{ "Event": { "analysis": "2", "date": "2023-05-31", "extends_uuid": "87a3c7a8-d755-47c7-9084-a7d58341be99", "info": "[Threat Intel] Dark Pink. Episode 2", "protected": false, "publish_timestamp": "1780040148", "published": true, "threat_level_id": "1", "timestamp": "1772902027", "uuid": "61853de2-8dd1-4192-b828-05018aec7e75", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#a9150c", "local": false, "name": "misp-galaxy:producer=\"Group-IB\"", "relationship_type": "" }, { "colour": "#a7b0e0", "local": false, "name": "misp-galaxy:target-information=\"Belgium\"", "relationship_type": "" }, { "colour": "#7c8061", "local": false, "name": "misp-galaxy:target-information=\"Bosnia and Herzegovina\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Brunei\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Development\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Military\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"NGO\"", "relationship_type": "" }, { "colour": "#17c030", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Archive via Utility - T1560.001\"", "relationship_type": "" }, { "colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1548.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Credentials from Web Browsers - T1555.003\"", "relationship_type": "" }, { "colour": "#e1e63b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1574.002\"", "relationship_type": "" }, { "colour": "#68f2ff", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Double File Extension - T1036.007\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Web Service - T1567\"", "relationship_type": "" }, { "colour": "#e95bc8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration to Cloud Storage - T1567.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File Deletion - T1070.004\"", "relationship_type": "" }, { "colour": "#0c0051", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Local Data Staging - T1074.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"MSBuild - T1127.001\"", "relationship_type": "" }, { "colour": "#47d9d3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Malicious File - T1204.002\"", "relationship_type": "" }, { "colour": "#1b0fe1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerade Task or Service - T1036.004\"", "relationship_type": "" }, { "colour": "#bf01b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#755c09", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"PowerShell - T1059.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1518.001\"", "relationship_type": "" }, { "colour": "#c202a1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1566.002\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Transfer Data to Cloud Account - T1537\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Visual Basic - T1059.005\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#02475d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Command Shell - T1059.003\"", "relationship_type": "" }, { "colour": "#d528b5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows File and Directory Permissions Modification - T1222.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1546.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1547.004\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740786692", "to_ids": false, "type": "link", "uuid": "f42ff434-ec1a-4b47-b9f0-f48f960ea708", "value": "https://www.group-ib.com/blog/dark-pink-episode-2/" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740786818", "to_ids": false, "type": "threat-actor", "uuid": "834d1ba0-dae6-4681-958d-53b708661080", "value": "Dark Pink" }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740786832", "to_ids": false, "type": "threat-actor", "uuid": "e82acacf-aa11-464f-a10f-2b28627f775c", "value": "Saaiwc Group" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833271", "to_ids": true, "type": "url", "uuid": "d41c13f9-2abd-4855-9af8-268ae572606c", "value": "https://webhook.site/288a834b-fd92-4531-82a5-b41e907daa56", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833305", "to_ids": true, "type": "url", "uuid": "49a83060-2411-4614-ba29-ee0166aaa5f6", "value": "https://webhook.site/2b733e31-70bb-4777-be4a-41a98f3559bf", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833334", "to_ids": true, "type": "url", "uuid": "af1ed89c-1649-4f44-890b-5e6a9bc2af85", "value": "http://raw.githubusercontent.com/peterlyly/zxcv/main/xxx.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833356", "to_ids": true, "type": "url", "uuid": "d81b7be1-c362-42af-a52c-b0f10afd04c4", "value": "http://raw.githubusercontent.com/peterlyly/zxcv/main/ccc.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833378", "to_ids": true, "type": "url", "uuid": "5c8e5e09-c3b0-441b-bac7-280740f4c707", "value": "http://raw.githubusercontent.com/peterlyly/zxcv/main/DDDD.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833400", "to_ids": true, "type": "url", "uuid": "7dfdd29c-371f-4221-b466-38671f66323d", "value": "http://raw.githubusercontent.com/peterlyly/zxcv/main/eeeee.