baf072f22b13", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844014", "to_ids": true, "type": "sha1", "uuid": "e8412d0d-efd0-434e-ad7a-8e442f959d4f", "value": "2cf14527b7fe7db7f9c87498dbc84dbbdbc89efc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844014", "to_ids": true, "type": "sha256", "uuid": "ccbac99c-cc24-4808-bed6-b7e58f695009", "value": "a88d95a7a0fc85e9c30e7794e6c3b0209829775501efe5aa47c4cd127171bf60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844013", "to_ids": true, "type": "ssdeep", "uuid": "adad2d47-05e1-4cda-a856-9b96d8184701", "value": "1536:yikwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLw7:y2OMXxMXNYqRoD0KNKh6ups" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844013", "to_ids": false, "type": "size-in-bytes", "uuid": "db8bb679-e51f-482c-a18e-80b1b3852e90", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844013", "to_ids": true, "type": "vhash", "uuid": "f9459ff0-8c71-407b-bc30-7c854f149bfb", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844013", "to_ids": false, "type": "text", "uuid": "90cf0976-d8f0-41a6-a329-3de5e4720c21", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844035", "uuid": "444079e6-25da-439c-8985-07c7a5df3707", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844035", "to_ids": true, "type": "md5", "uuid": "3819d5a3-c28c-4a0e-8741-e744df192189", "value": "a1372d3792aa01add983a0d4f908c657", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844035", "to_ids": true, "type": "sha1", "uuid": "858a9221-9d93-4ee3-95f0-5d1acacd96a6", "value": "97832e73ea20e2250677a2f467c3d9caae122e22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844035", "to_ids": true, "type": "sha256", "uuid": "9c2ecd95-2de7-4c73-b375-2550aabbf5ff", "value": "33882a987defc9489c259010aa4a11b2b967398436f6f79ca5b8b3a8732fcc9e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844035", "to_ids": true, "type": "ssdeep", "uuid": "75fb6dae-5ece-4bcf-bc68-1a636d540714", "value": "6144:zXANHz+sHil2swy6af+QB51j/hZHq95SqsFORUqPIxouK3lqJzIL1qu2T:zXKVy64+QBTjJZI5SqtNiouK3lqJM1qr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844035", "to_ids": false, "type": "size-in-bytes", "uuid": "a5705256-0497-4049-b8f4-0ab8e5c4d9d1", "value": "411118" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844035", "to_ids": true, "type": "vhash", "uuid": "94376cbb-08c6-44fe-85cd-9f80a19c5f12", "value": "974760b60fcf84cdd65fe226182da3c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844035", "to_ids": true, "type": "filename", "uuid": "283cdb7e-1ee5-444e-913f-1968bd1b7c73", "value": "a1372d3792aa01add983a0d4f908c657.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844035", "to_ids": false, "type": "text", "uuid": "84627849-8a33-4e10-8ccc-b27d424b0ce0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:27/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844057", "uuid": "5d9b28f2-9dca-4533-b8bc-ec2fd46f1d01", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844057", "to_ids": true, "type": "md5", "uuid": "d5d9acf2-42cd-48fa-aa6c-44faa3ceaf4c", "value": "5301c4729da97d0060bfb436644ec3ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844057", "to_ids": true, "type": "sha1", "uuid": "f3970128-db51-4b94-8da1-c92f189f3569", "value": "a7f068b0db77f396fcc2e0b30086c040d4171e8c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844057", "to_ids": true, "type": "sha256", "uuid": "76678052-bd55-4a4f-99f2-4d929f0947cc", "value": "231bfaea1e18ade5d09a304c59f06415170396b686943f3145dd41a4cf5bedb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844056", "to_ids": true, "type": "ssdeep", "uuid": "5984e509-b767-48f5-aea9-44083087eb75", "value": "1536:K0lkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwxp:K0pOMXxMXNYqRoD0KNKh6upqp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844056", "to_ids": false, "type": "size-in-bytes", "uuid": "6b92d623-0ac3-4aa3-9feb-49fee430598a", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844056", "to_ids": true, "type": "vhash", "uuid": "ee6260c7-5ee9-4e16-964d-7d64b431f931", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844056", "to_ids": true, "type": "filename", "uuid": "82f80f26-1308-4280-bbd1-f35827fb4137", "value": "5301c4729da97d0060bfb436644ec3ad.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844056", "to_ids": false, "type": "text", "uuid": "a248fec8-472d-4643-8615-bb35b48dd0e4", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844079", "uuid": "6881a8da-5b16-4485-b428-3f471e3f1b47", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844078", "to_ids": true, "type": "md5", "uuid": "ca440df1-9102-4da5-b63c-63b014545cd6", "value": "3a53f2a840ad5f5ff998d52ab2cac644", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844078", "to_ids": true, "type": "sha1", "uuid": "e584654a-b19d-4ced-8071-ac89cd14122b", "value": "9dc3437c41828fe7ea5109948bd6a2676fa333be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844079", "to_ids": true, "type": "sha256", "uuid": "0ae209b2-da12-4325-be6d-cbfd6e3e806a", "value": "94766d81d5249abd403848d7127be0e5e49d4165ab3b250e9f78606ef34af1b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844078", "to_ids": true, "type": "ssdeep", "uuid": "0c59c6d8-a1f7-409d-9e06-872fdf904218", "value": "1536:FdkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwD:FhOMXxMXNYqRoD0KNKh6ups" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844078", "to_ids": false, "type": "size-in-bytes", "uuid": "ce539053-ff9d-4fff-86ad-f1a7d6fd3049", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844078", "to_ids": true, "type": "vhash", "uuid": "bceb48a8-792b-463e-aac8-015b4f1b1dc2", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844078", "to_ids": true, "type": "filename", "uuid": "8ee5da50-4267-483b-a556-5999ad2aa8ca", "value": "3a53f2a840ad5f5ff998d52ab2cac644.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844078", "to_ids": false, "type": "text", "uuid": "80840edf-6b7f-4963-95bb-5d2e1e7c5094", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844100", "uuid": "05f6cb0a-2018-47d4-bacb-93d46f80a698", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844100", "to_ids": true, "type": "md5", "uuid": "b7fd9559-47b2-4866-9e8c-9952fef3c13a", "value": "3ed97649e378c5aa51dcff8a06429c8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844100", "to_ids": true, "type": "sha1", "uuid": "409724bc-7f58-4ffe-ba82-88b1d675695c", "value": "d0eec291516d695e411a48f6bc69ad460e4e2eb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844100", "to_ids": true, "type": "sha256", "uuid": "f3fbe349-b71b-44f5-8f05-7e585db4095d", "value": "6a7272c291ee7807046031837342e37cf33ee9b9cf86dcdffd88548c5515cdcf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844099", "to_ids": true, "type": "ssdeep", "uuid": "12162c5a-d565-4358-bc27-aaf13f97dd1a", "value": "1536:37kwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwH:3nOMXxMXNYqRoD0KNKh6upI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844099", "to_ids": false, "type": "size-in-bytes", "uuid": "71591f97-b330-4166-8a78-c801eb305733", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844099", "to_ids": true, "type": "vhash", "uuid": "7cdbb26f-513d-4daa-971f-755345fd48a9", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844099", "to_ids": true, "type": "filename", "uuid": "44399d15-92d1-4744-b384-20e39291a227", "value": "3ed97649e378c5aa51dcff8a06429c8f.