{ "Event": { "analysis": "1", "date": "2025-12-18", "extends_uuid": "", "info": "[Threat Intel] Attempts to sniff out governmental affairs in Southeast Asia and Japan", "protected": false, "publish_timestamp": "1780041346", "published": true, "threat_level_id": "2", "timestamp": "1780041345", "uuid": "517eafe1-ab7d-4604-833b-542ca374cd2c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#b672a4", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task/Job - T1053\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:region=\"035 - South-eastern Asia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"AppDomainManager - T1574.014\"", "relationship_type": "" }, { "colour": "#d58a16", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive Collected Data - T1560\"", "relationship_type": "" }, { "colour": "#08b028", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Asymmetric Cryptography - T1573.002\"", "relationship_type": "" }, { "colour": "#57997c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bidirectional Communication - T1102.002\"", "relationship_type": "" }, { "colour": "#4edbe6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Browser Information Discovery - T1217\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Cloud Accounts - T1585.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compression - T1027.015\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Debugger Evasion - T1622\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Disable or Modify Tools - T1562.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted/Encoded File - T1027.013\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\"", "relationship_type": "" }, { "colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#d12299", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1564.003\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#72ee33", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1056.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#5bb38b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malware - T1588.001\"", "relationship_type": "" }, { "colour": "#7da4ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Resource Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#f5a258", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Native API - T1106\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Reflective Code Loading - T1620\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#56c932", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Symmetric Cryptography - T1573.001\"", "relationship_type": "" }, { "colour": "#c8f8ef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Binary Proxy Execution - T1218\"", "relationship_type": "" }, { "colour": "#ece0df", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1767174545", "to_ids": false, "type": "link", "uuid": "5c42ebc9-36bd-45fe-ada3-aa5c833cafdc", "value": "https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1767174545", "to_ids": false, "type": "text", "uuid": "e81ebb1f-30d9-4cb9-b1d9-db96e57994f7", "value": "A newly discovered China-aligned APT group named LongNosedGoblin has been targeting governmental entities in Southeast Asia and Japan for cyberespionage purposes. The group employs a varied custom toolset consisting mainly of C#/.NET applications and notably uses Group Policy to deploy malware and move laterally across compromised networks. Their main tools include NosyHistorian for collecting browser history, NosyDoor backdoor using cloud services as C&C, and NosyStealer for exfiltrating browser data. The group has been active since at least September 2023 and uses techniques like AMSI bypassing and living-off-the-land tactics. LongNosedGoblin's campaigns involve multiple stages of execution and various malware components, showcasing a sophisticated approach to cyber espionage operations." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1767174545", "to_ids": false, "type": "text", "uuid": "333b7787-57fa-4911-b49f-baa33c87ae26", "value": "Name: Attempts to sniff out governmental affairs in Southeast Asia and Japan\nAuthor: AlienVault\nAdversary: LongNosedGoblin\nTags: [\"china-aligned\", \"custom malware\", \"nosydownloader\", \"southeast asia\", \"apt\", \"group policy\", \"nosyhistorian\", \"nosylogger\", \"nosydoor\", \"nosystealer\", \"japan\", \"cloud services\", \"cyberespionage\"]\nTgtd countries: [\"Japan\"]\nMlwr families: [\"NosyHistorian\", \"NosyDoor\", \"NosyStealer\", \"NosyDownloader\", \"NosyLogger\"]\nAttack_ids: [\"T1056\", \"T1053\", \"T1074\", \"T1027\", \"T1082\", \"T1574\", \"T1573\", \"T1036\"]\nIndustries: [\"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1767174545", "to_ids": false, "type": "threat-actor", "uuid": "04770dc9-d269-4170-8f7b-273ef125a22a", "value": "LongNosedGoblin" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548430", "to_ids": true, "type": "sha256", "uuid": "16ce2d59-18bf-4dfb-a416-1e1c18c3403e", "value": "d53fcc01038e20193fbd51b7400075cf7c9c4402b73da7b0db836b000ebd8b1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041337", "to_ids": true, "type": "ip-dst", "uuid": "1ae49f95-1a50-4174-a5a0-100ea00864cb", "value": "101.99.88.113", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b388f4", "local": false, "name": "asn:asn=\"45839\"", "relationship_type": "" }, { "colour": "#d72d0f", "local": false, "name": "asn:as-owner=\"SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041339", "to_ids": true, "type": "ip-dst", "uuid": "3043b029-9dc9-4676-8402-cf0dafa783fa", "value": "101.99.88.188", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b388f4", "local": false, "name": "asn:asn=\"45839\"", "relationship_type": "" }, { "colour": "#d72d0f", "local": false, "name": "asn:as-owner=\"SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041340", "to_ids": true, "type": "ip-dst", "uuid": "3685bd3f-c749-4f24-a2f1-c04169d27fb9", "value": "118.107.234.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fb4fbd", "local": false, "name": "asn:asn=\"45352\"", "relationship_type": "" }, { "colour": "#8fb886", "local": false, "name": "asn:as-owner=\"IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041342", "to_ids": true, "type": "ip-dst", "uuid": "7c7a6916-ab7b-4cf2-956f-8271a6cfb1f4", "value": "118.107.234.29", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fb4fbd", "local": false, "name": "asn:asn=\"45352\"", "relationship_type": "" }, { "colour": "#8fb886", "local": false, "name": "asn:as-owner=\"IPSERVERONE-AS-AP IP ServerOne Solutions Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041344", "to_ids": true, "type": "ip-dst", "uuid": "d0edbc29-ecc6-40b8-8e72-0505a8d441ce", "value": "38.54.17.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714082", "to_ids": true, "type": "domain", "uuid": "60a36852-d1c0-4808-a002-e08f48c675e2", "value": "newso.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714103", "to_ids": true, "type": "domain", "uuid": "61fd69a3-ab34-49ff-a323-1b77f656de74", "value": "policy-my.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714125", "to_ids": true, "type": "hostname", "uuid": "e661b6a4-f6fb-4c30-8e69-f81144ae3c99", "value": "dev0-411506.iam.gserviceaccount.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714146", "to_ids": true, "type": "hostname", "uuid": "cdb41f2a-0039-40b1-9aea-5a69a87e50ec", "value": "40dev0-411506.iam.gserviceaccount.