{ "Event": { "analysis": "2", "date": "2015-02-16", "extends_uuid": "", "info": "[Threat Intel] Equation: The Death Star of Malware Galaxy", "protected": false, "publish_timestamp": "1780382471", "published": true, "threat_level_id": "1", "timestamp": "1780039766", "uuid": "574f2274-bd92-4f01-a401-47d8909fc04c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Equation Group\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Regin\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleFantasy (ELF)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"DoubleFantasy (Windows)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"EquationDrug\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Fanny\"", "relationship_type": "" }, { "colour": "#86e845", "local": false, "name": "misp-galaxy:target-information=\"Afghanistan\"", "relationship_type": "" }, { "colour": "#0f0428", "local": false, "name": "misp-galaxy:target-information=\"Algeria\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#20a667", "local": false, "name": "misp-galaxy:target-information=\"Iran\"", "relationship_type": "" }, { "colour": "#fbaa07", "local": false, "name": "misp-galaxy:target-information=\"Kenya\"", "relationship_type": "" }, { "colour": "#4cebc3", "local": false, "name": "misp-galaxy:target-information=\"Lebanon\"", "relationship_type": "" }, { "colour": "#031c9d", "local": false, "name": "misp-galaxy:target-information=\"Libya\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#83bd88", "local": false, "name": "misp-galaxy:target-information=\"Mali\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#21c959", "local": false, "name": "misp-galaxy:target-information=\"Qatar\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Syria\"", "relationship_type": "" }, { "colour": "#a24b57", "local": false, "name": "misp-galaxy:target-information=\"United Arab Emirates\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#9077b1", "local": false, "name": "misp-galaxy:target-information=\"Yemen\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740327662", "to_ids": false, "type": "link", "uuid": "a2a42831-ecde-4f83-a920-cb5abf1cb94b", "value": "https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740327673", "to_ids": false, "type": "link", "uuid": "900f08f5-5a85-42a3-ac36-1a6ab9633b74", "value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf" }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389723", "to_ids": true, "type": "domain", "uuid": "a771aa55-d234-41f8-a693-818024a8fda2", "value": "advancing-technology.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389744", "to_ids": true, "type": "domain", "uuid": "7b7d9173-eb18-4559-a6fb-ab970cfe9085", "value": "avidnewssource.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389765", "to_ids": true, "type": "domain", "uuid": "0d990e18-63f2-4408-91b1-3fb4b1957d27", "value": "businessdealsblog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389787", "to_ids": true, "type": "domain", "uuid": "e87ad364-df2b-4597-bcbf-6cb0db2324b0", "value": "businessedgeadvance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389808", "to_ids": true, "type": "domain", "uuid": "ec1df9f8-2311-421c-964c-a591ba39df38", "value": "charging-technology.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389829", "to_ids": true, "type": "domain", "uuid": "e81a34e1-1f96-4e53-9332-24ed582a4fde", "value": "computertechanalysis.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389850", "to_ids": true, "type": "hostname", "uuid": "3ab1862e-2868-47ef-b717-31cafc5a127d", "value": "config.getmyip.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389871", "to_ids": true, "type": "domain", "uuid": "01da7b61-9586-4cbb-9828-88dc0d1613d1", "value": "globalnetworkanalys.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389893", "to_ids": true, "type": "domain", "uuid": "a565c1ed-07ec-4b90-a770-6ff0899c512a", "value": "melding-technology.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389914", "to_ids": true, "type": "domain", "uuid": "6ff91e27-a5b3-4d34-a9b8-38b5d30d8999", "value": "myhousetechnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389935", "to_ids": true, "type": "domain", "uuid": "13acf400-53ea-416a-9363-51401a769962", "value": "newsterminalvelocity.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389956", "to_ids": true, "type": "domain", "uuid": "ca2e4991-af0b-457a-8242-0fcf695e323b", "value": "selective-business.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389977", "to_ids": true, "type": "domain", "uuid": "e02b4448-9868-40a4-8eaa-1f6682c7f406", "value": "slayinglance.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741389998", "to_ids": true, "type": "domain", "uuid": "226d1ecb-685e-458a-a4b4-ec08b04f39cb", "value": "successful-marketing-now.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390020", "to_ids": true, "type": "domain", "uuid": "5a548ec4-06d6-46c2-9b5e-c8a3c7442587", "value": "taking-technology.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390041", "to_ids": true, "type": "domain", "uuid": "8ea9cb79-5cea-449b-9078-a3f23545cb2e", "value": "techasiamusicsvr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390063", "to_ids": true, "type": "domain", "uuid": "ddde75e6-6e26-4b08-a1dd-84d7416853ab", "value": "technicaldigitalreporting.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390084", "to_ids": true, "type": "domain", "uuid": "21d585bd-0676-4eef-9b7d-4dbee45d1214", "value": "timelywebsitehostesses.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390106", "to_ids": true, "type": "hostname", "uuid": "39bdaf5d-4259-404b-97cd-7d193a5bf5ef", "value": "www.dt1blog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "DoubleFantasy C&C", "deleted": false, "disable_correlation": false, "timestamp": "1741390128", "to_ids": true, "type": "hostname", "uuid": "0a76e780-f6cc-49ee-87f7-35d256bac60a", "value": "www.forboringbusinesses.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationLaser C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390149", "to_ids": true, "type": "domain", "uuid": "fdf7c555-0fe0-48ed-a51e-74c638376152", "value": "lsassoc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationLaser C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390170", "to_ids": true, "type": "domain", "uuid": "31dd9923-fdc5-47ca-9e42-0dfc62d2785d", "value": "gar-tech.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Fanny C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390192", "to_ids": true, "type": "hostname", "uuid": "3bfa2f0a-7b9b-40b0-b375-1c859796b086", "value": "webuysupplystore.mooo.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390213", "to_ids": true, "type": "domain", "uuid": "e66a9f01-88fa-4867-b9a8-121b3b06d77b", "value": "newjunk4u.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390234", "to_ids": true, "type": "domain", "uuid": "1727a84b-679e-42a6-8b09-415175fefc98", "value": "easyadvertonline.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390255", "to_ids": true, "type": "hostname", "uuid": "7ac9c4b8-5c7a-407e-acfa-1e93130a4e48", "value": "newip427.changeip.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390276", "to_ids": true, "type": "domain", "uuid": "833f7627-7ce8-463f-b006-b1d77737dacf", "value": "ad-servicestats.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390297", "to_ids": true, "type": "domain", "uuid": "db8d1d4e-43c0-445b-8111-2e65dbc49ea2", "value": "subad-server.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390318", "to_ids": true, "type": "domain", "uuid": "04b0ec18-7546-4864-b344-a12efb7cba4f", "value": "ad-noise.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390339", "to_ids": true, "type": "domain", "uuid": "db311fc5-9c44-4c31-869a-097043fcd691", "value": "ad-void.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390361", "to_ids": true, "type": "domain", "uuid": "67a4c4f2-0b46-4e18-a62f-b36544e2069e", "value": "aynachatsrv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390382", "to_ids": true, "type": "domain", "uuid": "75056ecd-56c5-4151-aaaa-c21fc816dc61", "value": "damavandkuh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390403", "to_ids": true, "type": "domain", "uuid": "2441bd66-6b88-4d31-b048-c7b840bb3bd2", "value": "fnlpic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390424", "to_ids": true, "type": "domain", "uuid": "d1294cee-0766-47d5-a33d-25762fef8885", "value": "monster-ads.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390445", "to_ids": true, "type": "domain", "uuid": "b6ebf5f0-fa14-4406-9a6c-322aba2f1b6c", "value": "nowruzbakher.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390466", "to_ids": true, "type": "domain", "uuid": "b34a8280-3299-4211-9d87-24af24c184b7", "value": "sherkhundi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390488", "to_ids": true, "type": "domain", "uuid": "cc4d4bc6-4e45-4444-8bce-db26e504d585", "value": "quik-serv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390509", "to_ids": true, "type": "domain", "uuid": "12f89951-88af-4078-adf6-e5a91d275526", "value": "nickleplatedads.