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844099", "to_ids": false, "type": "text", "uuid": "821e7234-2310-4054-a06f-adaa9385ee1c", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844122", "uuid": "7bc0c762-c603-412a-8e82-273fcac73267", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844121", "to_ids": true, "type": "md5", "uuid": "65c714c1-81c9-49c2-a922-a5dd4ffd8ad7", "value": "64bcb4331ae89f57b27a9a2b592502de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844121", "to_ids": true, "type": "sha1", "uuid": "c597342c-02ab-4eed-ac63-7320e1c28039", "value": "cf629bd135657ca98c812c787188c8290ff19b73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844122", "to_ids": true, "type": "sha256", "uuid": "46a73560-88c6-4486-8881-8eab42523168", "value": "ca5eae35ba88b89469f5a156575186a60fbe31f5a071f66f0d86590453184d69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844121", "to_ids": true, "type": "ssdeep", "uuid": "4aa0b728-a93e-433a-ae9c-cf23dc58773a", "value": "1536:6ukwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwf:6aOMXxMXNYqRoD0KNKh6upo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844121", "to_ids": false, "type": "size-in-bytes", "uuid": "e2c0615f-6a26-4ffb-a494-923c92e87d33", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844121", "to_ids": true, "type": "vhash", "uuid": "2e767160-40c9-44f4-a39f-5d26cd0516bd", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844121", "to_ids": false, "type": "text", "uuid": "ca5c03ed-1c37-4413-be59-f3100bc16319", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:27/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844143", "uuid": "6fc61092-864f-480c-a43d-4e927a075e0e", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844143", "to_ids": true, "type": "md5", "uuid": "79c84753-4ca4-402b-9480-66a3feab6f7d", "value": "9f8b98056320828fe64f49dc0782c479", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844143", "to_ids": true, "type": "sha1", "uuid": "83ba25b8-80a3-4980-b14e-62b8bbf67a71", "value": "cc5dabc34f4657035642c0ba805450c579a8a786", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844143", "to_ids": true, "type": "sha256", "uuid": "ca99149f-5eda-4fec-981b-51c613340cc2", "value": "ec9dc311487488057221630839807ba2f44af6c7c023134fc0ef5c9bbd9ab746", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844143", "to_ids": true, "type": "ssdeep", "uuid": "78fe7cd3-a01f-4b29-9d1b-bd119dcfdc06", "value": "1536:cEkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwj:cIOMXxMXNYqRoD0KNKh6upc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844143", "to_ids": false, "type": "size-in-bytes", "uuid": "494ef9da-6ac0-440b-96bc-fe4be5c9132b", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844143", "to_ids": true, "type": "vhash", "uuid": "dc7ad620-fe4b-4772-a507-21d3351b11b7", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 09/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844143", "to_ids": false, "type": "text", "uuid": "c602e873-30c7-4a7c-bc60-b7ea408c7086", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:33/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844165", "uuid": "87a2fcb2-d74f-4a91-a285-dcb0668839df", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844164", "to_ids": true, "type": "md5", "uuid": "c72ba210-656f-4202-8815-3c95a12bf929", "value": "964335690f68b17841c9ed8b39366785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844165", "to_ids": true, "type": "sha1", "uuid": "51dd3c5a-4211-4204-9585-a2b841ea571d", "value": "a55b2ac55a5bc18e4c2e9e61cbb6acbaf00b1aef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844165", "to_ids": true, "type": "sha256", "uuid": "236be2b2-4fa6-4bf0-9b2b-bf303a6ea6a5", "value": "06cd2707f98404fa94ad3057b5df4db008185faeaed1b7deb7f9eccf8e5b687e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844164", "to_ids": true, "type": "ssdeep", "uuid": "b35edb26-f281-4552-84b9-be3e6ab9747d", "value": "1536:xdkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLw/:xhOMXxMXNYqRoD0KNKh6upw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844164", "to_ids": false, "type": "size-in-bytes", "uuid": "54f31d8e-b54a-481a-a547-335da2a4d684", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844164", "to_ids": true, "type": "vhash", "uuid": "f1342f30-46e9-40bb-b8e6-7812fef3668c", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844164", "to_ids": true, "type": "filename", "uuid": "03ec8934-2366-49f5-aaa0-a7962ba6b22d", "value": "06cd2707f98404fa94ad3057b5df4db008185faeaed1b7deb7f9eccf8e5b687e.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844164", "to_ids": false, "type": "text", "uuid": "27335874-444f-45ae-99fb-1d4887dfeef5", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844186", "uuid": "c633ca7a-773c-4441-842e-f40e7039f264", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844186", "to_ids": true, "type": "md5", "uuid": "46ae5530-d97e-4ff6-a110-4b0cc8dd2fe2", "value": "27dc582d4408efc14e22023a1f81f115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844186", "to_ids": true, "type": "sha1", "uuid": "7e28ef66-035b-4a45-9bf7-e999fe7bfdf5", "value": "a5841edd44ad78b2139a1640990d81f8a45ff4b8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844186", "to_ids": true, "type": "sha256", "uuid": "c52891c6-fb02-494d-bc86-60d786123b58", "value": "98bea5f4dc2393ce13bbc44ce1e7fe37ebda611e44cc988d38b5f8b4fee2be67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844185", "to_ids": true, "type": "ssdeep", "uuid": "f8a2fd9a-17d4-4a03-9ea7-25a11eceb22a", "value": "1536:0wkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLw7:08OMXxMXNYqRoD0KNKh6upc" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844185", "to_ids": false, "type": "size-in-bytes", "uuid": "f50c601a-5bdb-4dac-8863-a58412ae6673", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844186", "to_ids": true, "type": "vhash", "uuid": "ae8abe34-1e69-45cd-bb22-225f338ec334", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844186", "to_ids": true, "type": "filename", "uuid": "899aebaf-2311-4ab4-9a63-691c09e2a660", "value": "98bea5f4dc2393ce13bbc44ce1e7fe37ebda611e44cc988d38b5f8b4fee2be67.