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548451", "to_ids": true, "type": "sha1", "uuid": "02894c69-e321-4b5e-a9d6-506fc5fbb020", "value": "4e3f6e9d0f443f4c42974a0551eee957b498da3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548472", "to_ids": true, "type": "sha1", "uuid": "6a30f4c3-fc62-441b-9553-6c42f15980e9", "value": "cd745bd2636f607cc4fb9389535bf3579321ca72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548493", "to_ids": true, "type": "sha1", "uuid": "7cb13f01-5600-49bb-ad16-d56778524c73", "value": "154a35dd4117db760699c2092afb307e94008506", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548514", "to_ids": true, "type": "sha1", "uuid": "9aa70ca2-b79e-490b-b012-ee36a5bfd941", "value": "b1d4a283a9ccc9e34993dd2093a904afbd88b9b9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548535", "to_ids": true, "type": "sha1", "uuid": "742dfca5-76f5-4cbe-85aa-67f1da4bda57", "value": "77d2a8cb316b7a470e76e163551a00bb16a696c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548556", "to_ids": true, "type": "sha1", "uuid": "6b9a8a4b-ca5d-4813-8ef1-55f966d6ec6b", "value": "f93e449c5520c4718e284375c54be33711505985", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548578", "to_ids": true, "type": "sha1", "uuid": "e651ac24-f3cc-4504-bbe5-8f07e3464811", "value": "1959e2198d6f81b2604df7ac1f508aeb7a6fa07e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548599", "to_ids": true, "type": "sha1", "uuid": "a8fdaa76-4f72-4476-888c-eb909804b325", "value": "e0b44715bc4c327c04e63f881ecc087b7acbd306", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548620", "to_ids": true, "type": "sha1", "uuid": "7f71a7f1-6bdb-47cf-a875-9f0cf1f0363f", "value": "43c8ae8561e7e3bf9cd748136c091099e5cbeeee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548641", "to_ids": true, "type": "sha1", "uuid": "a1d37ba3-e1bf-49c0-ba38-db998903d2e0", "value": "d11fc2d6159cb8ba392b145b3ee4adfa15db4c83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548662", "to_ids": true, "type": "sha1", "uuid": "50bd0022-4bb4-466c-a25c-23330d201ce8", "value": "a0a80ac293645076ebae393ff0a6a4229e2ede1c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548683", "to_ids": true, "type": "sha1", "uuid": "ea6fdb05-fafd-4386-b1a9-ee6040d8aae2", "value": "ddbbae33e04a49d17dd24d85b637667b4407ae19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548704", "to_ids": true, "type": "sha1", "uuid": "85aea951-a063-49fa-a8ae-1f9d43f17bf5", "value": "f5b7440ee25116a49ec5ee82507b353880217ac1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548726", "to_ids": true, "type": "sha1", "uuid": "87470e1e-dc6b-4891-9e80-71d656d833fe", "value": "85939c56bfcacd0993e6fb9f7cfd6137601fb7d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548747", "to_ids": true, "type": "sha1", "uuid": "1e9a53a6-322b-4b1e-b2fd-058cb0b0b677", "value": "c66f9fec0f8cbf577840944f61198a75b3e2a58c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548768", "to_ids": true, "type": "sha1", "uuid": "b20a6e7b-6133-4fb4-9eda-c4af40ac60cb", "value": "4c2fcce3bab4144d90c741a6d77adf209c786b54", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548790", "to_ids": true, "type": "sha1", "uuid": "d6fe7c36-f3c8-46aa-9c33-b79be60e8c03", "value": "161a25cb0b8fa998bf1bdee31f06f24876453cdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548811", "to_ids": true, "type": "sha1", "uuid": "6791532f-3480-4f32-9767-152796772835", "value": "5ae440805719250aaefee9b39dacd23d2fb573cd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548832", "to_ids": true, "type": "sha1", "uuid": "8d47b7a3-7f2f-463f-ba3f-cf02b52954bf", "value": "e93d32c739825519a10a4c52c5f1ee33936e4fdb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548853", "to_ids": true, "type": "sha1", "uuid": "b294f6d3-c101-4639-bc18-d233aed46191", "value": "212126896d38c1ee57320fb6940fed7a6e30d9ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548874", "to_ids": true, "type": "sha1", "uuid": "1bddbf2f-54de-4221-91b1-babd88ca6799", "value": "cffe15aa4d0f9e6577ccb509ace9c588937943f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548896", "to_ids": true, "type": "sha1", "uuid": "c57d694f-7ea4-4227-bec6-d897856707ef", "value": "6ac22ce60b706e3b9a7927633116911e1087c0d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548917", "to_ids": true, "type": "sha1", "uuid": "b6b3609f-d71b-4020-8891-1cd89011f902", "value": "2c1959dd85424cedc96b1bb86a95fca440cb9e36", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