{ "Event": { "analysis": "2", "date": "2020-06-25", "extends_uuid": "", "info": "[Threat Intel] MA-788.062020: MyCERT Alert - Malicious Android APK theme Covid-19 targeting Malaysia users", "protected": false, "publish_timestamp": "1780039910", "published": true, "threat_level_id": "2", "timestamp": "1780039909", "uuid": "5b86ba10-d505-42c8-9c28-b1d8ea01cbd9", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"4a61b42d-e3f0-4964-9d88-4aa96e24c31d\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740502078", "to_ids": false, "type": "link", "uuid": "2b7b5117-c460-488f-9e52-d393e41af91d", "value": "https://mycert.org.my/portal/advisory?id=MA-788.062020" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701206", "to_ids": true, "type": "md5", "uuid": "5040f6d4-7a69-49db-a7b2-12904f84303b", "value": "1974bd3c5efbe76fbfe58664c0906fa9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701207", "to_ids": true, "type": "sha1", "uuid": "6cd8426b-4b1c-4562-af54-871b5c29fa8b", "value": "ed068afc2d41bed7c6e5f4a6f380431babd43a00", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701208", "to_ids": true, "type": "sha256", "uuid": "922d9f6b-2db4-4363-bf42-114c26bd4781", "value": "13dcb880e3263363acef3c772178257490fe08ab31bc03e949bb8d4bad73d3f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701209", "to_ids": true, "type": "md5", "uuid": "695ae455-2110-49b5-9d51-256c1d4ba051", "value": "097f4b26211d6d50c3635147168710d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701210", "to_ids": true, "type": "sha1", "uuid": "725265e6-a444-4624-b819-4d0c09045ce5", "value": "60895094b942c46926df2ca20b175f073b331552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701212", "to_ids": true, "type": "sha256", "uuid": "a1d9883a-92a8-49d1-a3ef-1f61d0dc69cd", "value": "7aac3e2b9a9a044e54f8e1c0998ad48a4cc2fe9e6246a66d8f334d243bbe9523", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701213", "to_ids": true, "type": "md5", "uuid": "5e98bc8a-8546-429e-8511-eeea68689cf8", "value": "4ab5a95e8443dd5a98bccff50a49d0cc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701214", "to_ids": true, "type": "sha1", "uuid": "70832e28-459d-4e00-ac03-b35bbe3e45bb", "value": "a8c709ff95ba07d79c4b61b3f1f2c99e6b578958", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701215", "to_ids": true, "type": "sha256", "uuid": "678f95b2-a4c4-446c-a2b0-089be6428a56", "value": "9471fc333219acb41c7f39724aa117a6a6c771d536bd09570e06134fbdc427dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701216", "to_ids": true, "type": "md5", "uuid": "519d63ec-0e30-446b-a4c0-4e20e10dd2bc", "value": "086aa916e3de9133415dab0075deeced", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701218", "to_ids": true, "type": "sha1", "uuid": "553c60d2-e618-4d07-9935-163e13c9c285", "value": "c88487090bbf266aeac211a5aa50044ec3447785", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701219", "to_ids": true, "type": "sha256", "uuid": "8c4eb5b1-1cf0-491b-b546-8d2a9c1bb19e", "value": "952381377ca43239b1105a89f9d0aa7fda11f51b488fb2fe4f4ac570b7829503", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701219", "to_ids": true, "type": "md5", "uuid": "83ee2bb7-6d8e-4502-b0de-459f92800dbb", "value": "97d31fb3c830f7a441288e1853371c07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701220", "to_ids": true, "type": "sha1", "uuid": "acf2006a-03a5-4761-913f-c2cc4f6f6072", "value": "e0941fea65541fed509b25ccab37162ae3fc4857", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701222", "to_ids": true, "type": "sha256", "uuid": "e6cd5afc-47f1-4ba6-9630-66e9b0a0f3f1", "value": "acc88ccd3e39926086c173b094dca31b9ca79f70c34cbed52ea3d24e1797aac5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701222", "to_ids": true, "type": "md5", "uuid": "9817325c-f38c-445f-a7b6-5c9863fec305", "value": "98fd5e686e897007f1625ed6850127b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701224", "to_ids": true, "type": "sha1", "uuid": "0a32885f-28ea-4603-92a4-93222be88a7f", "value": "6b55b2763bcf26008e004c40136e2f2fafd275f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701225", "to_ids": true, "type": "sha256", "uuid": "d5b7f6ed-1376-4de7-992d-2399ad7aefc6", "value": "298ec58a1d1d1ce242e9ffb3d44bfdcac2bea1fc3fdfa87e93742771edc2d44d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