{ "Event": { "analysis": "2", "date": "2014-08-20", "extends_uuid": "", "info": "[Threat Intel] \u201cEl Machete\u201d", "protected": false, "publish_timestamp": "1780039713", "published": true, "threat_level_id": "2", "timestamp": "1772901967", "uuid": "60a75a73-eaf6-4b4f-bd34-0676208f493b", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#732009", "local": false, "name": "misp-galaxy:target-information=\"Colombia\"", "relationship_type": "" }, { "colour": "#63db91", "local": false, "name": "misp-galaxy:target-information=\"Cuba\"", "relationship_type": "" }, { "colour": "#321f24", "local": false, "name": "misp-galaxy:target-information=\"Ecuador\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#5ed128", "local": false, "name": "misp-galaxy:target-information=\"Germany\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Venezuela\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"El Machete\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Python - T1059.006\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740319150", "to_ids": false, "type": "link", "uuid": "8a7fab3e-9032-4072-b84b-6276c2916235", "value": "https://securelist.com/el-machete/66108/" }, { "category": "Payload delivery", "comment": "Infection artifacts No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740321005", "to_ids": true, "type": "md5", "uuid": "182edc7a-abf1-473a-afd1-5e6b0f826029", "value": "61d33dc5b257a18eb6514e473c1495fe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740321006", "to_ids": true, "type": "md5", "uuid": "8ea231c5-16da-4ad2-8326-0be81abe650b", "value": "b5ada760476ba9a815ca56f12a11d557", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740321007", "to_ids": true, "type": "md5", "uuid": "88d2b81e-2a3d-414c-a957-ec9819ec6a43", "value": "d6c112d951cb48cab37e5d7ebed2420b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740321009", "to_ids": true, "type": "md5", "uuid": "a7e2e2ea-0c7a-48ff-a2db-b08b72f47829", "value": "df2889df7ac209e7b696733aa6b52af5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740321010", "to_ids": true, "type": "md5", "uuid": "9f92a8d1-c076-48c0-a60c-457ee80dcb57", "value": "f7e23b876fc887052ac8e2558f0d6c38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969866", "to_ids": true, "type": "hostname", "uuid": "ed90daba-a4d0-4b03-82cb-af82211de9b2", "value": "java.serveblog.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969887", "to_ids": true, "type": "domain", "uuid": "fccdf520-2f2a-4286-a510-e7e663d5d5b0", "value": "agaliarept.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969908", "to_ids": true, "type": "domain", "uuid": "db2f3bdf-3501-41cc-9f45-503334315654", "value": "frejabe.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969929", "to_ids": true, "type": "domain", "uuid": "491efe59-1929-4be5-ade1-fc170f58ea42", "value": "grannegral.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969950", "to_ids": true, "type": "domain", "uuid": "ffa7d067-6765-4506-9555-a6f5a819f67d", "value": "plushbr.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969971", "to_ids": true, "type": "domain", "uuid": "2c614a47-426b-4caf-a814-81687758938f", "value": "xmailliwx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740969992", "to_ids": true, "type": "domain", "uuid": "db792233-1b7e-4f16-ba4e-66c19e00bbb7", "value": "blogwhereyou.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740970013", "uuid": "8568a6e6-9b0b-46fe-b7c2-01f5b17c0749", "Attribute": [ { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740970013", "to_ids": true, "type": "md5", "uuid": "4e653296-bc47-4738-a28b-b7a3bf3bb84c", "value": "e486eddffd13bed33e68d6d8d4052270", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740321001", "to_ids": true, "type": "sha1", "uuid": "cb78108f-2b10-4a08-88cc-eb1ffceeaa3a", "value": "53184dcfcec948f02564234b5b8755fddf066376", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740321001", "to_ids": true, "type": "sha256", "uuid": "e11f82c2-164a-4fa5-8bb9-0482c47445b9", "value": "bf25b330975dc700be3f1f6b1b3362e34eb84b89725d4936d893cdd4f1499e69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740319660", "to_ids": true, "type": "ssdeep", "uuid": "c86f05e7-cd34-4059-b877-dfe82708822c", "value": "98304:lZnAjm6EkJuUj9NQf7ebPrApx/f14s5JCW+oEo74Am83DwsgYzhW0Mf8:lNl6XYUsfqD2/NhCVohvx3E5CX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740319660", "to_ids": false, "type": "size-in-bytes", "uuid": "6198452d-0e77-448b-9803-c9c787bfc21a", "value": "4945470" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740319660", "to_ids": true, "type": "vhash", "uuid": "50f5a755-e23b-4aed-a1a2-a4aeca6c99f4", "value": "046056655d1c05709043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740319660", "to_ids": true, "type": "filename", "uuid": "40de82ab-baec-4350-8285-44fa8b3efbad", "value": ".