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390530", "to_ids": true, "type": "domain", "uuid": "ab468e84-49d7-45d2-8c81-758a549bfd08", "value": "arabtechmessenger.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390551", "to_ids": true, "type": "domain", "uuid": "cee14786-ade1-427d-972a-1cbf3b1c7dc1", "value": "amazinggreentechshop.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390572", "to_ids": true, "type": "domain", "uuid": "6ef860ec-db63-4409-a8e6-be41203954cc", "value": "foroushi.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390593", "to_ids": true, "type": "domain", "uuid": "f86626ea-2c2a-40a5-9ea5-0b1d1a245c15", "value": "technicserv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390614", "to_ids": true, "type": "domain", "uuid": "3817d485-031d-4c06-8e96-a5bc53fd08c5", "value": "goldadpremium.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390635", "to_ids": true, "type": "domain", "uuid": "09105772-b68a-43bd-81dd-b59a3c76797d", "value": "honarkhaneh.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390656", "to_ids": true, "type": "domain", "uuid": "ea4410ae-8165-4b5d-bd7d-93015f7c8eb3", "value": "parskabab.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390677", "to_ids": true, "type": "domain", "uuid": "e1f09049-a2a8-4971-a25e-463d2921e2db", "value": "technicupdate.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390698", "to_ids": true, "type": "domain", "uuid": "f0725535-21e4-493f-9a99-9ecb12d051bb", "value": "technicads.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390720", "to_ids": true, "type": "domain", "uuid": "c03c9dd7-a93a-4285-b630-893830f18ab2", "value": "customerscreensavers.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390742", "to_ids": true, "type": "domain", "uuid": "c0d594be-a1d3-4385-b9d9-739b0f468c7d", "value": "darakht.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390763", "to_ids": true, "type": "domain", "uuid": "c04978d3-2d33-4e18-b5c2-68cb1af56722", "value": "ghalibaft.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390784", "to_ids": true, "type": "domain", "uuid": "3ecba666-fd25-4efc-95b0-6e06ec360714", "value": "adservicestats.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390805", "to_ids": true, "type": "domain", "uuid": "b554ec4a-7f19-4c9d-b9fe-17f2da56d320", "value": "247adbiz.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390826", "to_ids": true, "type": "domain", "uuid": "463447e4-42ba-4428-9388-698641b7eabd", "value": "webbizwild.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390847", "to_ids": true, "type": "domain", "uuid": "4fcefbd4-97c6-45a4-ab5f-b48fff7d6e99", "value": "roshanavar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390869", "to_ids": true, "type": "domain", "uuid": "66db0a75-6abd-44dc-b5d0-625474ea7d3f", "value": "afkarehroshan.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390890", "to_ids": true, "type": "domain", "uuid": "034ee034-11a5-4b99-a07f-a1bccfe28687", "value": "thesuperdeliciousnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390911", "to_ids": true, "type": "domain", "uuid": "a66b676c-4aca-423f-80de-473793e9904a", "value": "adsbizsimple.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390932", "to_ids": true, "type": "domain", "uuid": "8ca9bc08-6531-4888-a118-eaa84e8933d3", "value": "goodbizez.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390954", "to_ids": true, "type": "domain", "uuid": "fa83a2c6-8188-4fa6-8a79-fffd4b9a508c", "value": "meevehdar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390975", "to_ids": true, "type": "domain", "uuid": "a0ae1dab-3ef8-42d8-8cdd-79e528fafb04", "value": "xlivehost.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741390996", "to_ids": true, "type": "domain", "uuid": "cc1ebf64-fe1a-450d-8ce1-a6c5148aa4ec", "value": "downloadmpplayer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391017", "to_ids": true, "type": "domain", "uuid": "d128531b-76c4-4655-98ce-382873af93f0", "value": "honarkhabar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391038", "to_ids": true, "type": "domain", "uuid": "a61f5820-5cca-473c-8240-7f3dc1e741a9", "value": "techsupportpwr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391059", "to_ids": true, "type": "domain", "uuid": "16d97674-a4c8-4dcf-b132-da27b17debe3", "value": "zhalehziba.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391080", "to_ids": true, "type": "domain", "uuid": "2e766a28-343d-4544-a2e3-44138db9ff0e", "value": "serv-load.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391101", "to_ids": true, "type": "domain", "uuid": "0a51a720-b1cd-4377-940b-9e07f3994d3b", "value": "wangluoruanjian.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391123", "to_ids": true, "type": "domain", "uuid": "67cbfa52-d1ca-4b1e-b523-97a4c2ee968f", "value": "islamicmarketing.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391145", "to_ids": true, "type": "domain", "uuid": "095183db-bdc8-4ce1-8413-2fbf6307894d", "value": "noticiasftpsrv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391167", "to_ids": true, "type": "domain", "uuid": "70f567ff-e3f9-4ece-8d48-0618bc2a3334", "value": "coffeehausblog.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391188", "to_ids": true, "type": "domain", "uuid": "124a0648-d05c-408a-b774-b454ceb0379d", "value": "platads.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391209", "to_ids": true, "type": "domain", "uuid": "534aa33e-9223-4dd1-bf0e-fc978ee598c3", "value": "havakhosh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391230", "to_ids": true, "type": "domain", "uuid": "a4f3faf7-6e3b-47dd-b985-5a0a69ea5ee3", "value": "toofanshadid.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391251", "to_ids": true, "type": "domain", "uuid": "61f5c0b2-4906-4fd5-ae39-544bf7688895", "value": "bazandegan.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391273", "to_ids": true, "type": "domain", "uuid": "8b99fb16-56a9-492f-b5b3-acb0a88bc50b", "value": "sherkatkonandeh.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391294", "to_ids": true, "type": "domain", "uuid": "3b2eb83a-708a-4f95-ac88-6e7e378f01f0", "value": "mashinkhabar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391315", "to_ids": true, "type": "domain", "uuid": "352d0ffa-adf4-4549-b4dd-5307d1450ae1", "value": "quickupdateserv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "EquationDrug C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391336", "to_ids": true, "type": "domain", "uuid": "ceab3685-a395-4a04-b6d3-fec3421c61f3", "value": "rapidlyserv.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391357", "to_ids": true, "type": "domain", "uuid": "e813a5e0-033f-4c31-9c42-ffea09d2ca82", "value": "business-made-fun.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391378", "to_ids": true, "type": "domain", "uuid": "27cb582b-debd-4383-bc06-8c2076171be8", "value": "businessdirectnessource.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391400", "to_ids": true, "type": "domain", "uuid": "4da4c84e-71f4-4aa9-8336-c86e2610d2dd", "value": "charmedno1.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391421", "to_ids": true, "type": "domain", "uuid": "3feb505b-c328-4119-b20e-03cb6260491d", "value": "cribdare2no.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391442", "to_ids": true, "type": "domain", "uuid": "eb282778-086e-470e-aadb-6957f7f300d1", "value": "dowelsobject.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391463", "to_ids": true, "type": "domain", "uuid": "790e4947-cf38-4b82-ae3d-222977f3f143", "value": "following-technology.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391485", "to_ids": true, "type": "domain", "uuid": "9134b7b5-53cc-4ba8-b063-da4f417e6c43", "value": "forgotten-deals.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391506", "to_ids": true, "type": "domain", "uuid": "c3806923-6045-4227-869e-fca60690804b", "value": "functional-business.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391527", "to_ids": true, "type": "domain", "uuid": "35bc7072-df0e-413b-9946-7013f341874f", "value": "housedman.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391548", "to_ids": true, "type": "domain", "uuid": "74402d04-1d9a-4253-854d-544c6d5a5b00", "value": "industry-deals.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391570", "to_ids": true, "type": "domain", "uuid": "002cfa68-3760-4da3-92af-ff81d6e83f53", "value": "listennewsnetwork.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391591", "to_ids": true, "type": "domain", "uuid": "1b015fc0-0805-430a-b38c-ab553fffa779", "value": "phoneysoap.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391612", "to_ids": true, "type": "domain", "uuid": "9a39acd8-1cc3-4b04-b959-72ce79806870", "value": "posed2shade.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391633", "to_ids": true, "type": "domain", "uuid": "362554ea-e31b-497b-b4a7-73eb18dbe7fe", "value": "rehabretie.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391654", "to_ids": true, "type": "domain", "uuid": "9f25ef64-0c5b-4147-ac7e-c383f9cd903d", "value": "speedynewsclips.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391675", "to_ids": true, "type": "domain", "uuid": "1e73f8b7-5b73-486d-abda-d910589c141a", "value": "teatac4bath.