701226", "to_ids": true, "type": "md5", "uuid": "c4e0106b-65b7-49b4-8190-eda482eb37fc", "value": "cebc0c87d6426b595a3ff5bcc9af352a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701227", "to_ids": true, "type": "sha1", "uuid": "a4d4d6c5-1f62-454d-9d4e-b9ae7dca0f9f", "value": "1e93d8c0d68a8cc53d91b15b74ab909531637961", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701229", "to_ids": true, "type": "sha256", "uuid": "ea716dca-9bc9-48b1-b323-74099570ac85", "value": "8a76716af58fe4dae5b4fab0c6dbbbf7ffb9f04786dfc1e64f45a46f8901f0d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701230", "to_ids": true, "type": "md5", "uuid": "a6941e9d-1d43-47dd-8767-b66eab9c2374", "value": "64a9c5b43dfde507de727ba7a2346d72", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701231", "to_ids": true, "type": "sha1", "uuid": "9727ca66-b668-40ee-b05e-2d5bce410015", "value": "8ffc913798760ca3256e9d096228cea26c8deb0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701232", "to_ids": true, "type": "sha256", "uuid": "e81b38d1-7fb0-4dac-a00e-6d558687cdcf", "value": "6c2461889c1387ceb7c80bb38f540ee88e651c971913528ecd818a2108135593", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701233", "to_ids": true, "type": "md5", "uuid": "9fd930aa-d61b-444d-9704-527e30350214", "value": "6f67733de9ed9cd26d4f74011e0c5b74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701234", "to_ids": true, "type": "sha1", "uuid": "c5fc8f76-c78e-41c0-8c50-87035f6eec1c", "value": "00a3aed7d00164a61aa705d76678f70a54b13e31", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701235", "to_ids": true, "type": "sha256", "uuid": "1b221190-5c6a-4dc5-9709-21b1d918a94b", "value": "01260ca05c79ab84d0750c8b2b2e6ca79f46349b2ed698ab7cbe875bc2209f87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701236", "to_ids": true, "type": "md5", "uuid": "811f8995-5489-43e7-aced-1cc56a898580", "value": "a26286972e7ff06ffba100af1c1f8d4f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701237", "to_ids": true, "type": "sha1", "uuid": "4aa5c876-0cee-4614-bf75-c3e5048a04db", "value": "7faf27c0c682c578c64405aa391c415a05279107", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701239", "to_ids": true, "type": "sha256", "uuid": "5f5e2b4c-f619-4b84-81a2-bae852183988", "value": "9153637aef23e94409e37270c1bdd907a2a5d79c83a87309e2c5f5016fa896b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701240", "to_ids": true, "type": "md5", "uuid": "4987417d-5046-4f27-b449-8fdf52859818", "value": "6d59408703e9eb19686fd10d349a5319", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701241", "to_ids": true, "type": "sha1", "uuid": "21d336a8-d41f-4c9e-899b-da963736bb96", "value": "2dba2aa12f967220d124416ac5d19db7eac87dce", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:08/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746701242", "to_ids": true, "type": "sha256", "uuid": "e68d9a73-d6b3-4b4d-aeb7-ea0ec6cc3597", "value": "5d9fff3e5cb62214a06493fc1b2c72494eab03cb8868d9a895e6980d4978d32e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746831856", "to_ids": true, "type": "domain", "uuid": "a9056181-3423-4315-83fe-20c69c7ba591", "value": "gladyobreic24e1s.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746831877", "to_ids": true, "type": "domain", "uuid": "8b213175-4faa-4a75-a26e-99333104d0b9", "value": "cabel1lan4ightice2.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746831898", "to_ids": true, "type": "domain", "uuid": "f1b686cc-dd67-4052-afc2-b873c9387e9f", "value": "fe2rltao23ts.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746831919", "to_ids": true, "type": "domain", "uuid": "ab8c0df9-3e18-41e8-b4e3-ef31f1e0bc67", "value": "ucuzplastk.tk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039908", "to_ids": true, "type": "ip-dst", "uuid": "8be20c23-44cc-40a1-a062-313fbad9f6fc", "value": "47.252.20.45", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#836891", "local": false, "name": "asn:asn=\"45102\"", "relationship_type": "" }, { "colour": "#692b04", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Alibaba US Technology Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039909", "to_ids": true, "type": "ip-dst", "uuid": "998b8990-fa12-41ce-a5dd-5109f2698d97", "value": "148.66.159.235", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#44f56a", "local": false, "name": "asn:asn=\"26496\"", "relationship_type": "" }, { "colour": "#238399", "local": false, "name": "asn:as-owner=\"AS-26496-GO-DADDY-COM-LLC\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "This malware is hosted at", "deleted": false, "disable_correlation": false, "timestamp": "1746831983", "to_ids": true, "type": "url", "uuid": "8dfa08a2-c231-440a-9955-cdeb6dcfbe60", "value": "https://defase241.s3.eu-central-1.amazonaws.