548938", "to_ids": true, "type": "sha1", "uuid": "29a82ffd-0852-4218-ac5a-1b2d34b626c6", "value": "46107b1292b830d9bcebbda6eedb32fbc05707b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548959", "to_ids": true, "type": "sha1", "uuid": "162196a1-8bfd-43f4-9bff-7252fd1ab801", "value": "581464978c29b2bc79c65766e62011c94d2cbeab", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768548981", "to_ids": true, "type": "sha1", "uuid": "ddd98b87-bea4-40c0-ad5f-b9a32df892e5", "value": "0d91a0e52212ec44e32c47f7760af3b473b72798", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768549002", "to_ids": true, "type": "sha1", "uuid": "67bf7ba1-c0aa-4d74-8f4e-d39af8cbb91c", "value": "48d715466857fb0c6cd0249de6d960fc199438e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768549024", "to_ids": true, "type": "sha1", "uuid": "d3dc71cf-7328-40d0-8fba-f74aac8e7b9a", "value": "563677cfacd328ea2478836e58a8bd0df11206a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:16/01/2026 No sample in VT\r\nLast check:16/01/2026", "deleted": false, "disable_correlation": false, "timestamp": "1768549045", "to_ids": true, "type": "sha1", "uuid": "a3aa2988-44d7-4de8-83d3-30678841473f", "value": "ac2264c56121141daf751a3852cd34f3acb1d63c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714167", "to_ids": true, "type": "hostname", "uuid": "c4654150-b6d7-4050-a061-26401c621a8d", "value": "www.sslvpnserver.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041345", "to_ids": true, "type": "ip-dst", "uuid": "877deac4-4bb9-4765-9545-16fad14c7b46", "value": "103.159.132.30", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#78321d", "local": false, "name": "asn:asn=\"55720\"", "relationship_type": "" }, { "colour": "#295f2f", "local": false, "name": "asn:as-owner=\"GIGABIT-MY Gigabit Hosting Sdn Bhd\"", "relationship_type": "" }, { "colour": "#12ee4d", "local": false, "name": "asn:as-country=\"MY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"malaysia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714210", "to_ids": true, "type": "hostname", "uuid": "71e44a89-0f37-42f3-aa58-23a919bec291", "value": "www.threadstub.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714231", "to_ids": true, "type": "hostname", "uuid": "f0850037-8aa8-4d7f-becd-8eba45144866", "value": "www.blazenewso.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1768714253", "to_ids": true, "type": "hostname", "uuid": "ad9e26b8-2b51-4adb-a3f4-38d2f6813810", "value": "www.privacypolicy-my.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1768714274", "uuid": "c6c00977-cde7-4955-a4e6-19400f92a961", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1768714274", "to_ids": true, "type": "md5", "uuid": "130da75f-cfd7-49cd-b57a-af67d712da11", "value": "882a886c33950e78c51a5586fbe8d8eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1768546350", "to_ids": true, "type": "sha1", "uuid": "882b796e-57d2-403a-80be-6f33da670912", "value": "60158c509446893b3b57d40dc4b4b3795fcdf369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1768546350", "to_ids": true, "type": "sha256", "uuid": "aeb480cf-5677-44e4-9dac-7b1b5868cec5", "value": "012d35db72e0190ff649cb2d8fc91b6ca8e1f8677a172941e6c7ad49f4f0cb9a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1768538862", "to_ids": true, "type": "ssdeep", "uuid": "a225e599-cf5c-467b-b771-9c4b496eb6af", "value": "49152:XPBuh9/hedf6lViBgdBAUZLYasSpGaXBuQQ9u:/BcBhe96lrBAUZLh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1768538862", "to_ids": false, "type": "size-in-bytes", "uuid": "8dae0752-a8d4-4b3a-8d31-1c8d55d0cb83", "value": "1771520" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1768538862", "to_ids": true, "type": "vhash", "uuid": "d999d504-fdff-4fb0-8bb1-ae70286a64f5", "value": "01608f6d156c0d5d1d151az2e74=z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1768538862", "to_ids": true, "type": "filename", "uuid": "58791e94-8171-4f79-8952-fb73d613f5d0", "value": "BrStMonW.exe" }, { "category": "Other", "comment": "Checked: 16/01/2026\nLast-scan\t: 16/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1768538862", "to_ids": false, "type": "text", "uuid": "aed2a949-7843-4498-a4de-83021d407374", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:45/71\nFirst Submission:2024-09-28T03:43:45.000000+00:00\nLast Submission:2024-09-28T03:43:45.