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844186", "to_ids": false, "type": "text", "uuid": "aed02497-f5e5-44d2-8bc4-e9805015e5ec", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844208", "uuid": "962c05c9-55a2-4df3-9a31-dca30e26a347", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844208", "to_ids": true, "type": "md5", "uuid": "7191d206-5f18-465d-b624-f438a70e2623", "value": "1f83ebf7d3bf2e4e06dd0c9566d57bdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844208", "to_ids": true, "type": "sha1", "uuid": "c734bd20-710e-43f2-8918-af7503c258a6", "value": "7eba4906a148cf6dfa3a21f5f8d8d3f02d5a89ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844208", "to_ids": true, "type": "sha256", "uuid": "4a2457cb-4a65-4806-9058-e334321a56cb", "value": "bf60576dd4e478f2ee277d547361a8d0e00385f50cdf4bc24f9400ce2a4f6f66", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844207", "to_ids": true, "type": "ssdeep", "uuid": "3adcff93-8a90-49f6-9c83-fbe128d6d1e3", "value": "1536:FdkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwb:FhOMXxMXNYqRoD0KNKh6upE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844207", "to_ids": false, "type": "size-in-bytes", "uuid": "ddfa7ca4-9a51-4a79-8a3a-71e3fd0c1763", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844207", "to_ids": true, "type": "vhash", "uuid": "d06c69c0-9a22-4d8d-bf7e-b4e84432e3a1", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844207", "to_ids": true, "type": "filename", "uuid": "7f07ec5d-df94-44d6-b808-8e711655cfd6", "value": "1f83ebf7d3bf2e4e06dd0c9566d57bdb.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844207", "to_ids": false, "type": "text", "uuid": "55c120d0-3268-417f-a08b-51ce0f9a9cf7", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844230", "uuid": "0cb58872-13d5-429f-bd0d-01059a4c36a4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844229", "to_ids": true, "type": "md5", "uuid": "e2e472ec-4411-4f7c-9aa3-ea61952575f4", "value": "752a39664896be5f0b4b888e146ca965", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844229", "to_ids": true, "type": "sha1", "uuid": "3f7ad650-e964-4c6b-8d29-3bb52389341e", "value": "4f6add8846b93e6e6746d664b2e0700ce9e5024a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844230", "to_ids": true, "type": "sha256", "uuid": "18e58f2d-e60d-47c9-9893-860ad13fa831", "value": "033ee6c1fc4f9518407d37e75b77597ac244473fff910836c81d4262b6552a4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844229", "to_ids": true, "type": "ssdeep", "uuid": "ed3f89e2-c4d3-47ec-8111-d69d79a6a2dd", "value": "1536:2SkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwP:2GOMXxMXNYqRoD0KNKh6upw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844229", "to_ids": false, "type": "size-in-bytes", "uuid": "7c513388-496e-4663-97ee-fc065536ae91", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844229", "to_ids": true, "type": "vhash", "uuid": "e674c6be-ee1e-45f5-ba85-50ab18d4a71f", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844229", "to_ids": false, "type": "text", "uuid": "98479dae-234f-4ef0-ba5a-914e3926b17f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844251", "uuid": "0105223a-8463-406b-945e-b535defb4e1c", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844251", "to_ids": true, "type": "md5", "uuid": "67aa9aa7-bf5e-488f-a8ad-d24b27963e38", "value": "65d0bb5b3b37a9f78bc1a45b5d300557", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844251", "to_ids": true, "type": "sha1", "uuid": "8efe9919-4aa7-444d-bdb2-a5dd97c85e36", "value": "312cc7fbb434430c4e985515355354779b27b3e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844251", "to_ids": true, "type": "sha256", "uuid": "58d14633-75a6-40b3-913c-5c4e10f4c0b8", "value": "296a981c288f751d253ec0a0ea693ba9f8ca56435353c5c6c69eec374d31029b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844250", "to_ids": true, "type": "ssdeep", "uuid": "2b3dbb3a-86ea-48fb-8efb-14d70caf14f7", "value": "1536:MckwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwT:MgOMXxMXNYqRoD0KNKh6up8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844250", "to_ids": false, "type": "size-in-bytes", "uuid": "07868499-8b1b-4812-9556-016b7d38585a", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844250", "to_ids": true, "type": "vhash", "uuid": "c404208e-4f99-43ef-8721-a92fcf2cf966", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844251", "to_ids": false, "type": "text", "uuid": "c7aee092-93d6-40a6-a2e9-5ef7434b3c77", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844273", "uuid": "fc7fc40b-681e-4fe4-8baa-40ba242df7d7", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844272", "to_ids": true, "type": "md5", "uuid": "f7e8351c-74a9-4f05-a46d-72329ff8a213", "value": "608081b2583ea9a4f08ff21b9290b564", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844273", "to_ids": true, "type": "sha1", "uuid": "6f1dbd4d-abc3-4c01-850f-23c7d8d809d0", "value": "3a9bca25b988abd382717f10019aba369c49deea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844273", "to_ids": true, "type": "sha256", "uuid": "3db16ce4-ff0f-4650-8322-b2bc29029b21", "value": "9606406159f540df502fe3ce4ca80b0d435494781679cec98795aaffa8e87cc9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844272", "to_ids": true, "type": "ssdeep", "uuid": "647eb53d-4347-4c3f-a0e1-d3abaa9dac82", "value": "1536:pFkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLw7:pJOMXxMXNYqRoD0KNKh6up8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844272", "to_ids": false, "type": "size-in-bytes", "uuid": "6fbd5e23-85ac-41f2-bb98-fdc3f801c263", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844272", "to_ids": true, "type": "vhash", "uuid": "df392c7a-923d-4224-9e05-0a5424ce1a48", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844272", "to_ids": false, "type": "text", "uuid": "6c7632e1-7681-4486-aeb6-c950f17e0341", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844294", "uuid": "ea435153-925b-4a86-8558-9773b5f34b13", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844294", "to_ids": true, "type": "md5", "uuid": "7159b482-a856-4312-86ca-29ee137de373", "value": "ced757524c3458a24615e02fef14fb11", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844294", "to_ids": true, "type": "sha1", "uuid": "ad275510-1c95-427d-8d55-e9b6658b7d7a", "value": "1143e5f1a80bc35e125f3b0cd3fc9935e58602e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844294", "to_ids": true, "type": "sha256", "uuid": "53950c07-d3d7-4513-964d-77cafe747e17", "value": "a9b83cc79fe45bac242d4afb8f11e0688e98bf408d7955c7960dd19413ad813c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844294", "to_ids": true, "type": "ssdeep", "uuid": "671e1d2d-7a9b-4c13-a959-0d1a8eaacae5", "value": "1536:zXkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwf:zbOMXxMXNYqRoD0KNKh6upg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844294", "to_ids": false, "type": "size-in-bytes", "uuid": "055a44ad-92ce-47fa-a7af-043f6b17b644", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844294", "to_ids": true, "type": "vhash", "uuid": "66382f9d-82ac-4651-8a14-72e60ccfeec5", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844294", "to_ids": false, "type": "text", "uuid": "c3d966b7-45a4-4afa-bce5-a218fe068a75", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844316", "uuid": "d62da450-a7b9-4d02-b966-9c258122a967", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844315", "to_ids": true, "type": "md5", "uuid": "66d8a7d8-b29c-49c6-a7a6-34f2ed468702", "value": "c7c3bb31f306b39f77c959ff6bbbbdef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844315", "to_ids": true, "type": "sha1", "uuid": "826d0830-7959-432a-90f8-4583d6a6329b", "value": "2bb0482fa57e737b110b271ae5be107bf49d8c06", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844316", "to_ids": true, "type": "sha256", "uuid": "de86f754-01da-4826-ad7d-86cf542ee715", "value": "fba9f04ea6ca2c7719e5f04eae201b3a8d6699bd6fc392f264f7419990aec5c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844315", "to_ids": true, "type": "ssdeep", "uuid": "429e3882-a944-4a8e-bd3d-e5abdf756133", "value": "1536:tFkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwT:tJOMXxMXNYqRoD0KNKh6upU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844315", "to_ids": false, "type": "size-in-bytes", "uuid": "be94ebfe-a07b-4808-9cad-33ceab0c0117", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844315", "to_ids": true, "type": "vhash", "uuid": "544c1646-767e-43a1-85d5-d3c5ae530930", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 