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "This malware is hosted at", "deleted": false, "disable_correlation": false, "timestamp": "1746832004", "to_ids": true, "type": "url", "uuid": "0c86b90d-1531-418a-a6a5-8eea23844f17", "value": "https://fewfasdfwerta.s3.eu-central-1.amazonaws.com/StayAtHome.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "This malware is hosted at", "deleted": false, "disable_correlation": false, "timestamp": "1746832025", "to_ids": true, "type": "url", "uuid": "7bba12f9-3a83-40e1-9910-17f402e207b5", "value": "https://stayinghomemalaysia.s3.eu-central-1.amazonaws.com/StayingHomeMalaysia.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "This malware is hosted at", "deleted": false, "disable_correlation": false, "timestamp": "1746832046", "to_ids": true, "type": "url", "uuid": "b14acdfb-370a-4032-a72f-141baeeafd94", "value": "https://fesastatre214s.s3.eu-central-1.amazonaws.com", "Tag": [ { "colour": "#f08989", "local": false, "name": "NotFoundError", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "This malware is hosted at", "deleted": false, "disable_correlation": false, "timestamp": "1746832067", "to_ids": true, "type": "url", "uuid": "9399453e-88a1-4150-8492-a64f0421721b", "value": "https://20gbcampaings.tk/APK/20GBGift.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832088", "uuid": "6e03fa77-0591-4a4e-b6a7-3aff7a3899d1", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832088", "to_ids": true, "type": "md5", "uuid": "eda0cc4e-f710-4c62-9410-cac25093579f", "value": "9c4c5035012b3b8a88d8bbe5a2f94baa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697125", "to_ids": true, "type": "sha1", "uuid": "82bf2bf7-f497-44c3-aab0-227360298c72", "value": "06f0328d713ae4593b4563ba3d1cff66661ea37e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697125", "to_ids": true, "type": "sha256", "uuid": "3ff33bf3-a6e3-46cc-a7d2-e8d2d844296f", "value": "84638c9b4302fef17ad9415bcd95029b1ea7db15a31082ec82aa063c097b7f25", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697125", "to_ids": true, "type": "ssdeep", "uuid": "b350bc5a-d10a-4128-9d74-401db8d0a331", "value": "24576:rdcXvPf+jPYxjqQeMyooah5M4cJM7tSb0lh9MZe3X2/z35FQ7YibISCqf89E5V+Z:5cv+LYx8ooaha4c+GCuWtM" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697125", "to_ids": false, "type": "size-in-bytes", "uuid": "eb7d12bf-d3cf-4233-91a2-aff0bb719fb8", "value": "1485885" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697125", "to_ids": true, "type": "vhash", "uuid": "c6c7cf94-69e0-4b11-81de-ebdb1b137da8", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697125", "to_ids": true, "type": "filename", "uuid": "2a066ba2-572e-4803-b97d-12bbfb8e3466", "value": "StayHomeMalaysia.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 03/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697125", "to_ids": false, "type": "text", "uuid": "a4e3ab3b-f83f-4a35-808d-59e53fc90e7e", "value": "Type Description: Android\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:22/64\nFirst Submission:2020-06-02T06:49:34.000000+00:00\nLast Submission:2020-06-02T06:49:34.