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391696", "to_ids": true, "type": "domain", "uuid": "6d11618a-99ab-4c2e-8f22-6a11755d5b74", "value": "unite3tubes.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "GrayFish C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391717", "to_ids": true, "type": "domain", "uuid": "807da3a5-9baa-4100-88e9-cdea9f15d9db", "value": "unwashedsound.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391738", "to_ids": true, "type": "domain", "uuid": "b623ef7c-1509-4a58-9e24-ab8a9d44b321", "value": "arm2pie.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391759", "to_ids": true, "type": "domain", "uuid": "3589363e-2e41-4a2a-be87-d16525c79675", "value": "brittlefilet.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391780", "to_ids": true, "type": "domain", "uuid": "aecfd02e-e139-4260-8479-c651bd8d3ac8", "value": "cigape.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391801", "to_ids": true, "type": "domain", "uuid": "38dc9ba9-aa34-42ca-a68f-7bd21b42ec13", "value": "crisptic01.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391823", "to_ids": true, "type": "domain", "uuid": "07b14a1e-b19a-453d-adb7-2e01fcc35870", "value": "fliteilex.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391844", "to_ids": true, "type": "domain", "uuid": "6e752c4e-a6ce-4626-b4a8-7d84aa878888", "value": "itemagic.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391865", "to_ids": true, "type": "domain", "uuid": "7ad5423b-d212-43cb-b49f-c5d96700cf89", "value": "micraamber.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391887", "to_ids": true, "type": "domain", "uuid": "7e7507e0-5d26-41c8-b584-abd9c38ad0bb", "value": "mimicrice.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391908", "to_ids": true, "type": "domain", "uuid": "0aef11a4-f4db-4232-8f07-9123ac647cd1", "value": "rampagegramar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391929", "to_ids": true, "type": "domain", "uuid": "c74ef0f8-c2ca-48e4-bb10-c07e6631f6d5", "value": "rubi4edit.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391950", "to_ids": true, "type": "domain", "uuid": "f221ecb2-d902-42ef-91d1-d613a76fa647", "value": "rubiccrum.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391972", "to_ids": true, "type": "domain", "uuid": "d69de308-90fd-41b7-98ad-200f8445caa8", "value": "rubriccrumb.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741391993", "to_ids": true, "type": "domain", "uuid": "d245a4b2-f7f9-488b-b9ea-6deb32913ea6", "value": "team4heat.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "TripleFantasy C2", "deleted": false, "disable_correlation": false, "timestamp": "1741392014", "to_ids": true, "type": "domain", "uuid": "8e9ef63a-bb59-4e45-a46d-2506b26278e8", "value": "tropiccritics.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Equation group\u2019s exploitation server", "deleted": false, "disable_correlation": false, "timestamp": "1741392036", "to_ids": true, "type": "domain", "uuid": "1a403d97-9dac-4a5e-82c6-94ab5b8c0f0d", "value": "standardsandpraiserepurpose.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Equation group\u2019s exploitation server", "deleted": false, "disable_correlation": false, "timestamp": "1741392057", "to_ids": true, "type": "domain", "uuid": "e602219b-4520-411f-90de-6d5e331508b1", "value": "suddenplot.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Equation group\u2019s exploitation server", "deleted": false, "disable_correlation": false, "timestamp": "1741392080", "to_ids": true, "type": "domain", "uuid": "712fe96a-df65-413f-89ee-57d3e64bc1d4", "value": "technicalconsumerreports.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Equation group\u2019s exploitation server", "deleted": false, "disable_correlation": false, "timestamp": "1741392101", "to_ids": true, "type": "domain", "uuid": "08c4e585-3172-4690-b13f-def49540f0c1", "value": "technology-revealed.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039730", "to_ids": true, "type": "ip-dst", "uuid": "2b30c644-17da-426b-89f0-577cfa75e3d6", "value": "149.12.71.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6c7c38", "local": false, "name": "asn:asn=\"174\"", "relationship_type": "" }, { "colour": "#7674d4", "local": false, "name": "asn:as-owner=\"COGENT-174\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039731", "to_ids": true, "type": "ip-dst", "uuid": "43ba488e-a118-42eb-abdb-dd7a36a46e36", "value": "190.242.96.212", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#3491f8", "local": false, "name": "asn:asn=\"262191\"", "relationship_type": "" }, { "colour": "#b30be0", "local": false, "name": "asn:as-owner=\"LIBERTY NETWORKS DE COLOMBIA S.A.S\"", "relationship_type": "" }, { "colour": "#0e6c94", "local": false, "name": "asn:as-country=\"CO\"", "relationship_type": "" }, { "colour": "#25daa8", "local": false, "name": "misp-galaxy:country=\"colombia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039733", "to_ids": true, "type": "ip-dst", "uuid": "1112b748-44ac-474a-be20-4e5bb869f988", "value": "190.60.202.4", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#37403b", "local": false, "name": "asn:asn=\"18747\"", "relationship_type": "" }, { "colour": "#b106ca", "local": false, "name": "asn:as-owner=\"IFX18747\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039734", "to_ids": true, "type": "ip-dst", "uuid": "61ba6eb8-846c-4c4e-a89a-8ef7a032b551", "value": "195.128.235.227", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#00aff2", "local": false, "name": "asn:asn=\"31034\"", "relationship_type": "" }, { "colour": "#1f83bd", "local": false, "name": "asn:as-owner=\"ARUBA-ASN\"", "relationship_type": "" }, { "colour": "#c4c131", "local": false, "name": "asn:as-country=\"IT\"", "relationship_type": "" }, { "colour": "#224d6a", "local": false, "name": "misp-galaxy:country=\"italy\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039736", "to_ids": true, "type": "ip-dst", "uuid": "29a33488-8564-4ddc-89b5-8d9933d977a0", "value": "195.128.235.231", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#00aff2", "local": false, "name": "asn:asn=\"31034\"", "relationship_type": "" }, { "colour": "#1f83bd", "local": false, "name": "asn:as-owner=\"ARUBA-ASN\"", "relationship_type": "" }, { "colour": "#c4c131", "local": false, "name": "asn:as-country=\"IT\"", "relationship_type": "" }, { "colour": "#224d6a", "local": false, "name": "misp-galaxy:country=\"italy\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039737", "to_ids": true, "type": "ip-dst", "uuid": "b9734920-010c-43f6-b57a-87f7f8d75233", "value": "195.128.235.233", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#00aff2", "local": false, "name": "asn:asn=\"31034\"", "relationship_type": "" }, { "colour": "#1f83bd", "local": false, "name": "asn:as-owner=\"ARUBA-ASN\"", "relationship_type": "" }, { "colour": "#c4c131", "local": false, "name": "asn:as-country=\"IT\"", "relationship_type": "" }, { "colour": "#224d6a", "local": false, "name": "misp-galaxy:country=\"italy\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039739", "to_ids": true, "type": "ip-dst", "uuid": "ba31aed8-99e3-4043-b837-b5cb055c7402", "value": "195.128.235.235", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#00aff2", "local": false, "name": "asn:asn=\"31034\"", "relationship_type": "" }, { "colour": "#1f83bd", "local": false, "name": "asn:as-owner=\"ARUBA-ASN\"", "relationship_type": "" }, { "colour": "#c4c131", "local": false, "name": "asn:as-country=\"IT\"", "relationship_type": "" }, { "colour": "#224d6a", "local": false, "name": "misp-galaxy:country=\"italy\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039740", "to_ids": true, "type": "ip-dst", "uuid": "cf48977a-b248-46ec-9f13-cd6b13e2797e", "value": "195.81.34.67", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#16d938", "local": false, "name": "asn:asn=\"3257\"", "relationship_type": "" }, { "colour": "#d4e143", "local": false, "name": "asn:as-owner=\"GTT-BACKBONE GTT\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039742", "to_ids": true, "type": "ip-dst", "uuid": "9cda28f8-77ca-4b8b-aad1-aa306a69390c", "value": "202.95.84.33", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#bf5c4b", "local": false, "name": "asn:asn=\"703\"", "relationship_type": "" }, { "colour": "#3fe11e", "local": false, "name": "asn:as-owner=\"UUNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039744", "to_ids": true, "type": "ip-dst", "uuid": "502d331a-fdd0-4652-a581-624e615a1b6e", "value": "203.150.231.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#f8ddf6", "local": false, "name": "asn:asn=\"4618\"", "relationship_type": "" }, { "colour": "#f2e6a2", "local": false, "name": "asn:as-owner=\"INET-TH-AS Internet Thailand Company Limited\"", "relationship_type": "" }, { "colour": "#588581", "local": false, "name": "asn:as-country=\"TH\"", "relationship_type": "" }, { "colour": "#fa21fa", "local": false, "name": "misp-galaxy:country=\"thailand\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039746", "to_ids": true, "type": "ip-dst", "uuid": "a6a5a76c-41e7-4e6f-8263-04790e8d80f9", "value": "203.150.231.