05/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844315", "to_ids": false, "type": "text", "uuid": "7424fec5-ff58-4ea2-b143-3554f3162ab9", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844337", "uuid": "98ec2b98-8831-40ca-8ef6-891570f96607", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844337", "to_ids": true, "type": "md5", "uuid": "34ce57e5-3957-46da-82eb-8b0f4c73e377", "value": "c0628395851439ae22e3b7508bad7cf1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844337", "to_ids": true, "type": "sha1", "uuid": "34842e6e-25d8-4d7a-85af-efb4d698b000", "value": "41c59a7fed82886db1b0cb45fbcd7d2b7a9f31a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844337", "to_ids": true, "type": "sha256", "uuid": "61cb351a-de29-4fcb-858a-18146c951dd8", "value": "2464046e91a5541148c154fd1f15c0af5d2fb683df2cad396f0e03932853cd0f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844336", "to_ids": true, "type": "ssdeep", "uuid": "bb47b45c-614b-447a-ba79-847649e41ff8", "value": "1536:LXkwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwn:LbOMXxMXNYqRoD0KNKh6up4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844336", "to_ids": false, "type": "size-in-bytes", "uuid": "e7a00ae4-1a80-489b-a1d5-9fc65551d4b5", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844336", "to_ids": true, "type": "vhash", "uuid": "c232ba3f-97c0-4bd3-9d9f-d3fed395379e", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844337", "to_ids": false, "type": "text", "uuid": "66cb9abd-3c24-40d1-9ca4-477a711c7dbb", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844359", "uuid": "8e7ac82e-a452-408e-a993-315d0d3ecadf", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844358", "to_ids": true, "type": "md5", "uuid": "f1922771-d150-432b-b443-d81589397364", "value": "e598155781a971c01f7139b84e0ab619", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844359", "to_ids": true, "type": "sha1", "uuid": "5e6e36d3-1713-4583-a05f-66a7a26f13e7", "value": "35a4cdb57309d7027fe7e6298d81366f927ad254", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844359", "to_ids": true, "type": "sha256", "uuid": "aa08c1da-99a9-45ad-9827-8c8cfaee547f", "value": "24211d54005d883020978db9967fd9fcbedc1d01e45295a872d531b178dfb56d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844358", "to_ids": true, "type": "ssdeep", "uuid": "3f4be5d1-8cb4-434c-bcf2-0280b4e3ee66", "value": "1536:kckwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLwj:kgOMXxMXNYqRoD0KNKh6up8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844358", "to_ids": false, "type": "size-in-bytes", "uuid": "17e9effe-0172-4754-89c1-184d914ec352", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844358", "to_ids": true, "type": "vhash", "uuid": "64301e65-d262-4fbb-bb86-ee6a82cb536e", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844358", "to_ids": false, "type": "text", "uuid": "b69618a8-24cd-4a35-9171-1e4727d20971", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844380", "uuid": "b00d33b6-831c-4529-822a-ac366ec1a718", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844380", "to_ids": true, "type": "md5", "uuid": "3e9aad37-4cd0-4375-b6e2-ce3b9e3e1441", "value": "4e6ba0b03be8b1a1cae4de23548074bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844380", "to_ids": true, "type": "sha1", "uuid": "8da8222b-fa8b-42b3-b188-67674105b4d4", "value": "33ef493276ded6a64649e2a3c22563971af51965", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844380", "to_ids": true, "type": "sha256", "uuid": "7ebb94f2-99f2-4157-b01f-7b72850c2a2a", "value": "4e1a4b0e4e72b73665045f9c361901df20a9aba56d140b84a15194b9654df947", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844380", "to_ids": true, "type": "ssdeep", "uuid": "6ba43500-f24c-4166-8bc3-a4cee3710883", "value": "6144:wOGnzHHale3Vh1ShdKmsIt57i5cNEibrYZnF1RT:wOGzalyhesIt57GcWi8X" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844380", "to_ids": false, "type": "size-in-bytes", "uuid": "73481c91-4358-4a50-b339-99b4dec383ff", "value": "296134" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844380", "to_ids": true, "type": "vhash", "uuid": "63df49f9-4af9-419f-a630-bedea864e157", "value": "99d3708dc1b321cf78493fd5842bc27f" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844380", "to_ids": false, "type": "text", "uuid": "1ca07a8c-7279-4c51-a1a5-60f95bd8d1dc", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844402", "uuid": "14c61313-0e41-4fe1-a17f-e760c16a63c8", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844402", "to_ids": true, "type": "md5", "uuid": "b0278adf-b8bf-461b-a76c-60a84d97a713", "value": "453e8dc90e5608d1101d1f16cbe8ee77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844402", "to_ids": true, "type": "sha1", "uuid": "3e511fe3-5302-4a95-acde-f548d6c0186e", "value": "3c1e14eee98a54e0cce7e6133ff25cfe37571578", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844402", "to_ids": true, "type": "sha256", "uuid": "0499589b-318f-49b6-a710-ab43668f1afb", "value": "9d27f54c7f0d7079f423eb3b8ea22e6664ee32b6fccb8a72a3eef332ef9d0def", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844401", "to_ids": true, "type": "ssdeep", "uuid": "a08427c5-1922-4aab-b205-57e555abba1d", "value": "1536:1t6Xot6XMjmSwJEsAj9LX5+XfW4ipIoyo0rWWPS60Xr0kXcWe4Bv1e:1MXoMXYmSwJ9wLXEPNipIPc40Xr3VB1e" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844401", "to_ids": false, "type": "size-in-bytes", "uuid": "a08855dc-72af-4ce7-8460-5b39c3c97815", "value": "94364" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844401", "to_ids": true, "type": "vhash", "uuid": "ab474025-325b-4c66-afe0-75fed08c61eb", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844401", "to_ids": true, "type": "filename", "uuid": "d639579d-2098-40e6-ba67-2e896de2ca15", "value": "android.