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833422", "to_ids": true, "type": "url", "uuid": "d8c17b86-1ba3-4de5-9a9d-bb1ea04efaaa", "value": "https://raw.githubusercontent.com/peterlyly/zxcv/main/eeeee.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833444", "to_ids": true, "type": "url", "uuid": "8a638180-c564-4892-9bca-84d99879c329", "value": "https://raw.githubusercontent.com/peterlyly/zxcv/main/xxx.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833468", "to_ids": true, "type": "url", "uuid": "6af3d0b0-acb5-4485-abbf-a7f4bd12eb50", "value": "https://raw.githubusercontent.com/peterlyly/zxcv/main/eee.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833495", "to_ids": true, "type": "url", "uuid": "3e6c94b4-6e4e-4cc2-833e-599fdf1593ee", "value": "https://raw.githubusercontent.com/peterlyly/zxcv/main/ccc.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833518", "to_ids": true, "type": "url", "uuid": "ff7efac7-915d-46b8-8194-bb837af69750", "value": "https://raw.githubusercontent.com/peterlyly/zxcv/main/bbb.gif", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833540", "to_ids": true, "type": "url", "uuid": "d7992728-7498-4e85-9275-ee2f81d340b9", "value": "https://textbin.net/raw/1tmfbi0bep", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833565", "to_ids": true, "type": "url", "uuid": "da03bcda-e8f9-4670-8844-258109cfdaa4", "value": "https://textbin.net/raw/d7hs6e68ox", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833586", "to_ids": true, "type": "url", "uuid": "aabcbbc8-fca5-4d2c-b74f-eb35457d3c5d", "value": "http://176.10.80.38:8843/upload", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833608", "to_ids": true, "type": "url", "uuid": "5742b231-57d3-4724-b754-5a3a64306b12", "value": "http://176.10.80.38:8843/11.msi", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746833629", "to_ids": true, "type": "url", "uuid": "df7d7175-bca5-4e3e-b549-c07da2aa2e02", "value": "http://176.10.80.38:8843/1.zip", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833650", "uuid": "c3b74e1d-4842-4d43-8ac6-2e2262d07436", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833650", "to_ids": true, "type": "md5", "uuid": "e1347c26-2bcb-451a-834e-3a9ef53ba356", "value": "98beb20ef1e4d629965c9132be8feb07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793122", "to_ids": true, "type": "sha1", "uuid": "0f53f64e-fdb5-4ea7-bf3a-f8eec8e58568", "value": "1622f5f045c2008d474e533187f5d13ec73d8e6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793122", "to_ids": true, "type": "sha256", "uuid": "3e640cc7-8aa5-439a-9f74-63e864801f28", "value": "6b7c4ce5419e7cde80856a85559203dca5219d05115cdd6c1598f2e789149c34", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793121", "to_ids": true, "type": "ssdeep", "uuid": "fd3d0479-df1e-4a44-8efc-638d74a948ea", "value": "24576:zD3R5CY2E7+oboYHIqNbOCCKbUUkLqi1ur5R:ztAY2UUZq5QKmlu1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793121", "to_ids": false, "type": "size-in-bytes", "uuid": "930c413f-312c-4e2a-9348-40a7c39fac17", "value": "2709504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793121", "to_ids": true, "type": "vhash", "uuid": "4cfa0953-6d89-4ac3-b291-5eccf100ae8a", "value": "ddc4a6592a0c7b27a3f32c44d0a0696b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793121", "to_ids": true, "type": "filename", "uuid": "b3525242-f794-4fb2-bf4f-48c6b3e2719d", "value": "6b7c4ce5419e7cde80856a85559203dca5219d05115cdd6c1598f2e789149c34.iso" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 21/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793121", "to_ids": false, "type": "text", "uuid": "58884b37-621e-47c9-94d0-098f1a8bcba4", "value": "Type Description: ISO image\nMicrosoft: None\nVT Total Detection:31/61\nFirst Submission:2023-05-17T06:47:44.000000+00:00\nLast Submission:2024-08-08T13:43:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833671", "uuid": "5b3520ef-a7d6-4143-8226-33a22cbb7129", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833671", "to_ids": true, "type": "md5", "uuid": "da11572b-5bc1-45ef-990a-eadc28be5bda", "value": "8ae76848a8f5f80bccf089c8aaec6d94", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793143", "to_ids": true, "type": "sha1", "uuid": "524ea087-c108-45bd-bdf1-cf77e1285b2f", "value": "3a47a3e498445041373d323192f55219b6842a6d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793143", "to_ids": true, "type": "sha256", "uuid": "a07036d7-3234-4238-9c1b-92b43c0db3d6", "value": "8dc3f6179120f03fd6cb2299dbc94425451d84d6852b801a313a39e9df5d9b1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793143", "to_ids": true, "type": "ssdeep", "uuid": "3e3f61ad-ba0b-4759-99cd-8e71b35a2ff9", "value": "384:YW4wIDLBUBx6IE9x7LUEr1mRP0jqqVEL/j/y/rSM60fnKE6Ifh61E8iBpjhD7gsW:/Iv+ewvWKOfs1EDlD7ny" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793143", "to_ids": false, "type": "size-in-bytes", "uuid": "5b87915f-135e-4824-9526-d6400337ad66", "value": "25600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793143", "to_ids": true, "type": "vhash", "uuid": "85c5ab46-be3e-4172-87dd-595b60c06311", "value": "124066651d1515151028z1cxz15z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793143", "to_ids": true, "type": "filename", "uuid": "76273b40-af57-41cc-922b-1c7e344ac1ad", "value": "wwlib.dll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 