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832109", "uuid": "9a6eba4d-b6ff-4394-b316-c19921fd3706", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832109", "to_ids": true, "type": "md5", "uuid": "ba4de80b-6b5a-465e-bf03-bd83632dec28", "value": "b61c8f5157a38a1b40b4294be3e8cb29", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697147", "to_ids": true, "type": "sha1", "uuid": "3d83231f-1942-4e60-983f-0f2bd19a4e43", "value": "7e10f666db9ecc143f4aa53ec39e5ce6b2bbe793", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697147", "to_ids": true, "type": "sha256", "uuid": "36dbb7ad-865f-4e7a-a996-d174aec775f4", "value": "b7cb5ae55f339bafc95c0b69bfb7ac46a71f2df1d3f457abf94659b67829a583", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697146", "to_ids": true, "type": "ssdeep", "uuid": "1f791289-510b-49da-b771-064e45254b5f", "value": "24576:3gPp0h6Om+YftITGyNDUMB9h+kHCM4cJM7tSb0lh9MZe3X2/z35FQ7YibISCqf8f:3gx081TftklUOL4c+R8EfE6O+S" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697146", "to_ids": false, "type": "size-in-bytes", "uuid": "b6a1caca-0c95-48fd-9560-c769427f8c9e", "value": "1476887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697146", "to_ids": true, "type": "vhash", "uuid": "e5bca97a-e590-46cf-8608-97e6bba0390f", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697146", "to_ids": true, "type": "filename", "uuid": "d27fa6e0-4ca6-4fad-818f-b4b024de1490", "value": "Hadiah.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 08/07/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697146", "to_ids": false, "type": "text", "uuid": "a133d68d-70ff-45bd-bd27-1680f77f842d", "value": "Type Description: Android\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:29/64\nFirst Submission:2020-06-02T01:08:17.000000+00:00\nLast Submission:2020-06-02T01:08:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832130", "uuid": "71e841c4-fb63-4951-b385-1d7f860ec6ea", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832130", "to_ids": true, "type": "md5", "uuid": "7185b070-016d-44be-b398-07e24dfa6c91", "value": "548bae857891cc7e578031922def6c5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697168", "to_ids": true, "type": "sha1", "uuid": "12797ab7-9d13-44e7-adf3-fe1f1721a049", "value": "c7f7499262d4619a7dbf03b480883793f9fe4b6f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697168", "to_ids": true, "type": "sha256", "uuid": "e757ef86-70e0-405f-9ed0-eb14ad2936f4", "value": "8e36e5f1de62ec48bbdf8eeca4e2ab65c186d4978f1cd715611e06b16aa3fc34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697167", "to_ids": true, "type": "ssdeep", "uuid": "8be32866-265b-469a-9d42-cbf54f0b4d46", "value": "24576:O1e4PXLTvcQFhbQw4z3OqtzHqT1XMYVuM4cJM7tSb0lh9MZe3X2/z35FQ7YibISp:O1e4PU85Qw4LOeD6Xn/4c+K4IBBBBovb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697167", "to_ids": false, "type": "size-in-bytes", "uuid": "064c07c9-61ec-41dd-82ee-3d4c97193928", "value": "1556104" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697167", "to_ids": true, "type": "vhash", "uuid": "930167f6-a998-4b5e-a47e-3928e42bf97b", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697167", "to_ids": true, "type": "filename", "uuid": "abab14d1-474e-4196-b106-45a65f8f1dae", "value": "StayingHomeMalaysia.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 14/12/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697167", "to_ids": false, "type": "text", "uuid": "e491acd2-c707-4534-b652-2e7d78dc5e0d", "value": "Type Description: Android\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:37/65\nFirst Submission:2020-06-02T05:51:40.000000+00:00\nLast Submission:2020-06-02T05:51:40.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832151", "uuid": "46d47a37-289b-454b-b833-1c47b26d13a4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832151", "to_ids": true, "type": "md5", "uuid": "89425d45-f7e1-4168-883b-1733e0926122", "value": "8ff52a49b6efc41c5bd3f77c406297f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697189", "to_ids": true, "type": "sha1", "uuid": "b4cac0cf-595e-479c-9b3b-dd4035788868", "value": "5f7e1f00eef53c3654b406bc097094d4a2727469", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697189", "to_ids": true, "type": "sha256", "uuid": "3eea154a-a0cd-44ad-9c60-3c60fc3b6963", "value": "4a21ec52a544e3b77ed0ddb5dea5f5fac91714a4aa0a40396cc85663d4e15444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697189", "to_ids": true, "type": "ssdeep", "uuid": "aab162dc-1098-44ad-80ba-37992658f775", "value": "24576:mpksHl6HVFRbL1yfAuM38WZpVJFZeM4cJM7tSb0lh9MZe3X2/z35FQ7YibISCqfk:mplHIVF9L1hp3NZpzHP4c+Rc9p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697189", "to_ids": false, "type": "size-in-bytes", "uuid": "2a04f706-5408-49d5-94ef-df779311d791", "value": "1443411" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697189", "to_ids": true, "type": "vhash", "uuid": "6ae83458-9865-4f06-b96c-21e8e3248e01", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697189", "to_ids": true, "type": "filename", "uuid": "1c28ac0b-99fc-4b77-a109-39ff35c187a0", "value": "StayAtHome.