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844401", "to_ids": false, "type": "text", "uuid": "56b5e3db-65e4-4c30-b7b2-4af389661b22", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844423", "uuid": "4758798f-81f4-4c16-8f2a-2f6978626bd6", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844423", "to_ids": true, "type": "md5", "uuid": "8ba677b0-12be-45fd-9f7f-cd90e1fd4286", "value": "4d40829e3145f649bc5ed0b0fcdfe37a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844423", "to_ids": true, "type": "sha1", "uuid": "558cae5e-3809-4807-87e1-a8c330ae1a78", "value": "f1e85a300c8defbf12088848299db6049f3c64ab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844423", "to_ids": true, "type": "sha256", "uuid": "915158b7-a1f7-40c1-94fe-d4bbbfb98814", "value": "ae7b30d2b2808fc1014ff67840877acc5f1fd14b6227a120138421cf1292cb5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844423", "to_ids": true, "type": "ssdeep", "uuid": "cc7f11f9-ccf4-4c87-a082-4b96b9c22b75", "value": "1536:l4t6XPt6X8sxVCglPTeEGeZ6WZ2RQaxbDj+5:SMXPMX8OCJEGPM2aebX+5" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844423", "to_ids": false, "type": "size-in-bytes", "uuid": "6007e921-558f-4407-8e1c-3b5c07aaed2c", "value": "57065" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844423", "to_ids": true, "type": "vhash", "uuid": "436d7fc2-b2f3-463a-bace-01436c872c4c", "value": "fad1bdead7485f65087bcc750aee2023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844423", "to_ids": true, "type": "filename", "uuid": "d48f2c34-b21a-4371-8823-93fadde5e51a", "value": "4d40829e3145f649bc5ed0b0fcdfe37a.apk.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844423", "to_ids": false, "type": "text", "uuid": "312a9a4f-a506-461f-9e0a-803faeafff42", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844445", "uuid": "d0f66282-57e7-42af-b694-e12e4bd86c69", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844445", "to_ids": true, "type": "md5", "uuid": "3b07396f-780c-4c9f-9e5b-429e22bbffaa", "value": "a6118f67bcf0163451a755863a7f9af2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844445", "to_ids": true, "type": "sha1", "uuid": "2bed09f6-c2b7-4b9e-8dad-abe9fb0ae011", "value": "e9b7d256fb19c9c2c3474e253cc85e2d342bc53b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844445", "to_ids": true, "type": "sha256", "uuid": "3401e362-a960-4f7e-8f77-eafb8c789348", "value": "dc04e333245679aabb9e35dd2ba1ed6407572fa003ec4fa8eabe006b27e2303b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844444", "to_ids": true, "type": "ssdeep", "uuid": "026b161c-259b-4095-ba04-bfa73fa505e2", "value": "98304:KKZd/3XANJRL0lmP/hZZg3yXA8GrZJHpgJ/uWlxhLAf7pSmoTEMbfchAYOOdIccO:K6/YhUmP/hDgCGrjuDXsSmtMbUhAOzpF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844444", "to_ids": false, "type": "size-in-bytes", "uuid": "0a80a42f-44f0-44a9-be68-7463007d4838", "value": "5594477" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844444", "to_ids": true, "type": "vhash", "uuid": "a4efdd0b-4f94-4513-8962-25f2079ad54a", "value": "1b14f5dfdec1acd81800da8a8bbb2023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844444", "to_ids": true, "type": "filename", "uuid": "119e854d-ce2d-495c-b60a-c7f770c478a3", "value": "dc04e333245679aabb9e35dd2ba1ed6407572fa003ec4fa8eabe006b27e2303b.log" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844444", "to_ids": false, "type": "text", "uuid": "f04299b3-c79d-41f0-8beb-c0125a3fc0d8", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:28/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844467", "uuid": "1787ae81-5143-4659-9d70-11614edda775", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844466", "to_ids": true, "type": "md5", "uuid": "dafc3282-1cfd-47e0-a6f2-df0d2a93339d", "value": "b013a49226907546804c813e8c4ac15c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844466", "to_ids": true, "type": "sha1", "uuid": "092e33eb-6845-42d7-944f-2b7ab48c7aa8", "value": "c760ce4ff7ba602599fc71a101d1315fa7056f20", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844467", "to_ids": true, "type": "sha256", "uuid": "164ac9f3-899d-488f-8090-a182443229c1", "value": "27899a54e6d601c64429cf9985067744cbf8cb9fc98efa32f239a71ca4a3190a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844466", "to_ids": true, "type": "ssdeep", "uuid": "1180a257-a4fd-410a-bb18-41c22f5a24a8", "value": "6144:UgNwWWOccpaCMlg9YNEHqrc+dcWuwzz/6evsEO59tFddxS:UgxOcsCMlAKiqrcCDuwH3O9vxS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844466", "to_ids": false, "type": "size-in-bytes", "uuid": "918941fa-66cb-4f9d-8213-48767d87f206", "value": "299598" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844466", "to_ids": true, "type": "vhash", "uuid": "137d8061-e0a1-4560-886e-ed33251c77c6", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844466", "to_ids": true, "type": "filename", "uuid": "7657d216-1a51-4f4e-8963-2765bd4b8e80", "value": "b013a49226907546804c813e8c4ac15c.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844466", "to_ids": false, "type": "text", "uuid": "ea13e55a-a103-4ae4-b78f-dfe6716ab258", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844488", "uuid": "02aec920-a06d-4b7d-a2c7-f603d44c5107", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844488", "to_ids": true, "type": "md5", "uuid": "113f7372-c044-4d85-885f-0bf076fc4412", "value": "1d45d37fc0a2972862ead8e46650f727", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844488", "to_ids": true, "type": "sha1", "uuid": "fd0be9ef-3705-46b6-ad93-01259de47a0c", "value": "145220a2012c06a26415b1c67323d0f339f5e32a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844488", "to_ids": true, "type": "sha256", "uuid": "51df8d07-c696-4126-ab20-f3837760783d", "value": "52d5c889c3a7ab60ef78feb0029c4c0d7075865bb1cf19d4c56892286c49cffe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844487", "to_ids": true, "type": "ssdeep", "uuid": "b43f11be-d3ad-4210-b14c-0de5cac5a868", "value": "6144:vEbwwmSyjGjy8j8oXhD7Tj/DxEcq39y7KtzLV0BDT2dm3L:vEbrm4m8j8od7ecV74zB0p64L" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844487", "to_ids": false, "type": "size-in-bytes", "uuid": "a379a8d9-63d9-446a-9426-503026aa6691", "value": "286774" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844487", "to_ids": true, "type": "vhash", "uuid": "475fb7f0-d12e-4bd1-9430-6e7ce8ce17b8", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844487", "to_ids": true, "type": "filename", "uuid": "7390ba39-5f4c-4fd7-a67c-6fa337c809c8", "value": "1d45d37fc0a2972862ead8e46650f727.