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#f8ddf6", "local": false, "name": "asn:asn=\"4618\"", "relationship_type": "" }, { "colour": "#f2e6a2", "local": false, "name": "asn:as-owner=\"INET-TH-AS Internet Thailand Company Limited\"", "relationship_type": "" }, { "colour": "#588581", "local": false, "name": "asn:as-country=\"TH\"", "relationship_type": "" }, { "colour": "#fa21fa", "local": false, "name": "misp-galaxy:country=\"thailand\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039747", "to_ids": true, "type": "ip-dst", "uuid": "4cc7b71a-b130-4dcf-b969-3bc924e968fd", "value": "210.81.52.120", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#bf5c4b", "local": false, "name": "asn:asn=\"703\"", "relationship_type": "" }, { "colour": "#3fe11e", "local": false, "name": "asn:as-owner=\"UUNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039749", "to_ids": true, "type": "ip-dst", "uuid": "73279321-5911-4781-b8b3-c76f819086f3", "value": "212.61.54.239", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4737c2", "local": false, "name": "asn:asn=\"8426\"", "relationship_type": "" }, { "colour": "#8a8c31", "local": false, "name": "asn:as-owner=\"CLARANET-AS ClaraNET LTD\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039751", "to_ids": true, "type": "ip-dst", "uuid": "435c05ff-e3c0-4de3-9e83-c379189e0988", "value": "41.222.35.70", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#f3fb2a", "local": false, "name": "asn:asn=\"327979\"", "relationship_type": "" }, { "colour": "#9ffb2b", "local": false, "name": "asn:as-owner=\"DIAMATRIX\"", "relationship_type": "" }, { "colour": "#c0bc34", "local": false, "name": "asn:as-country=\"ZA\"", "relationship_type": "" }, { "colour": "#c05590", "local": false, "name": "misp-galaxy:country=\"south africa\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039752", "to_ids": true, "type": "ip-dst", "uuid": "5734a869-0179-43c8-9308-9ac61dd75a32", "value": "62.216.152.67", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#deb0b6", "local": false, "name": "asn:asn=\"15412\"", "relationship_type": "" }, { "colour": "#220c9b", "local": false, "name": "asn:as-owner=\"FLAG-AS Flag Telecom Global Internet AS\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039754", "to_ids": true, "type": "ip-dst", "uuid": "ea09212c-91fb-48ec-9ebf-0a8105957e4a", "value": "64.76.82.52", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e1a08e", "local": false, "name": "asn:asn=\"3549\"", "relationship_type": "" }, { "colour": "#c3dd45", "local": false, "name": "asn:as-owner=\"LVLT-3549\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039755", "to_ids": true, "type": "ip-dst", "uuid": "117c9b74-aaee-4915-aebf-a459d498de90", "value": "80.77.4.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#deb0b6", "local": false, "name": "asn:asn=\"15412\"", "relationship_type": "" }, { "colour": "#220c9b", "local": false, "name": "asn:as-owner=\"FLAG-AS Flag Telecom Global Internet AS\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039757", "to_ids": true, "type": "ip-dst", "uuid": "27d10cb4-489e-40fb-8b99-8e3860e6a41f", "value": "81.31.34.175", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b3ade5", "local": false, "name": "asn:asn=\"24971\"", "relationship_type": "" }, { "colour": "#3b5f1f", "local": false, "name": "asn:as-owner=\"MASTER-AS Czech Republic www.master.cz\"", "relationship_type": "" }, { "colour": "#58e5c7", "local": false, "name": "asn:as-country=\"CZ\"", "relationship_type": "" }, { "colour": "#52def7", "local": false, "name": "misp-galaxy:country=\"czechia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039758", "to_ids": true, "type": "ip-dst", "uuid": "4628b75a-abff-4af1-a892-73dc1b7e1952", "value": "81.31.36.174", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b3ade5", "local": false, "name": "asn:asn=\"24971\"", "relationship_type": "" }, { "colour": "#3b5f1f", "local": false, "name": "asn:as-owner=\"MASTER-AS Czech Republic www.master.cz\"", "relationship_type": "" }, { "colour": "#58e5c7", "local": false, "name": "asn:as-country=\"CZ\"", "relationship_type": "" }, { "colour": "#52def7", "local": false, "name": "misp-galaxy:country=\"czechia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039760", "to_ids": true, "type": "ip-dst", "uuid": "ac3e14b6-9142-4a79-aa8a-4cfe70127eea", "value": "81.31.38.163", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b3ade5", "local": false, "name": "asn:asn=\"24971\"", "relationship_type": "" }, { "colour": "#3b5f1f", "local": false, "name": "asn:as-owner=\"MASTER-AS Czech Republic www.master.cz\"", "relationship_type": "" }, { "colour": "#58e5c7", "local": false, "name": "asn:as-country=\"CZ\"", "relationship_type": "" }, { "colour": "#52def7", "local": false, "name": "misp-galaxy:country=\"czechia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039762", "to_ids": true, "type": "ip-dst", "uuid": "82eb1b66-2169-40d2-8c61-49176d7717c4", "value": "81.31.38.166", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b3ade5", "local": false, "name": "asn:asn=\"24971\"", "relationship_type": "" }, { "colour": "#3b5f1f", "local": false, "name": "asn:as-owner=\"MASTER-AS Czech Republic www.master.cz\"", "relationship_type": "" }, { "colour": "#58e5c7", "local": false, "name": "asn:as-country=\"CZ\"", "relationship_type": "" }, { "colour": "#52def7", "local": false, "name": "misp-galaxy:country=\"czechia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039763", "to_ids": true, "type": "ip-dst", "uuid": "3d5b19e9-c04f-42b5-840a-01b4b4cb8ba8", "value": "84.233.205.99", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#16d938", "local": false, "name": "asn:asn=\"3257\"", "relationship_type": "" }, { "colour": "#d4e143", "local": false, "name": "asn:as-owner=\"GTT-BACKBONE GTT\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039765", "to_ids": true, "type": "ip-dst", "uuid": "1dae4055-ee21-4cd6-825d-744e92441f6e", "value": "85.112.1.83", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#44e880", "local": false, "name": "asn:asn=\"702\"", "relationship_type": "" }, { "colour": "#3fe11e", "local": false, "name": "asn:as-owner=\"UUNET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1780039766", "to_ids": true, "type": "ip-dst", "uuid": "93697c59-2cfe-45ff-98fc-f17e82f9eb17", "value": "87.255.38.2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#d37410", "local": false, "name": "asn:asn=\"38930\"", "relationship_type": "" }, { "colour": "#0cdda7", "local": false, "name": "asn:as-owner=\"FIBERRING Amsterdam, Netherlands\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "IPs hardcoded in malware configuration blocks", "deleted": false, "disable_correlation": false, "timestamp": "1741392629", "to_ids": true, "type": "ip-dst", "uuid": "e6063168-d6f0-4ba1-ba11-cad5ae5c8d18", "value": "89.18.177.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "4c66c6be-4f79-4b5e-a8da-d35f761981e7", "value": "CVE-2012-0159" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "41447ddf-dc4d-48d4-ab32-2f658e0b876d", "value": "CVE-2013-3894" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "6f2adb89-1380-45d1-8580-6cbaa8e8ecb5", "value": "CVE-2010-2568" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "01b7a6d7-e41c-449e-8fd3-4b856c0e5f51", "value": "CVE-2013-3918" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "6d0ee2a6-2be3-42e0-9904-a6ae9fc3ad37", "value": "CVE-2012-1723" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740352235", "to_ids": false, "type": "vulnerability", "uuid": "2edd3cb0-a3bf-4574-bc55-21f2909d76a4", "value": "CVE-2012-4681" } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740352039", "uuid": "4fcf3316-7231-42b6-bc27-f84f7b84d4ad", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740352039", "to_ids": false, "type": "comment", "uuid": "b2a9c402-7188-4597-8a88-fe706d8c62a2", "value": "Rule to detect Equation group's Exploitation library" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740352039", "to_ids": true, "type": "yara", "uuid": "72baabab-e13c-4f2e-a355-f8c316572f95", "value": "rule apt_equation_exploitlib_mutexes {\r\nmeta:\r\n copyright = \u201cKaspersky Lab\u201d\r\n description = \u201cRule to detect Equation group's Exploitation library\u201d\r\n version = \u201c1.0\u201d\r\n last_modified = \u201c2015-02-16\u201d\r\n reference = \u201chttps://securelist.com/blog/\u201d\r\nstrings:\r\n $mz=\u201cMZ\u201d\r\n $a1=\u201cprkMtx\u201d wide\r\n $a2=\u201ccnFormSyncExFBC\u201d wide\r\n $a3=\u201ccnFormVoidFBC\u201d wide\r\n $a4=\u201ccnFormSyncExFBC\u201d\r\n $a5=\u201ccnFormVoidFBC\u201d\r\ncondition:\r\n(($mz at 0) and any of ($a*))\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740352039", "to_ids": false, "type": "text", "uuid": "e05628a6-0089-41a4-b881-72116882c89f", "value": "apt_equation_exploitlib_mutexes" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740352062", "uuid": "78586a21-3823-4cb4-8d05-3e86a1710f36", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740352062", "to_ids": false, "type": "comment", "uuid": "067c9718-14a7-4a28-a693-ec24fe80ffb8", "value": "Rule to detect DoubleFantasy encoded config" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740352062", "to_ids": true, "type": "yara", "uuid": "cadd1d47-bc91-47db-8ef2-5db9982796b5", "value": "rule apt_equation_doublefantasy_genericresource {\r\nmeta:\r\n copyright = \u201cKaspersky Lab\u201d\r\n description = \u201cRule to detect DoubleFantasy encoded config\u201d\r\n version = \u201c1.0\u201d\r\n last_modified = \u201c2015-02-16\u201d\r\n reference = \u201chttps://securelist.com/blog/\u201d\r\nstrings:\r\n $mz=\u201cMZ\u201d\r\n $a1={06 00 42 00 49 00 4E 00 52 00 45 00 53 00}\r\n $a2=\u201cyyyyyyyyyyyyyyyy\u201d\r\n $a3=\u201c002\u201d\r\ncondition:\r\n(($mz at 0) and all of ($a*)) and filesize < 500000\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740352062", "to_ids": false, "type": "text", "uuid": "9ba1f114-8712-4828-8ad2-0e78f64c4d36", "value": "apt_equation_doublefantasy_genericresource" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740352084", "uuid": "ad9f9b48-73ed-4950-b668-c7019d0d82e6", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740352084", "to_ids": false, "type": "comment", "uuid": "907be43f-1404-4504-b43e-a1b16be9a5b9", "value": "Rule to detect the EquationLaser malware" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740352084", "to_ids": true, "type": "yara", "uuid": "d3554704-50b5-49b9-814b-9dcfbec4e0b0", "value": "rule apt_equation_equationlaser_runtimeclasses {\r\nmeta:\r\n copyright = \u201cKaspersky Lab\u201d\r\n description = \u201cRule to detect the EquationLaser malware\u201d\r\n version = \u201c1.0\u201d\r\n last_modified = \u201c2015-02-16\u201d\r\n reference = \u201chttps://securelist.com/blog/\u201d\r\nstrings:\r\n $a1=\u201c?a73957838_2@@YAXXZ\u201d\r\n $a2=\u201c?a84884@@YAXXZ\u201d\r\n $a3=\u201c?b823838_9839@@YAXXZ\u201d\r\n $a4=\u201c?e747383_94@@YAXXZ\u201d\r\n $a5=\u201c?e83834@@YAXXZ\u201d\r\n $a6=\u201c?e929348_827@@YAXXZ\u201d\r\ncondition:\r\n any of them\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740352084", "to_ids": false, "type": "text", "uuid": "4560e62f-bb4c-4950-9ca8-cf4941cf93d1", "value": "apt_equation_equationlaser_runtimeclasses" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740352109", "uuid": "90bf14d5-ec9f-402c-ada8-01cc677a7c40", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740352109", "to_ids": false, "type": "comment", "uuid": "1ec8a9f2-dd50-4148-a156-0eb3767f3529", "value": "Rule to detect the crypto library used in Equation group malware" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740352109", "to_ids": true, "type": "yara", "uuid": "0bbd3891-9b3e-446c-82fd-7db40449c3a2", "value": "rule apt_equation_cryptotable {\r\nmeta:\r\n copyright = \u201cKaspersky Lab\u201d\r\n description = \u201cRule to detect the crypto library used in Equation group malware\u201d\r\n version = \u201c1.0\u201d\r\n last_modified = \u201c2015-02-16\u201d\r\n reference = \u201chttps://securelist.com/blog/\u201d\r\nstrings:\r\n $a={37 DF E8 B6 C7 9C 0B AE 91 EF F0 3B 90 C6 80 85 5D 19 4B\r\n45 44 12 3C E2 0D 5C 1C 7B C4 FF D6 05 17 14 4F 03 74 1E 41 DA\r\n8F 7D DE 7E 99 F1 35 AC B8 46 93 CE 23 82 07 EB 2B D4 72 71 40\r\nF3 B0 F7 78 D7 4C D1 55 1A 39 83 18 FA E1 9A 56 B1 96 AB A6 30\r\nC5 5F BE 0C 50 C1}\r\ncondition:\r\n $a\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740352109", "to_ids": false, "type": "text", "uuid": "1e576306-ecde-40de-9ca7-bffb7b6d5522", "value": "apt_equation_cryptotable" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981318", "uuid": "3ea9c339-ad2a-4082-8252-351b76995db1", "Attribute": [ { "category": "Payload delivery", "comment": "EquationLaser installer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981318", "to_ids": true, "type": "md5", "uuid": "45175fc5-4db6-482d-83f7-e243f426d30f", "value": "752af597e6d9fd70396accc0b9013dbe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EquationLaser installer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981318", "to_ids": true, "type": "sha1", "uuid": "d0fc1db7-de93-4a18-9089-862df4916ad8", "value": "5e1f56c1e57fbff96d4999db1fd6dd0f7d8221df", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EquationLaser installer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981318", "to_ids": true, "type": "sha256", "uuid": "5399914a-8616-4cfc-8324-abf7fe5b4624", "value": "9412a66bc81f51a1fa916ac47c77e02ac1a7c9dff543233ed70aa265ef6a1e76", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352376", "to_ids": true, "type": "ssdeep", "uuid": "128e9d88-3b26-45c4-b199-bd09c30d2024", "value": "3072:LWJE+I/l81jT8jO3HTVNZHz4fz6SQgR/IU5+4JrJjE9:LqEl98RTMOXRNp0LhQgVh+cJM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352376", "to_ids": false, "type": "size-in-bytes", "uuid": "c63253a3-c02a-4528-89e3-950a759de840", "value": "132608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352376", "to_ids": true, "type": "vhash", "uuid": "fb7ef8ec-1e43-412c-bffd-c5d0d47fb8ae", "value": "115066655d7d051551c8z7323kz13032z116z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352376", "to_ids": true, "type": "filename", "uuid": "fa1d9f22-1c55-4b42-bffc-461487860023", "value": "lsasrv32.dll and lsass.exe" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 26/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352376", "to_ids": false, "type": "text", "uuid": "3727366c-0512-4547-9fb3-6d1326389e21", "value": "EquationLaser installer\r\nType Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Salsnit.A\nVT Total Detection:63/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384785", "to_ids": false, "type": "text", "uuid": "c6832100-6c07-42ac-b92a-834e3efd794b", "value": "Type Description: Win32 DLL\n\nMicrosoft: Backdoor:Win32/Salsnit.A\nVT Total Detection:62/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384785", "to_ids": true, "type": "ssdeep", "uuid": "e63e496a-2898-475b-b229-6e77ab5ce16b", "value": "3072:LWJE+I/l81jT8jO3HTVNZHz4fz6SQgR/IU5+4JrJjE9:LqEl98RTMOXRNp0LhQgVh+cJM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384785", "to_ids": false, "type": "size-in-bytes", "uuid": "a84b020a-c438-4af4-8bf0-f8331c71aba3", "value": "132608" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384785", "to_ids": true, "type": "vhash", "uuid": "6e1e3501-1d30-4c2d-b3a4-8ed1c61c1f32", "value": "115066655d7d051551c8z7323kz13032z116z6" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384785", "to_ids": true, "type": "filename", "uuid": "79be8c84-8172-4765-897b-899bcf7f3c5b", "value": "lsasrv32.dll and lsass.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981318", "uuid": "8a24c011-e5c4-4d82-bf4b-d3e9f3d22fd5", "Attribute": [ { "category": "Payload delivery", "comment": "EoP package and malware launcher", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981318", "to_ids": true, "type": "md5", "uuid": "d278fd20-7034-494d-9088-de5b3b1e6ec9", "value": "6fe6c03b938580ebf9b82f3b9cd4c4aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EoP package and malware launcher", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981318", "to_ids": true, "type": "sha1", "uuid": "269e1c59-3111-4c58-9794-88f67a7df6d4", "value": "2bd1b1f5b4384ce802d5d32d8c8fd3d1dc04b962", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EoP package and malware launcher", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981318", "to_ids": true, "type": "sha256", "uuid": "72ef37ab-0ffd-404c-bbb3-e9721b3b393d", "value": "868eb363f32beacd8bcdc7a114e020d4cfe67913a15275f4e7493d87db643ff2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352397", "to_ids": true, "type": "ssdeep", "uuid": "4885f2d6-b43f-4a58-bfaf-e85925db18c6", "value": "768:aRTZiLIUBc6DVBr4RE3XTHZj6EG6w5woiHIeFJMydMZgT6HTHwDb9pGnQuvkIV:8ik+c6DVtrHZerQHRFRqSnzS/vk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352397", "to_ids": false, "type": "size-in-bytes", "uuid": "ae61335e-e95a-42e3-a0af-f9b0639c8062", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352397", "to_ids": true, "type": "vhash", "uuid": "c7559169-e18c-482a-9ae9-dcfdd5819343", "value": "064056655d7d150138z2f2alz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352397", "to_ids": true, "type": "filename", "uuid": "a983c987-21d3-4114-a457-567fd1985d2e", "value": "6fe6c03b938580ebf9b82f3b9cd4c4aa.dll" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352397", "to_ids": false, "type": "text", "uuid": "d42ac994-b855-4bc7-a8c5-fb6b27921f1a", "value": "EoP package and malware launcher\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tatiow.A\nVT Total Detection:63/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 08/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384806", "to_ids": false, "type": "text", "uuid": "f351407d-c2f6-4dc0-9b9e-e76d71564725", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Tatiow.A\nVT Total Detection:64/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384806", "to_ids": true, "type": "ssdeep", "uuid": "e0096bce-0c4b-4ab5-8f31-ed686981f272", "value": "768:aRTZiLIUBc6DVBr4RE3XTHZj6EG6w5woiHIeFJMydMZgT6HTHwDb9pGnQuvkIV:8ik+c6DVtrHZerQHRFRqSnzS/vk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384807", "to_ids": false, "type": "size-in-bytes", "uuid": "d7f33cda-b93b-4d2f-ab84-b16c9f49a923", "value": "62464" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384807", "to_ids": true, "type": "vhash", "uuid": "c723dfe3-ad6f-480a-96bd-a19a4f89d403", "value": "064056655d7d150138z2f2alz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384807", "to_ids": true, "type": "filename", "uuid": "741dd238-bb11-45e8-811c-2b2ea950e4ab", "value": "6fe6c03b938580ebf9b82f3b9cd4c4aa.