\\dist\\Reclamo.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 05/06/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740319660", "to_ids": false, "type": "text", "uuid": "8d593f86-1eee-4f28-84e5-6e95ed70db25", "value": "Infection artifacts\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Leonem\nVT Total Detection:53/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740970034", "uuid": "1f843251-d66d-4a02-9f7e-0cf4983855d0", "Attribute": [ { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740970034", "to_ids": true, "type": "md5", "uuid": "3a27a157-7c5f-4c18-a572-1d36892b774c", "value": "e9b2499b92279669a09fef798af7f45b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740321002", "to_ids": true, "type": "sha1", "uuid": "2353a916-52f7-4db5-8355-77ba9d7d689c", "value": "c9d75d7c4954fe980c6a3de3d825675e0c1daf2d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740321002", "to_ids": true, "type": "sha256", "uuid": "4c2ff8dc-0c64-40c8-86ae-a8ee8c87b2b6", "value": "e34576a133633541fd3d915800e15048f4c28b592d4ab3401792421ac3caf2c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740319682", "to_ids": true, "type": "ssdeep", "uuid": "d1faf156-99b7-4e5c-ae6c-d3db84b8f720", "value": "98304:lZ1PrApx/f14s5JCW+oEo74Am83DwsgYzhW0MfxIoE:lT2/NhCVohvx3E5CgIoE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740319682", "to_ids": false, "type": "size-in-bytes", "uuid": "5be0c860-dabc-4680-9ec6-5025823a08e1", "value": "3596677" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740319682", "to_ids": true, "type": "vhash", "uuid": "884e5ae0-bf02-4815-b3c0-bd3f2c561848", "value": "036056655d1c05709043z8003b7z47z62z3e03dz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740319682", "to_ids": true, "type": "filename", "uuid": "0eaf07be-07b5-4935-8181-3930d046a4b6", "value": ".\\dist\\Reclamo.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 19/08/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740319682", "to_ids": false, "type": "text", "uuid": "c6d20dc6-6ebe-4dd8-bf96-0736211ba313", "value": "Infection artifacts\r\nType Description: Win32 EXE\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:57/75" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740970055", "uuid": "84b5abfd-5918-4846-a7b8-6d6495a59aec", "Attribute": [ { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740970055", "to_ids": true, "type": "md5", "uuid": "51ff1c6f-ebbe-4bd3-82c8-bf1e0fd18bc4", "value": "b26d1aec219ce45b2e80769368310471", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740321004", "to_ids": true, "type": "sha1", "uuid": "e755fb28-e117-462c-b1a5-045ee2193573", "value": "a18c9e5d0f0e2e04cd11d41cfdee19b138488534", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Infection artifacts", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740321004", "to_ids": true, "type": "sha256", "uuid": "844e94d0-c0b9-4637-97a7-eeba24124312", "value": "c395a7207459687058dc8b75ce0a33142d49e08f9662caffa2a99dd446c03ce7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740319725", "to_ids": true, "type": "ssdeep", "uuid": "42409203-bfda-4e17-9192-8fa4b7697d03", "value": "48:9gc94aL1JEkHns1pAPo4i2+EWlH0yxKNRcumM/Xb3JtF7asBgLUqhrk:ZakHupAPo/TEEHVM5Zb3JtF7asBhqho" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740319725", "to_ids": false, "type": "size-in-bytes", "uuid": "4467aff1-9a4e-48b0-9b0c-1b7357715d1e", "value": "2731" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740319725", "to_ids": true, "type": "vhash", "uuid": "fede6507-3773-48f4-a4fb-db55aadf0964", "value": "6ec4093bfb8a8175fdcdcd531211adc1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740319725", "to_ids": true, "type": "filename", "uuid": "ff334a09-e675-43bf-a574-e8f0c3acf855", "value": "Signed_Update.jar" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 16/08/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740319725", "to_ids": false, "type": "text", "uuid": "060b5645-8069-4ec5-9d04-04530f8d1162", "value": "Infection artifacts\r\nType Description: JAR\n\nMicrosoft: Trojan:Java/Sploilder.A\nVT Total Detection:29/63" } ] } ] } }