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 12/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844487", "to_ids": false, "type": "text", "uuid": "0d75b4ae-b9cd-47a9-afb0-4fa6e3ff150a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Program:AndroidOS/Multiverze\nVT Total Detection:31/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844510", "uuid": "56396e41-a284-4444-9c2c-f3befc3bfe15", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844509", "to_ids": true, "type": "md5", "uuid": "12cea5fa-83f2-418e-acc9-adcbf175c2bf", "value": "1ca7e8277dd4e985c9e25039b4503f02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844510", "to_ids": true, "type": "sha1", "uuid": "d2ce5617-a2bb-45fc-8dd9-ab3d30abc8d0", "value": "d2e8aab68e2951b81973de6d9e627e3a87abfbfd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844510", "to_ids": true, "type": "sha256", "uuid": "2ebaadf7-7343-4db5-a54f-830083fc3b79", "value": "782f20a4d6e5713dd3f3b7fba9995c2e73a2c529ff6562884852226dbde6f341", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844509", "to_ids": true, "type": "ssdeep", "uuid": "8c5586cb-5b06-43d9-970d-73fbb59eb59b", "value": "12288:m3eE8bHc+bIeBEO7+bKLZJUDgIQK8JhDj:mb8V0Cd7VFSgIQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844509", "to_ids": false, "type": "size-in-bytes", "uuid": "298d81b0-830a-4f8e-a944-9a2b1d6454d4", "value": "599953" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844509", "to_ids": true, "type": "vhash", "uuid": "24bb6d27-0f46-4fa9-bfcc-387f74de9261", "value": "510b918ae89d119cde8968504635959d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844509", "to_ids": true, "type": "filename", "uuid": "6b601a05-844c-4a63-be70-281faef8ca71", "value": "1ca7e8277dd4e985c9e25039b4503f02.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844509", "to_ids": false, "type": "text", "uuid": "79522075-4f39-4c42-831e-85ba6ec5f734", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844532", "uuid": "6da60e21-8ff5-4189-91a1-1a0832338af4", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844532", "to_ids": true, "type": "md5", "uuid": "fb705ac6-6b4c-4fa5-a2f5-283bd43bbd0d", "value": "40d065d39c23f4ecee9b9acf0ccb54a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844532", "to_ids": true, "type": "sha1", "uuid": "c0c57b6c-7919-4c76-a697-04ced3f55bd4", "value": "7fdbe1dabe043accde97f9f03bfadfdcb6dbaf03", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844532", "to_ids": true, "type": "sha256", "uuid": "eb449ca9-eb14-4e90-9f46-61399a295d7e", "value": "87a049d0354cbf9cdce3e217fda586f8f94dafe4c9bd070f0276299cd557e3f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844531", "to_ids": true, "type": "ssdeep", "uuid": "646c1dd1-659c-483d-871d-2aa326b8ce5a", "value": "6144:Q03S7PISQJP11Ad3O9+RzddYok4Ghzs6LF4CQw9bxq:Q0hJP11yRzddRBos6Z4R0xq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844531", "to_ids": false, "type": "size-in-bytes", "uuid": "820df2cc-7761-46c2-aea5-b43834e63fa0", "value": "299613" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844531", "to_ids": true, "type": "vhash", "uuid": "b4352e6c-3500-4d0b-be5d-b049c0fa5825", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844531", "to_ids": true, "type": "filename", "uuid": "3defb873-43d6-46da-939f-07e0dac8d098", "value": "40d065d39c23f4ecee9b9acf0ccb54a3.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844531", "to_ids": false, "type": "text", "uuid": "d2a917eb-6554-4a0a-a5bc-a61818acb759", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ditertag.A\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844553", "uuid": "cc606422-9187-4fcf-bd1d-e18f2d3e34a5", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844553", "to_ids": true, "type": "md5", "uuid": "1f34f131-67f0-4073-be4c-921111954091", "value": "e7a349b9ce05693b303ae91a00defe0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844553", "to_ids": true, "type": "sha1", "uuid": "8ce8a806-8f2f-4aae-8657-6a6cc5423091", "value": "a6bf884496e4919c9fd707cb640fafd6feebed46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844553", "to_ids": true, "type": "sha256", "uuid": "60f6c1b0-1b29-4332-a0e8-59dc8f8b3b9b", "value": "b3908c208bbafc5501b793629e0619f18c2fab9c93f11b64b43caa915d4d291d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844553", "to_ids": true, "type": "ssdeep", "uuid": "741aa55d-69ea-4c52-a8d2-a19150e914d7", "value": "6144:gPrxHCv+pn2KXXlPLuQBcASxvQQBZA1nF9ZSk3e1fnQ6KqyCb1x:gPrJppX1PqtA5QB21nFWk3ejKbo1x" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844553", "to_ids": false, "type": "size-in-bytes", "uuid": "590bb500-bd1f-4b3d-88ba-2d77f3a2be30", "value": "299592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844553", "to_ids": true, "type": "vhash", "uuid": "7923ba80-2541-4bb8-9539-49b1b9eba742", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844553", "to_ids": true, "type": "filename", "uuid": "f20f4cff-4443-4d2c-bdea-9dbb5a21391f", "value": "e7a349b9ce05693b303ae91a00defe0e.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844553", "to_ids": false, "type": "text", "uuid": "7db73fe3-6482-4de1-bb19-429345069040", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Win32/Ymacco.AA9E\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844575", "uuid": "e06a629f-e58d-4fbb-9fd5-1d5eeb782880", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844575", "to_ids": true, "type": "md5", "uuid": "79092424-e3f3-439e-8111-9e9cf66614de", "value": "eb6e399421c0ce7cd3b0cca7880f68d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844575", "to_ids": true, "type": "sha1", "uuid": "b8eaa64a-848a-4c2c-96c4-0b7168b56653", "value": "aa505c8c255c0dd82ac338f63e940ecdf579a471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844575", "to_ids": true, "type": "sha256", "uuid": "f82a7c7f-8396-4545-ab8a-65a9a9a7b02b", "value": "e36d49acee3b5c9fc03640fb8edf9814d4201efde1bb9b91dddf56322352d5b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844574", "to_ids": true, "type": "ssdeep", "uuid": "63c63bff-61be-4c77-81c7-2d260aeae45f", "value": "6144:CNcD88VLLM5Wt9BV6Q1luMT4FenJbhRDt5BDru:CaBdQEXluu40nphRjtru" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844574", "to_ids": false, "type": "size-in-bytes", "uuid": "fcf369db-86a4-4984-8ddd-77a7e75e02b9", "value": "298054" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844574", "to_ids": true, "type": "vhash", "uuid": "af3f151f-8591-4fe3-9e56-3d2833a73335", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844574", "to_ids": true, "type": "filename", "uuid": "ff007ab2-c3be-4ad0-abc5-90e721e09f69", "value": "eb6e399421c0ce7cd3b0cca7880f68d4.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/07/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844574", "to_ids": false, "type": "text", "uuid": "954b5d3b-095d-49af-a0c7-4d11bc894511", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844597", "uuid": "f0a92cf6-0e23-4d60-9b5a-9070cc8c7957", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844596", "to_ids": true, "type": "md5", "uuid": "a5b7c5b3-62e7-400d-8abc-2304476ebafd", "value": "6558ded4ccccd6540b4dab995f5955bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844597", "to_ids": true, "type": "sha1", "uuid": "245b7131-4262-4ae2-82c0-eba2285f53cf", "value": "2d758b663724317b34f018c304558a858aa48230", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844597", "to_ids": true, "type": "sha256", "uuid": "0f808fd3-62a8-4cb4-810e-7493488c266d", "value": "619b30e3d1deafcc78707b007cf76f7ddf03f2d4abca98dd45835c5e35fe2fbc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844596", "to_ids": true, "type": "ssdeep", "uuid": "bc36b115-fa4b-4412-9b09-0e6d9a87fde7", "value": "3072:TMXhMXoBXYSosyEY6eT39XekVEeMxpmuQ5xNe:T4h4closjeT3R9VE0be" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844596", "to_ids": false, "type": "size-in-bytes", "uuid": "2333c37e-3aeb-4240-b689-601343a1c217", "value": "121719" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844596", "to_ids": true, "type": "vhash", "uuid": "c3093716-51cd-4d74-b439-63e98088d363", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844596", "to_ids": true, "type": "filename", "uuid": "00dfce99-1de0-4c1e-8b67-9c5b6383310f", "value": "619B30E3D1DEAFCC78707B007CF76F7DDF03F2D4ABCA98DD45835C5E35FE2FBC.