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1768714296", "uuid": "cbbea849-d482-4cad-abaa-f64fe4545eaf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1768714296", "to_ids": true, "type": "md5", "uuid": "323ef769-82af-496d-b443-7a25a2cd6de0", "value": "10a9d2a3478b58b3bf669a101c3cf41f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1768546351", "to_ids": true, "type": "sha1", "uuid": "94ff97d0-a4b1-4c64-b2ad-e0dd7532fd2c", "value": "4d61a9fbbcc4f7a37be21548b55bb5b9b837f83b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1768546351", "to_ids": true, "type": "sha256", "uuid": "7cd1a0da-5e1c-4ac7-87c3-473322784f5f", "value": "5959d4414cc6764212679eec7c9ed5911eed6d24f310bc7b9ba570e11b84be8f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1768538990", "to_ids": true, "type": "ssdeep", "uuid": "99d8d6a3-f7df-47fa-b401-8129ea4354ee", "value": "768:+gUDQDfGvsPkr4QtgwpR2MHI+wpmYt4OQ:rUIfEP4twpR2itwpmYt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1768538990", "to_ids": false, "type": "size-in-bytes", "uuid": "23b6b693-375e-4023-91fb-0de2d6f6bc5c", "value": "35840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1768538990", "to_ids": true, "type": "vhash", "uuid": "70857b89-c6ea-4ae6-8e59-a17844a79e9d", "value": "134066655d1515151az15wz344z5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1768538990", "to_ids": true, "type": "filename", "uuid": "851d7409-ff66-404f-a05b-d60b340bf982", "value": "uudqn6mz0.exe" }, { "category": "Other", "comment": "Checked: 16/01/2026\nLast-scan\t: 08/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1768538990", "to_ids": false, "type": "text", "uuid": "4f6b4b22-40d7-4b74-9d9d-3f0f762cc56d", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:45/71\nFirst Submission:2024-03-18T04:29:23.000000+00:00\nLast Submission:2024-06-15T17:48:36.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1768714317", "uuid": "f4f01f95-f730-44af-a432-6d6ea43ee01b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1768714317", "to_ids": true, "type": "md5", "uuid": "34fb2830-17c7-490f-9b11-52302328723f", "value": "73e3e91df565c25edde105d2d07d10aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1768546353", "to_ids": true, "type": "sha1", "uuid": "34379d3c-490c-4be3-8eb8-9019bb312424", "value": "70a615bc580522e1eee4b61394dc7a247fe47022", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1768546353", "to_ids": true, "type": "sha256", "uuid": "db1117c7-b23a-4e8e-ba2f-d3e42d8bed4a", "value": "d8324c16ebb360ba431c0db94954c084c6eb6d855c26923355ad8a82a94e1f69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1768539266", "to_ids": true, "type": "ssdeep", "uuid": "7ebf7490-0b34-4630-a96a-96cafdbbc07f", "value": "48:64MvLeasT850hJfGpnmbT6BF94jq7BqAa6sNNMku5blLHLtNlS5fXoiJE1Cd6lAG:sPsTNJYnoOBFAq1q7wikAEtHuuozNt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1768539266", "to_ids": false, "type": "size-in-bytes", "uuid": "0cc5ba10-5932-486c-955b-a876b312102f", "value": "7168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1768539266", "to_ids": true, "type": "vhash", "uuid": "0d199980-5d13-46ac-a67f-17a8a2dec55c", "value": "27303655151608241z20" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1768539266", "to_ids": true, "type": "filename", "uuid": "8ad6122f-f11d-4365-b156-138056147843", "value": "GetBrowserHistory.exe" }, { "category": "Other", "comment": "Checked: 16/01/2026\nLast-scan\t: 12/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1768539266", "to_ids": false, "type": "text", "uuid": "69f1d7d4-3623-45a8-b5a0-9f437b361ffe", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Malgent!MSR\nVT