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981318", "uuid": "bf74b791-6cd4-444f-940c-76067a2732f2", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleFantasy installer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981318", "to_ids": true, "type": "md5", "uuid": "9c2af97b-9c87-4dbc-8b9e-154a583121ad", "value": "2a12630ff976ba0994143ca93fecd17f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleFantasy installer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981318", "to_ids": true, "type": "sha1", "uuid": "8d262328-4790-46d9-8ae5-f0a27137cd1f", "value": "d09b4b6d3244ac382049736ca98d7de0c6787fa2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleFantasy installer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981318", "to_ids": true, "type": "sha256", "uuid": "e9b0ce8a-9cc1-4156-b4bc-896388782a12", "value": "1e55abb94951cedc548fd8d67bd1b50476808f1d0ae72f9842181761ff92f83f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352419", "to_ids": true, "type": "ssdeep", "uuid": "d09fc872-4d4a-44b4-8cdc-544212d7c68e", "value": "6144:7mvN52hkNDfSCU41v8PO/1zICbVJmwOdoKfYJU81wYt:7q2hkNDKCU4tB/SCbd3wYt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352419", "to_ids": false, "type": "size-in-bytes", "uuid": "f500ee54-3612-47c4-b1a1-d6342b9c81a1", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352419", "to_ids": true, "type": "vhash", "uuid": "9bab2300-b878-4495-a6c4-ce621252953f", "value": "025046655d6551e8z4429lz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352419", "to_ids": true, "type": "filename", "uuid": "5a97a5d2-b233-45d7-b8f8-c388b7b8dc25", "value": "DoubleFantasyEquation.bin" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352419", "to_ids": false, "type": "text", "uuid": "985f9ecd-337b-4eeb-8a90-9ae71cb5ef0d", "value": "DoubleFantasy installer\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:64/73" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384828", "to_ids": false, "type": "text", "uuid": "62a577a4-5c8a-49a1-8add-fdddee204aeb", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:64/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384828", "to_ids": true, "type": "ssdeep", "uuid": "fdc54447-0abf-4174-bf85-4f4a69aab7a3", "value": "6144:7mvN52hkNDfSCU41v8PO/1zICbVJmwOdoKfYJU81wYt:7q2hkNDKCU4tB/SCbd3wYt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384828", "to_ids": false, "type": "size-in-bytes", "uuid": "dde133ca-d979-461d-ab46-bf379b9199a7", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384828", "to_ids": true, "type": "vhash", "uuid": "59862597-d6d2-4a69-80e0-7cb36e0cbad0", "value": "025046655d6551e8z4429lz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384828", "to_ids": true, "type": "filename", "uuid": "96d576ee-c399-417b-92c5-476f62ea711c", "value": "DoubleFantasyEquation.bin" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741392714", "uuid": "7101309d-5ad9-4d5a-95f3-327ebb2aaa36", "Attribute": [ { "category": "Payload delivery", "comment": "EquationDrug installer (\u201cLUTEUSOBSTOS\u201d)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741392714", "to_ids": true, "type": "md5", "uuid": "76d779df-2c04-407c-97fb-c6b37649b2ba", "value": "4556ce5eb007af1de5bd3b457f0b216d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EquationDrug installer (\u201cLUTEUSOBSTOS\u201d)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358814", "to_ids": true, "type": "sha1", "uuid": "974af9e1-3e60-43e7-b210-af64640b91e0", "value": "61fab1b8451275c7fd580895d9c68e152ff46417", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "EquationDrug installer (\u201cLUTEUSOBSTOS\u201d)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358814", "to_ids": true, "type": "sha256", "uuid": "026280a2-4b1e-41c5-bee4-26896570c07a", "value": "1b0eb1a1591140175d1ac111a98c89472b196599baf13ef67ee7f63d0052b00e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352441", "to_ids": true, "type": "ssdeep", "uuid": "cd3509bf-508a-4d36-baf4-6424c7349108", "value": "6144:AAFu9SAEL40YPY1fD8oqA3okebXYrOG7nbxaf4kKAT0UAUEgEzgxZ4xCo:AysSAEL4qfNOG7damAT0ALEE4ko" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352441", "to_ids": false, "type": "size-in-bytes", "uuid": "7af402ef-4e14-42c0-be9d-bcfd52caa52b", "value": "380928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352441", "to_ids": true, "type": "vhash", "uuid": "71ba4182-8b9d-47ff-b55d-c6f2c8ae3053", "value": "035046555d157158z3423lz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352441", "to_ids": true, "type": "filename", "uuid": "ae66c9af-4753-4288-8f02-b1e66cb2fa81", "value": "EquationDrug_4556CE5EB007AF1DE5BD3B457F0B216D" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 20/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352441", "to_ids": false, "type": "text", "uuid": "ffed292b-c589-4e19-ad6d-87ec0e1ceac6", "value": "EquationDrug installer (\u201cLUTEUSOBSTOS\u201d)\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!rfn\nVT Total Detection:62/73" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384849", "to_ids": false, "type": "text", "uuid": "dd1bb9e8-b901-482d-aeff-22eee278e1c0", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!rfn\nVT Total Detection:61/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384849", "to_ids": true, "type": "ssdeep", "uuid": "109ad835-1870-43ba-a927-a8436ae1cf93", "value": "6144:AAFu9SAEL40YPY1fD8oqA3okebXYrOG7nbxaf4kKAT0UAUEgEzgxZ4xCo:AysSAEL4qfNOG7damAT0ALEE4ko" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384849", "to_ids": false, "type": "size-in-bytes", "uuid": "988525c0-74c0-46e7-aa8d-f061b564a89e", "value": "380928" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384849", "to_ids": true, "type": "vhash", "uuid": "8a0f3c95-4f0e-4402-8c32-26d22d125b97", "value": "035046555d157158z3423lz5fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384849", "to_ids": true, "type": "filename", "uuid": "1a06e780-51be-4721-923a-7f04f6a2155f", "value": "EquationDrug_4556CE5EB007AF1DE5BD3B457F0B216D" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981318", "uuid": "57af3079-30b0-445d-bce9-cc11637f108f", "Attribute": [ { "category": "Payload delivery", "comment": "GrayFish installer", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981318", "to_ids": true, "type": "md5", "uuid": "8213621a-eded-4764-a898-fa3a953dce86", "value": "9b1ca66aab784dc5f1dfe635d8f8a904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GrayFish installer", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981318", "to_ids": true, "type": "sha1", "uuid": "75e79309-9674-4ae4-942f-483967a9ab15", "value": "58d15d1581f32f36542f3e9fb4b1fc84d2a6ba35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GrayFish installer", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981318", "to_ids": true, "type": "sha256", "uuid": "83071259-4172-4bb5-b006-c77bb0bff2ad", "value": "df4bbd02dcd8b8b9e1374c6f71f2e2da8518d39337b35983874266e8fff055e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352463", "to_ids": true, "type": "ssdeep", "uuid": "ef5967bc-a71f-498f-81ac-66d522f78cab", "value": "12288:x7vfNl2A3kJLnaGiRid/3E+z7z+KeF9SQmdvMAVPMR0YSN5s:x7nXgaXkc+z7SHF9Sj+3u5s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352463", "to_ids": false, "type": "size-in-bytes", "uuid": "0394fffb-fbf2-4e36-85bd-b1dfdb146880", "value": "573440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352463", "to_ids": true, "type": "vhash", "uuid": "a41aa053-4279-4b36-8205-952314fbe931", "value": "055056655d5d1570b8z573flz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352463", "to_ids": true, "type": "filename", "uuid": "9a0bb59a-9e8d-4348-a167-063a9b62ddbb", "value": "DOGROUND.exe" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352463", "to_ids": false, "type": "text", "uuid": "c215481c-2144-474b-bd8c-9ccac7b95adf", "value": "GrayFish installer\r\nType Description: Win32 EXE\n\nMicrosoft: TrojanDropper:Win32/Fetrog.A\nVT Total Detection:64/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384870", "to_ids": false, "type": "text", "uuid": "e9893086-0b42-4436-90fc-4a7deccaa094", "value": "Type Description: Win32 EXE\n\nMicrosoft: TrojanDropper:Win32/Fetrog.A\nVT Total Detection:63/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384870", "to_ids": true, "type": "ssdeep", "uuid": "efea04f9-cab9-4866-a4da-9fabc2c759ad", "value": "12288:x7vfNl2A3kJLnaGiRid/3E+z7z+KeF9SQmdvMAVPMR0YSN5s:x7nXgaXkc+z7SHF9Sj+3u5s" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384870", "to_ids": false, "type": "size-in-bytes", "uuid": "d574c055-b6ef-48c5-b1f8-31a6bce249c9", "value": "573440" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384870", "to_ids": true, "type": "vhash", "uuid": "f9d382f9-55c2-4a14-8687-2cfa01704e74", "value": "055056655d5d1570b8z573flz4fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384870", "to_ids": true, "type": "filename", "uuid": "928269a6-adfd-4b2a-95e3-4d24e4d2ac40", "value": "DOGROUND.exe" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981319", "uuid": "7ab90d74-8cc6-4aa7-81f3-b491ec5146cc", "Attribute": [ { "category": "Payload delivery", "comment": "Fanny worm", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981319", "to_ids": true, "type": "md5", "uuid": "f6090f85-e661-4c58-9e74-f486a6e55583", "value": "0a209ac0de4ac033f31d6ba9191a8f7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Fanny worm", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981319", "to_ids": true, "type": "sha1", "uuid": "932193c7-a186-4e22-8134-1a34ade49635", "value": "1f0ae54ac3f10d533013f74f48849de4e65817a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Fanny worm", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981319", "to_ids": true, "type": "sha256", "uuid": "1062d432-fd55-433c-aa4f-095a4af97018", "value": "003315b0aea2fcb9f77d29223dd8947d0e6792b3a0227e054be8eb2a11f443d9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352485", "to_ids": true, "type": "ssdeep", "uuid": "599a320d-33eb-488d-9fb9-756c748a6ba9", "value": "3072:TtnUNALmVZvvGBeQYejpqIAq2tn2TBfki43y97FozS4Oq1sqH73oGC:p4LvkwejpQqun2TB8i4i0zLOosqHkG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352485", "to_ids": false, "type": "size-in-bytes", "uuid": "32fe6c79-1250-4db2-9b8e-ea7cdc3ccae6", "value": "184320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352485", "to_ids": true, "type": "vhash", "uuid": "c122350f-399d-4d03-9406-b6b334af0fa7", "value": "115056655d156551d8z401flz65z16z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352485", "to_ids": true, "type": "filename", "uuid": "9661df05-8545-46e5-9241-9ebef517d8ce", "value": "Fanny_0A209AC0DE4AC033F31D6BA9191A8F7A" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 31/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352485", "to_ids": false, "type": "text", "uuid": "d070744c-df56-4d1d-b712-815ee76788a6", "value": "Fanny worm\r\nType Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:68/73" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384891", "to_ids": false, "type": "text", "uuid": "14925d4b-9a31-4319-8c8e-518e27317614", "value": "Type Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:67/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384891", "to_ids": true, "type": "ssdeep", "uuid": "2756e227-6293-44e3-b4c4-afee2e0c639d", "value": "3072:TtnUNALmVZvvGBeQYejpqIAq2tn2TBfki43y97FozS4Oq1sqH73oGC:p4LvkwejpQqun2TB8i4i0zLOosqHkG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384891", "to_ids": false, "type": "size-in-bytes", "uuid": "cf158786-52bc-454e-89c5-a93b54ce61c1", "value": "184320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384891", "to_ids": true, "type": "vhash", "uuid": "5446b905-36b7-483f-aeeb-1f4e3fac5320", "value": "115056655d156551d8z401flz65z16z2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384891", "to_ids": true, "type": "filename", "uuid": "0ff02fb1-d0b8-4773-9c9e-4b30da308e6b", "value": "Fanny_0A209AC0DE4AC033F31D6BA9191A8F7A" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981319", "uuid": "eb035412-f44a-4973-bf4d-90e4003f130a", "Attribute": [ { "category": "Payload delivery", "comment": "loader (17920 bytes .DLL)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981319", "to_ids": true, "type": "md5", "uuid": "6ed66c3e-13c4-4fc7-b275-535c93e013aa", "value": "9180d5affe1e5df0717d7385e7f54386", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "loader (17920 bytes .DLL)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981319", "to_ids": true, "type": "sha1", "uuid": "5376b16e-caac-4e15-95df-0e6527d6a8d3", "value": "4ce6e77a11b443cc7cbe439b71bf39a39d3d7fa3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "loader (17920 bytes .DLL)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981319", "to_ids": true, "type": "sha256", "uuid": "7f9ffcff-6545-48d7-9a4b-e6090e3b6c79", "value": "24b7e7553b1aa241997e28775d3952c4cb885056c4606cbed9b450320b601255", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352506", "to_ids": true, "type": "ssdeep", "uuid": "551d19fd-9211-46c6-8f52-e4ffd3e34db0", "value": "384:/nNqDEWqU6pP4eVVQ8TxgIo0lP6AUrc9m:/nfN148zxgIzliAUrcY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352506", "to_ids": false, "type": "size-in-bytes", "uuid": "efa9acdb-a2e8-4732-8cfe-21f699d440ee", "value": "17920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352506", "to_ids": true, "type": "vhash", "uuid": "359755a0-f29c-4407-a4a0-7dd13aff62d9", "value": "114056655d65151038z19061z5xz60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352506", "to_ids": true, "type": "filename", "uuid": "a41f7565-1271-41a7-8a24-476d16849ab5", "value": "ahlhcib.dll" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352506", "to_ids": false, "type": "text", "uuid": "edb2bed8-2d46-4e99-8917-dde8adb9f58b", "value": "loader (17920 bytes .DLL)\r\nType Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:64/73" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 14/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384913", "to_ids": false, "type": "text", "uuid": "858cbb0a-34d2-4978-83d9-118dec78a79e", "value": "Type Description: Win32 DLL\n\nMicrosoft: Ransom:Win32/Eris\nVT Total Detection:64/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384913", "to_ids": true, "type": "ssdeep", "uuid": "9783e76d-8396-4663-be7d-ca25e6149819", "value": "384:/nNqDEWqU6pP4eVVQ8TxgIo0lP6AUrc9m:/nfN148zxgIzliAUrcY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384913", "to_ids": false, "type": "size-in-bytes", "uuid": "fd024e28-5502-4375-9755-92c549790902", "value": "17920" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384913", "to_ids": true, "type": "vhash", "uuid": "8b629a6b-86ea-4976-bbc0-5f23c72ff624", "value": "114056655d65151038z19061z5xz60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384913", "to_ids": true, "type": "filename", "uuid": "17bf6ab5-a5f2-4ad5-848a-7348e444cb6d", "value": "ahlhcib.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741392799", "uuid": "22fee691-83f3-4e3d-8f7f-267d696b8e46", "Attribute": [ { "category": "Payload delivery", "comment": "encrypted payload (.DAT)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741392799", "to_ids": true, "type": "md5", "uuid": "d7c6355b-6c0c-4145-8563-9493b4a76eb0", "value": "ba39212c5b58b97bfc9f5bc431170827", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "encrypted payload (.DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358820", "to_ids": true, "type": "sha1", "uuid": "df17f909-f4c9-4c5e-aa16-d0b86e4d54b9", "value": "b2b2cd9ca6f5864ef2ac6382b7b6374a9fb2cbe9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "encrypted payload (.DAT)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358821", "to_ids": true, "type": "sha256", "uuid": "dc1805c4-2831-4af6-84ad-ec2b3812a177", "value": "112d70111fef5e5e072b17e0d5d9312a0826cb85304a17bb51330d9800936c4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352527", "to_ids": true, "type": "ssdeep", "uuid": "0ee50fe1-70d7-45c4-a05d-42976ade6827", "value": "3072:vWmqIpuBxVo1xLcbdsNu83/JNEhe/Iz1P7a3BPyVeg2HAInd7lhSrtqju:OmqI0B/oDxN3PJ1gP7k6SVdxhSrtsu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352527", "to_ids": false, "type": "size-in-bytes", "uuid": "d018f509-14e2-482a-9148-1a6110e7f0f1", "value": "203264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352527", "to_ids": true, "type": "vhash", "uuid": "b9ad6396-a6f2-4aed-b0d6-ee792cf56076", "value": "125046655d656288z561800231z301bz25zd6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352527", "to_ids": true, "type": "filename", "uuid": "90d4fa77-727f-4c16-ba59-72bc8279b057", "value": "TripleFantasy_BA39212C5B58B97BFC9F5BC431170827" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 03/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352527", "to_ids": false, "type": "text", "uuid": "9b24d867-4461-4eeb-b9cf-61b7d40baefc", "value": "encrypted payload (.DAT)\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:64/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 01/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384934", "to_ids": false, "type": "text", "uuid": "1b0b24b7-a6c9-4130-8fc0-38ea11de9ade", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:65/73" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384934", "to_ids": true, "type": "ssdeep", "uuid": "0e5bd67f-9735-4e26-a79d-fec8a33f8cad", "value": "3072:vWmqIpuBxVo1xLcbdsNu83/JNEhe/Iz1P7a3BPyVeg2HAInd7lhSrtqju:OmqI0B/oDxN3PJ1gP7k6SVdxhSrtsu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384934", "to_ids": false, "type": "size-in-bytes", "uuid": "b90f3192-b6d0-490e-af45-e2f0b230677b", "value": "203264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384934", "to_ids": true, "type": "vhash", "uuid": "9e357cf1-085e-438e-bc4b-453c811ab5dd", "value": "125046655d656288z561800231z301bz25zd6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384934", "to_ids": true, "type": "filename", "uuid": "c332d3ae-d644-4488-9637-2c4b89cd90dd", "value": "TripleFantasy_BA39212C5B58B97BFC9F5BC431170827" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981319", "uuid": "91602a53-68ad-498c-9142-10c97f2bd917", "Attribute": [ { "category": "Payload delivery", "comment": "DoubleFantasy installer + LNK exploit package", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981319", "to_ids": true, "type": "md5", "uuid": "9b8e6faf-b155-49be-a762-7314df56b08f", "value": "03718676311de33dd0b8f4f18cffd488", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleFantasy installer + LNK exploit package", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981319", "to_ids": true, "type": "sha1", "uuid": "1fd137ab-bb12-4058-a509-5a95ced1f11b", "value": "017198643efbcca0df6d2c681f9ec3465060b929", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "DoubleFantasy installer + LNK exploit package", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981319", "to_ids": true, "type": "sha256", "uuid": "f80f6f97-31f2-4732-a7d6-76f93e23db7a", "value": "866f94f30d9865995494a0f7228329c26149eef2960500b2177c736c5c846035", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352549", "to_ids": true, "type": "ssdeep", "uuid": "186decc1-8d12-47dd-850e-2b6e7e3f6d6a", "value": "6144:6UcQeAg3bYM53x2sZJH/F2b+JcgEegh//WX8HEKlm/B6lVR5EZ/fOZ:6UiA+bYC3DPfJcLvWX8kKlm/BSVzEZ4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352549", "to_ids": false, "type": "size-in-bytes", "uuid": "6b1bd9b9-d409-4073-97ea-822afed3af73", "value": "376320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352549", "to_ids": true, "type": "vhash", "uuid": "64c06746-5b3d-4cec-845a-bfbcb3725e0b", "value": "135046755d5511b8z4e18001d1z5037z11z3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352549", "to_ids": true, "type": "filename", "uuid": "28e53552-48c9-4819-ae88-b2ea359c1a3a", "value": "03718676311de33dd0b8f4f18cffd488.dll" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352549", "to_ids": false, "type": "text", "uuid": "69fc0345-e913-4623-a06f-0d240a3eafb6", "value": "DoubleFantasy installer + LNK exploit package\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:61/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384955", "to_ids": false, "type": "text", "uuid": "48e809d1-5d65-478f-9a5f-7ed8ff4aeff8", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Eqtonapt.A!dha\nVT Total Detection:61/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384955", "to_ids": true, "type": "ssdeep", "uuid": "8d4d8531-09a2-44c1-89aa-91b900cf7b51", "value": "6144:6UcQeAg3bYM53x2sZJH/F2b+JcgEegh//WX8HEKlm/B6lVR5EZ/fOZ:6UiA+bYC3DPfJcLvWX8kKlm/BSVzEZ4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384955", "to_ids": false, "type": "size-in-bytes", "uuid": "7ce94c3e-c59a-461a-a009-0757211c2cab", "value": "376320" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384955", "to_ids": true, "type": "vhash", "uuid": "69f3045f-5315-43a0-8bd1-b2959a5344f6", "value": "135046755d5511b8z4e18001d1z5037z11z3ez3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384955", "to_ids": true, "type": "filename", "uuid": "aeb4e064-4dcd-4060-a163-91a650ccfd1f", "value": "03718676311de33dd0b8f4f18cffd488.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741392841", "uuid": "bb7caebf-3d5d-441c-99c4-7c47fd66c74b", "Attribute": [ { "category": "Payload delivery", "comment": "HDD reprogramming module", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741392841", "to_ids": true, "type": "md5", "uuid": "f6f306db-a8ab-4568-b123-122db1b50ec3", "value": "11fb08b9126cdb4668b3f5135cf7a6c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HDD reprogramming module", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358824", "to_ids": true, "type": "sha1", "uuid": "54cd5ff2-d1fc-4f21-a552-b15a78adddb6", "value": "ff2b50f371eb26f22eb8a2118e9ab0e015081500", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "HDD reprogramming module", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358824", "to_ids": true, "type": "sha256", "uuid": "62e659ba-f7ce-490f-b992-be7959ebad37", "value": "83d14ce2dcfc852791d20cd78066ba5a2b39eb503e12e33f2ef0b1a46c68de73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352571", "to_ids": true, "type": "ssdeep", "uuid": "91e13e99-5cc6-46cf-a3e2-15f964cb0fc8", "value": "3072:8TBng9AFVT61rBjb32+6L5tqoxu+MMeLSv7QnDIBLAgMY72CDEFOniOzrAivAl8Y:81ng9gTOjb32+6Lq9HDewOhdv0t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352571", "to_ids": false, "type": "size-in-bytes", "uuid": "9b7537b7-337b-4d64-89b7-1973f72a4dc1", "value": "212480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352571", "to_ids": true, "type": "vhash", "uuid": "e8c0016d-7c63-4215-a7f1-cfb1a47854c7", "value": "125056651d55655078z1a1fhz1iz5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352571", "to_ids": true, "type": "filename", "uuid": "abace2e5-789c-4642-8851-e361f6c371f3", "value": "nls_933w.dll" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 25/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352571", "to_ids": false, "type": "text", "uuid": "74a58a4c-d630-4a8f-aa1b-7edf156f96f7", "value": "HDD reprogramming module\r\nType Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Rograhd.A!dha\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 28/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384977", "to_ids": false, "type": "text", "uuid": "9644748b-3bbe-4010-8e9e-987725eec00c", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Rograhd.A!dha\nVT Total Detection:59/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384977", "to_ids": true, "type": "ssdeep", "uuid": "9a3eecee-5c9e-40c4-a04f-e71e4d8905b2", "value": "3072:8TBng9AFVT61rBjb32+6L5tqoxu+MMeLSv7QnDIBLAgMY72CDEFOniOzrAivAl8Y:81ng9gTOjb32+6Lq9HDewOhdv0t" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384977", "to_ids": false, "type": "size-in-bytes", "uuid": "d0bec186-01ef-4718-87de-df968b8731ff", "value": "212480" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384977", "to_ids": true, "type": "vhash", "uuid": "0212967b-0f11-49fc-9a0e-5daa3ca71998", "value": "125056651d55655078z1a1fhz1iz5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384977", "to_ids": true, "type": "filename", "uuid": "cc4adbe9-eb97-4308-93dd-da3b1c47b569", "value": "nls_933w.dll" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1741392863", "uuid": "cd224a52-8b8d-40ee-aaa9-d5ab8f1c92e7", "Attribute": [ { "category": "Payload delivery", "comment": "GROK keylogger", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1741392863", "to_ids": true, "type": "md5", "uuid": "1ec83358-7b4f-46b7-8510-a3dc1cf3e6b1", "value": "24a6ec8ebf9c0867ed1c097f4a653b8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GROK keylogger", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740358825", "to_ids": true, "type": "sha1", "uuid": "dbb20e52-e594-497e-8cb0-2e36a0f08f82", "value": "50b8f125ed33233a545a1aac3c9d4bb6aa34b48f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "GROK keylogger", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740358825", "to_ids": true, "type": "sha256", "uuid": "4a8b1fe4-dfb2-441b-9be7-cf666f6fcf8d", "value": "441f2a6775621af8c5d1ead7082e9573ad878bc90675ed55f86abfc8a9e8cc6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740352592", "to_ids": true, "type": "ssdeep", "uuid": "75b9fdf6-7021-4515-8ef3-78c82ed81aaf", "value": "3072:wdWpskNQbkWD95SQcA0vWNc2gbDabSbosH4/h9:wdW/NCkU4QcA0ONc2YabKosH43" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740352592", "to_ids": false, "type": "size-in-bytes", "uuid": "2e9c8c76-79ab-4928-ae56-7ac6330b3bc9", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740352592", "to_ids": true, "type": "vhash", "uuid": "0d56df45-c504-4426-9058-efae3785ba96", "value": "0150a666151d151d751e5iz4fwz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740352592", "to_ids": true, "type": "filename", "uuid": "13011437-3f5b-450e-9da7-90720957c5ec", "value": "msrtdv.sys" }, { "category": "Other", "comment": "Checked: 24/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740352592", "to_ids": false, "type": "text", "uuid": "7eb85958-e360-486e-9cb2-8924f88ac765", "value": "GROK keylogger\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Fetrog.A\nVT Total Detection:58/72" }, { "category": "Other", "comment": "Checked: 08/03/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1741384998", "to_ids": false, "type": "text", "uuid": "5c0acf85-b7d1-441a-94ac-39f724b0622d", "value": "Type Description: Win32 EXE\n\nMicrosoft: Trojan:WinNT/Fetrog.A\nVT Total Detection:58/72" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1741384998", "to_ids": true, "type": "ssdeep", "uuid": "f6114eea-7ef2-4ad2-a004-6663f6d0226f", "value": "3072:wdWpskNQbkWD95SQcA0vWNc2gbDabSbosH4/h9:wdW/NCkU4QcA0ONc2YabKosH43" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1741384998", "to_ids": false, "type": "size-in-bytes", "uuid": "8a8e2011-5ad3-4772-8148-72ed5c02e2cb", "value": "163840" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1741384998", "to_ids": true, "type": "vhash", "uuid": "e19e3e6f-5845-4ff6-a609-72f9b36ae512", "value": "0150a666151d151d751e5iz4fwz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1741384998", "to_ids": true, "type": "filename", "uuid": "3cda9038-62c8-45fa-ab7c-174c19bb939d", "value": "msrtdv.sys" } ] } ] } }