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844596", "to_ids": false, "type": "text", "uuid": "f0f305a2-34ae-49a9-81dc-b25a3396779a", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844618", "uuid": "b24058a8-1427-4560-9b3e-fceafc76ccce", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844618", "to_ids": true, "type": "md5", "uuid": "03a9c95f-ff5d-4cbc-92ce-de13d8458f57", "value": "b33b8172989f9026def73dba8c39261b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844618", "to_ids": true, "type": "sha1", "uuid": "e69e8c04-e00b-42e2-a705-bbd686e5c5d4", "value": "53b088707341ac7b333693af4c6f496628fc8f4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844618", "to_ids": true, "type": "sha256", "uuid": "aa0d81b3-1531-4824-a56b-134051383f85", "value": "d1d0940926b24e5a5875305f307d22bb18e541c1bd6f623d495e683b354422b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844618", "to_ids": true, "type": "ssdeep", "uuid": "c1bdac73-6a4b-4948-aca4-33e5a1a93cdc", "value": "3072:2MXhMX7hXPMkTHVNXuW8EvNAodVKoNehRuguQ5xNa8:24h4dXPdVNXv8iiiVK6ehRuqba8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844618", "to_ids": false, "type": "size-in-bytes", "uuid": "97a123a8-ef05-4e08-9d44-88aeeaf64ae6", "value": "121576" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844618", "to_ids": true, "type": "vhash", "uuid": "3b966deb-4d41-4b99-9ec5-e06d77dcfb42", "value": "a418351a82ae1227663622360cdf9570" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844618", "to_ids": true, "type": "filename", "uuid": "c594aba1-19ab-4cda-8033-7d4a2418ed44", "value": "d1d0940926b24e5a5875305f307d22bb18e541c1bd6f623d495e683b354422b0.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844618", "to_ids": false, "type": "text", "uuid": "988766b8-dffd-482b-8419-909834802300", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844640", "uuid": "6e12e94c-4bab-45c8-aae0-9133b0b75306", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844639", "to_ids": true, "type": "md5", "uuid": "1b889777-cb18-4c48-8f6c-6572eac57574", "value": "016989b639c9ee9071144b5c8974a448", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844640", "to_ids": true, "type": "sha1", "uuid": "2058bbe2-8922-429d-a911-062e3332d168", "value": "a86e4de4043bda2760a3abfe4642a4692738ec36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844640", "to_ids": true, "type": "sha256", "uuid": "18d8c70f-a56a-4387-8254-20a6392fd78f", "value": "f4746711285486e3643692e72f4555292afeb0634a9fae1d7e2792b8bffc3998", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844639", "to_ids": true, "type": "ssdeep", "uuid": "4fbcf252-fedd-4c50-8469-06f99a00fbbd", "value": "196608:dqVed5qGqJtkrJzuJCQHpy0mJevQhCTW3E3t:dZd50J+8n/vMEd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844639", "to_ids": false, "type": "size-in-bytes", "uuid": "849dcc0f-da6c-4e29-a424-b131fb04c090", "value": "8777115" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844639", "to_ids": true, "type": "vhash", "uuid": "b64935e7-1f8a-46e6-b650-d4341d97d610", "value": "2348bbb22b194ec0c1635237e7ebcb6d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844639", "to_ids": true, "type": "filename", "uuid": "56155ccc-aaed-4460-a2b2-d484e80790e7", "value": "016989b639c9ee9071144b5c8974a448.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 15/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844639", "to_ids": false, "type": "text", "uuid": "68b94e43-d4f8-4c2e-8254-2853a26c4e40", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:30/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844661", "uuid": "129eff1c-cb38-4c22-aa45-12bb6f6b8dd0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844661", "to_ids": true, "type": "md5", "uuid": "ef934faa-fa5b-460e-a538-40c7e1787297", "value": "36927238d81d2af15bc57f66b6a7b10d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844661", "to_ids": true, "type": "sha1", "uuid": "60cf2a50-4db4-4f9b-8a24-e90816905c5b", "value": "fabe87356facfcece41add31009fa25791bdb372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844661", "to_ids": true, "type": "sha256", "uuid": "e4091999-6deb-4775-b72f-c9624d6fd374", "value": "d2c7dbbd26c0343b66078708b421e2344c52ecdf97f09aa77a32c662b5cfdf22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844661", "to_ids": true, "type": "ssdeep", "uuid": "221fcea6-55a1-402f-a0d0-cb3d00e8941d", "value": "1536:rnGt6XLt6Xu3NgYWlF9D/e0pMZ77NFXsH:rGMXLMXuGDBW1Z77XsH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844661", "to_ids": false, "type": "size-in-bytes", "uuid": "ffcd232b-579e-41b8-b010-4aeeb32d4521", "value": "56785" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844661", "to_ids": true, "type": "vhash", "uuid": "7af8144c-a92c-4ac6-b8dc-03ce4e022658", "value": "fad1bdead7485f65087bcc750aee2023" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844661", "to_ids": true, "type": "filename", "uuid": "18acdf12-3bc0-443e-8553-ad9371be1614", "value": "36927238d81d2af15bc57f66b6a7b10d.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844661", "to_ids": false, "type": "text", "uuid": "8b2653c4-86c6-4317-baf8-dd60f2930868", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:29/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844683", "uuid": "07837ca7-96c3-47d9-8816-8b521f6cb40b", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844682", "to_ids": true, "type": "md5", "uuid": "3fe3fbfb-fc48-4fd1-8adc-78ffe6591d89", "value": "5df6703100c83cc4d8b41be4aba92eaa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844683", "to_ids": true, "type": "sha1", "uuid": "01f10c06-8681-4172-a183-c0b07b912fc3", "value": "c21cc62116dc6209db9ae0d827a573a9e8cef787", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844683", "to_ids": true, "type": "sha256", "uuid": "82457ba2-6946-423a-a232-b256ff245dc3", "value": "26ea337a03765a2fcfb793df6dbecf06dc125fc48ebcd7393541fdd2ccc206ba", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844682", "to_ids": true, "type": "ssdeep", "uuid": "8f3105bf-292b-4bb9-b99f-95638e54216e", "value": "3072:ghkCVLXQ+w3OMexluNmbaK7PJw7hfw+eP0bV3xmoydCaCD7ROf4:ix3w3OMexMNmOK7Pq7hfBbVEoydCX7RP" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844682", "to_ids": false, "type": "size-in-bytes", "uuid": "b523006b-23d8-4987-beec-8eb47ca7d32c", "value": "171559" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844682", "to_ids": true, "type": "vhash", "uuid": "edd6c8ba-028c-4961-95ae-63519e9b5747", "value": "287e43d7e278537cfc6e4787d24a470f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844682", "to_ids": true, "type": "filename", "uuid": "3971a562-d7f1-405c-b34d-fb2fe40a59c6", "value": "5df6703100c83cc4d8b41be4aba92eaa.