Total Detection:43/71\nFirst Submission:2025-10-04T04:35:52.000000+00:00\nLast Submission:2025-10-04T04:35:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1768714338", "uuid": "4b943628-8264-4be8-b110-c658f40380a9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1768714338", "to_ids": true, "type": "md5", "uuid": "eae46062-749d-4137-8803-7fc29544dc8c", "value": "6c14ba3d2b0b107b2a31d1f01f516581", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1768546354", "to_ids": true, "type": "sha1", "uuid": "1e690030-ad14-4380-89c9-e8745227d1cf", "value": "e9c5e4aa335dfbd25786234a58ce4c9c551d1a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1768546354", "to_ids": true, "type": "sha256", "uuid": "712c8d2a-e072-458e-aa54-85efc285a929", "value": "71b95c3759f2c3e79ad7fa3e416f1f97f4fd291d77384e77128c86dda38830a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1768539288", "to_ids": true, "type": "ssdeep", "uuid": "426f342d-6d19-49ef-984c-5e91a6e2eafe", "value": "12288:j6nt+DBB9vrWQ4EFaCpR/ov+qPvUFaCF:j6t+DBB9vrWQ4kvH/oTUF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1768539288", "to_ids": false, "type": "size-in-bytes", "uuid": "30e2e607-0984-45f9-a40e-ecbb8184ab37", "value": "752128" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1768539288", "to_ids": true, "type": "vhash", "uuid": "f2f53a07-8ea9-4dbd-8cdd-00ebd05397ae", "value": "175076655d1555150551z22z2a005e7z704az4ffz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1768539288", "to_ids": true, "type": "filename", "uuid": "e22fc161-db9a-450d-82b6-c34860ef1f23", "value": "oci.dll" }, { "category": "Other", "comment": "Checked: 16/01/2026\nLast-scan\t: 08/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1768539288", "to_ids": false, "type": "text", "uuid": "b629f5d6-7c07-4f9c-952d-373c7e013f82", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:41/71\nFirst Submission:2025-10-14T08:36:56.000000+00:00\nLast Submission:2025-10-20T02:49:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1768714360", "uuid": "b5fd24a8-0f80-462e-9158-1ea43a6df19c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1768714360", "to_ids": true, "type": "md5", "uuid": "c4a0bcfc-fb86-4d97-b271-f381bd9c04ab", "value": "86db668d77f528c68666a586ba1bf3e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1768546355", "to_ids": true, "type": "sha1", "uuid": "827deeaa-ae13-4606-8587-755b4b104e6c", "value": "ec9ceb599df3bdffad536900d0e6d48e2e5ff12b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1768546355", "to_ids": true, "type": "sha256", "uuid": "81781f07-2d4d-48b0-81da-deb56fdd7217", "value": "9941507608de23e8457ca0040356e7aa589a1cc2db24e5fee86fabfa0d1c3b01", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1768539310", "to_ids": true, "type": "ssdeep", "uuid": "741678df-d5af-4cb3-9627-2e0db3ec7181", "value": "12288:xWmGsX2RE/URHkqzdTqka0NUKMvHWwdP3opuubm5p:xW7sX2RE/6EIdRJNfMv2wNop" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1768539310", "to_ids": false, "type": "size-in-bytes", "uuid": "31cbb40b-39f2-4727-b457-14617fac9fde", "value": "763904" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1768539310", "to_ids": true, "type": "vhash", "uuid": "9f5129f6-7cb1-42a0-916b-cca78d41be21", "value": "175076655d1555150551z22z2a005f7z704az4fez1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1768539310", "to_ids": true, "type": "filename", "uuid": "7002e5ad-6bba-4706-ab9f-a6b4c2ea4b14", "value": "mscorsvc.dll" }, { "category": "Other", "comment": "Checked: 16/01/2026\nLast-scan\t: 08/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1768539310", "to_ids": false, "type": "text", "uuid": "540218c8-97ee-4785-9b34-fe00c9119c63", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/CryptInject!MSR\nVT Total Detection:47/71\nFirst Submission:2025-09-16T07:41:00.000000+00:00\nLast Submission:2025-12-15T09:59:50.000000+00:00" } ] } ] } }