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 04/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697189", "to_ids": false, "type": "text", "uuid": "a93960c3-ad9c-448a-ba9e-f21bb9f2b1fb", "value": "Type Description: Android\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:28/63\nFirst Submission:2020-06-02T02:01:58.000000+00:00\nLast Submission:2020-06-02T02:01:58.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832172", "uuid": "2028a59f-4143-4398-aca4-40b6bdc0223f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832172", "to_ids": true, "type": "md5", "uuid": "a9497552-254a-4efd-a3d1-39307c6094c2", "value": "e1dab20d26cad225b29c715f24ce0594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697273", "to_ids": true, "type": "sha1", "uuid": "a14f3f16-c9aa-4d4d-a06b-4a97897ad67e", "value": "95275d4b4f3fe820283cf522f7379629fd150d49", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697273", "to_ids": true, "type": "sha256", "uuid": "f1c11372-718e-4504-a7c9-f14086347444", "value": "2a63fa5630774ab652f0f1338d7c251cf74e615d6d52452d027d2e38f53b96c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697273", "to_ids": true, "type": "ssdeep", "uuid": "16d6dc88-3634-40cf-bede-6615c896e42a", "value": "6144:aB1KRRHCdGr9TP1iqfxsa27n4z36WCyN+yRtTl1iZysMHx:aek8r9ptsa33DN3RtTl1iZysMHx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697273", "to_ids": false, "type": "size-in-bytes", "uuid": "2bcfc392-82f4-4e51-a3d5-e1ed27e4ddae", "value": "305969" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697273", "to_ids": true, "type": "vhash", "uuid": "dce8affe-5964-4173-9914-6d934a807e1e", "value": "84ecbcf4d085f8cd864e7ff39ba33c11" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697273", "to_ids": true, "type": "filename", "uuid": "04351909-86ba-4aaf-96ff-0bdace594fd4", "value": "ring.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 10/11/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697273", "to_ids": false, "type": "text", "uuid": "bd4b8986-f1aa-4a7c-9a82-400642304571", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:13/66\nFirst Submission:2020-03-05T08:58:14.000000+00:00\nLast Submission:2020-03-05T08:58:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746832193", "uuid": "f6a09462-e984-4265-a47b-dc46cb19d7d0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746832193", "to_ids": true, "type": "md5", "uuid": "8dc7d3e9-bc7d-4e9e-b255-8ef19b7b892c", "value": "69efe778721dcd66bbd7ed1eaf2ae116", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746697294", "to_ids": true, "type": "sha1", "uuid": "ce4f7072-92f7-4941-a0d5-ce9831350473", "value": "486302fd8dee7ad3b1f068e3143edfa603ae54c6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746697295", "to_ids": true, "type": "sha256", "uuid": "fe06c81b-6b4f-4e1e-a0b6-a64e67aaf156", "value": "5386abd90497dc0b97537ae585addfa1772b10cd4353e41b413e90eb07a145fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746697294", "to_ids": true, "type": "ssdeep", "uuid": "924d3681-eeda-447b-a3ef-a55b2fc0cb99", "value": "49152:D9JYfTPf5W/PZO4aCb7veLI4/PffoyLyOyf7Rr:DLYfouCPeLI4XffbjKdr" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746697294", "to_ids": false, "type": "size-in-bytes", "uuid": "d89f250f-287c-4b4a-83c4-4c98c05aa7ff", "value": "1860561" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746697294", "to_ids": true, "type": "vhash", "uuid": "b29ea06d-39b2-48b9-aaf0-fb556c803fef", "value": "cc95e9dad7fdc0e9fc5341606c7010c4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746697294", "to_ids": true, "type": "filename", "uuid": "b46cdbb5-f2a4-4262-83c9-9f2d984c9526", "value": "20GBGift.apk" }, { "category": "Other", "comment": "Checked: 08/05/2025\nLast-scan\t: 17/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746697294", "to_ids": false, "type": "text", "uuid": "7a8f7e31-e7e9-4295-815f-5539a2d2a01b", "value": "Type Description: Android\nMicrosoft: None\nVT Total Detection:22/64\nFirst Submission:2020-06-11T14:08:01.000000+00:00\nLast Submission:2020-06-11T14:08:01.000000+00:00" } ] } ] } }