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844682", "to_ids": false, "type": "text", "uuid": "b4723790-69d2-468e-90a6-0bcf58792f93", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844704", "uuid": "6b4400b4-ba17-4a0b-a2c9-88df06784aa3", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844704", "to_ids": true, "type": "md5", "uuid": "005d7e10-31f7-487c-885d-f768e2a9dfc4", "value": "cf1735d205c077048199991d6f6fc36a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844704", "to_ids": true, "type": "sha1", "uuid": "382dfca7-f485-4038-8eac-a5eff41d307a", "value": "1522727b4816364da320270fe80c14002e634029", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844704", "to_ids": true, "type": "sha256", "uuid": "4ceeb0e9-6b4f-4b88-ad92-7f07d897e079", "value": "6b9b840ff27e8dc876f9c1791d2fd32fe0541232af659926a3ffe9915a2e8755", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844704", "to_ids": true, "type": "ssdeep", "uuid": "9e93d1ec-3d19-401a-9851-ae846cdeb77a", "value": "6144:tnM2jZQ5de+IlNdTx4Pr9zbaBFSWaMqtzKyB9ttD5/bxs6zcuutXQFm+aU7Ts:tnl2ZSNd/+t+y1to6zcuuZQGcTs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844704", "to_ids": false, "type": "size-in-bytes", "uuid": "3dd7044f-05a7-4531-92e1-073d204adc4c", "value": "430993" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844704", "to_ids": true, "type": "vhash", "uuid": "f04d5e70-3627-4489-8912-99c9b94a9405", "value": "1721bdd33f8ae5fe0869b28262a97784" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844704", "to_ids": false, "type": "text", "uuid": "064ed2be-f176-4d2d-86b3-41ca63458791", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:32/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844726", "uuid": "a3274b94-e68e-4040-83ab-dfd32e95f2c0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844726", "to_ids": true, "type": "md5", "uuid": "5ce74fbb-92dd-4391-b67a-4a33231fb742", "value": "9f2b921462fd6edc4bf5985e3279c687", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844726", "to_ids": true, "type": "sha1", "uuid": "1c94e15a-6d38-4d4f-9e1a-3071d05eaee2", "value": "d16a945556f2fd89b5585246269cb17e88caeb40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844726", "to_ids": true, "type": "sha256", "uuid": "6c894ff5-ab65-4ca8-840c-74c9e9d4f6d7", "value": "93a4bf66ddfc31868a1b73d8269cc2b46f08355356b535279c6c710656dbabe0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844725", "to_ids": true, "type": "ssdeep", "uuid": "ddea989e-cac5-43a2-937b-2ca59c7243da", "value": "6144:9pWk3xbmfc6GYQAuZEqO5krYujnJR167uuooT6XiqxXehzuaRp/:HVlmfbnmj0uubRwuzp/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844725", "to_ids": false, "type": "size-in-bytes", "uuid": "3fdce4e1-d464-4e54-ae6d-eea82055519c", "value": "298167" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844725", "to_ids": true, "type": "vhash", "uuid": "39b30101-eab5-4fba-8569-6f14557ed8d4", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844725", "to_ids": true, "type": "filename", "uuid": "55601305-53ba-4976-ba15-a54bf31b4a38", "value": "ETSdialer_Server.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 21/05/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844725", "to_ids": false, "type": "text", "uuid": "ac073492-5451-4404-b130-7a0584fcb0e0", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Banker.E!MTB\nVT Total Detection:35/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844747", "uuid": "a6650a5c-9eea-4fd7-b6af-e065e8fa57e9", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844747", "to_ids": true, "type": "md5", "uuid": "3f10a1df-fd8b-4789-90d3-26d1898c184a", "value": "405f129dca1806c80a413beccb4d2b23", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844747", "to_ids": true, "type": "sha1", "uuid": "51e656e0-0f7f-4c88-93c0-6abbc9243c30", "value": "1533f453013cc1177742f334607535283b383369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844747", "to_ids": true, "type": "sha256", "uuid": "09766980-77ec-4e1d-8245-238a18986580", "value": "8cd3e972d6abc3b289e77e352af66c271a1adcb5f8c511c16ace0e0577328e4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844747", "to_ids": true, "type": "ssdeep", "uuid": "3f3474d5-1bcc-4128-b441-65d7671c4113", "value": "1536:u6kwPGt6Xxt6XNsKsqRoXsOYG5AnBJsP/l3ah6REeDMLw/:uOOMXxMXNYqRoD0KNKh6upY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844747", "to_ids": false, "type": "size-in-bytes", "uuid": "ff666847-0a15-454e-ac39-802d56b5c208", "value": "52296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844747", "to_ids": true, "type": "vhash", "uuid": "b998e41b-df07-47af-ab78-979e5b4de360", "value": "8c02d7fcdb49db161e32bdd9848b774f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844747", "to_ids": true, "type": "filename", "uuid": "b47f0b7c-f746-426a-9b89-45187848887d", "value": "405F129DCA1806C80A413BECCB4D2B23.32C05165" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844747", "to_ids": false, "type": "text", "uuid": "e9acae15-fd2b-48e9-b2a5-a956ef3a50a3", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/GlodEagl.A!MTB\nVT Total Detection:31/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740844769", "uuid": "cfc3df61-286b-4d85-bb96-0e85c52038f0", "Attribute": [ { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740844769", "to_ids": true, "type": "md5", "uuid": "c80d9fcd-4c02-4693-bff0-239139ff016a", "value": "ded31f723e456a49345d42ee3d5cb32a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740844769", "to_ids": true, "type": "sha1", "uuid": "d0196c25-4ddf-4074-8a65-56fcb031fc31", "value": "e51a42ee0e2fc4b1577c63553495284b62e1233a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GoldenEagle", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740844769", "to_ids": true, "type": "sha256", "uuid": "0f7335cf-d2ec-48cb-8212-a7116990722d", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740844768", "to_ids": true, "type": "ssdeep", "uuid": "4a3b8188-e08a-4444-9474-50987c86062d", "value": "6144:NK2GzZ1giVlfx1RUl/vTAeK8cFVS5eX7jm5e:NPUZ1gmzmFT1cS0XvmI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740844768", "to_ids": false, "type": "size-in-bytes", "uuid": "aed5ad1d-7a85-4479-a31f-fb2a926bb835", "value": "291219" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740844768", "to_ids": true, "type": "vhash", "uuid": "b127a546-eebb-4487-b663-b1adf26ea49f", "value": "475db0a0ad8a0f0d84c67febe0834bfa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740844768", "to_ids": true, "type": "filename", "uuid": "24adf3c4-cf63-49e7-8134-1df447ab158c", "value": "3e2818bc2ee69eb29bc7b42389956f4cedd8c5d3bb86362a704bd849fed954b5.apk" }, { "category": "Other", "comment": "Checked: 01/03/2025\nLast-scan\t: 13/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740844768", "to_ids": false, "type": "text", "uuid": "0e484339-5c6b-43f7-b14d-7c62a103323f", "value": "GoldenEagle\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:39/69" } ] } ] } }