04/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793143", "to_ids": false, "type": "text", "uuid": "c77d019b-ee99-437c-9d3d-86d67c144a7c", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:45/72\nFirst Submission:2023-05-12T07:57:35.000000+00:00\nLast Submission:2024-08-08T14:00:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833692", "uuid": "ca2b041f-1278-4f08-bc3b-d63010a9e0c4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833692", "to_ids": true, "type": "md5", "uuid": "4e4b710e-c9ed-4360-a31b-75f8742bebcc", "value": "b1add667c8aaee23f02de4da3c921628", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793165", "to_ids": true, "type": "sha1", "uuid": "477d5816-3db0-4576-9753-33db443bf632", "value": "ab5fdffec59695d5a080f50937c4828e13d5a397", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793165", "to_ids": true, "type": "sha256", "uuid": "5232dfa3-b32f-44c5-b535-3379e652f0fb", "value": "78ec064bce850d0e0a022cdbb84a6200e62f92e8e575ebbd4a9b764dc1dce771", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793164", "to_ids": true, "type": "ssdeep", "uuid": "b9704610-1501-44ae-80cc-cd593cee96e9", "value": "12288:61mqdfL2MjgYpW6/CpSG9+bi/UdId/FJKuP1qi1ur5+LXmj/:6IqNbOCCKbUUkLqi1ur5R/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793164", "to_ids": false, "type": "size-in-bytes", "uuid": "9c9d3f0e-1f7b-4aab-bad4-31e02515f4af", "value": "573663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793164", "to_ids": true, "type": "vhash", "uuid": "9ab4709e-3d11-429c-ae94-12cc8f214a9c", "value": "b6fc7f7c771be109728e71917808e7f3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793164", "to_ids": true, "type": "filename", "uuid": "24ce440d-7ae3-4d8a-966b-585742cdb77a", "value": "~[INDONESIA] Counterdraft MoU on Rice Trade Indonesia-India 15052023.doc" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 10/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793164", "to_ids": false, "type": "text", "uuid": "e49fd88f-0145-4c56-9c6b-15e75763b2b0", "value": "Type Description: MS Word Document\nMicrosoft: None\nVT Total Detection:1/62\nFirst Submission:2023-05-17T06:47:53.000000+00:00\nLast Submission:2024-08-08T14:01:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833714", "uuid": "f54fa3cb-72fd-4c79-b48a-8998510b1e71", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833714", "to_ids": true, "type": "md5", "uuid": "4200bcd9-8456-4af6-8bdd-a9ae032c02d4", "value": "4d7c899aedb29ede92f4c2a324dc489a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793186", "to_ids": true, "type": "sha1", "uuid": "48357403-33dd-483b-a79f-079052015780", "value": "0eecd3679a3fa4f406504a15ffee12d98c4bf9fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793186", "to_ids": true, "type": "sha256", "uuid": "5635c5d0-44ed-4b30-acd8-f58551ca481f", "value": "54675c16c1fd97227cb41892431e1f9f8b0b153225b5576445d3ba24860dcfd9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793186", "to_ids": true, "type": "ssdeep", "uuid": "104aa4de-1e1b-4eb3-8ca9-b2baae574dcf", "value": "12288:AVFwsMKGuTPlnMl4RoO0rUVfZM0+7EQEMipovi/7/TvOZTY:oFlVVJn84P0rUx/bBp1W2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793186", "to_ids": false, "type": "size-in-bytes", "uuid": "aee992cd-cf50-431f-9843-86d40a8e9273", "value": "520927" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793186", "to_ids": true, "type": "filename", "uuid": "fa6e6729-2302-47a9-84f9-cd6a31769f39", "value": "wct4DA0.tmp" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 29/01/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793186", "to_ids": false, "type": "text", "uuid": "40bd3fd6-2c9b-41a6-82b0-8db29a493490", "value": "Type Description: Text\nMicrosoft: Trojan:Script/Malgent!MSR\nVT Total Detection:21/60\nFirst Submission:2023-05-17T13:42:39.000000+00:00\nLast Submission:2024-03-19T02:54:10.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833736", "uuid": "e4fbd070-e5e4-4c17-a5d7-8ec69f5383d4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833736", "to_ids": true, "type": "md5", "uuid": "84a9fa9a-3883-4943-a856-49d9ebcb2019", "value": "1e5faf36a70a6c3744aa9cf336e7c713", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793207", "to_ids": true, "type": "sha1", "uuid": "0dc1dd8a-e550-4c05-8b37-27627386b1f0", "value": "fc20ea715d2b50e7611b119e7d78bbc12133011c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793207", "to_ids": true, "type": "sha256", "uuid": "579d34fb-ed0f-4288-ba70-796f47db8107", "value": "115a66aba1068be11e549c4194dda5f338684ae37ffbfc9045c0bae488a5acf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793207", "to_ids": true, "type": "ssdeep", "uuid": "26cd515c-eb16-465d-be17-8721398d24e2", "value": "3072:4tGY9a0JhhgkJrNWkNPWJioC4SIZaAd5kjV+pYgmbgGmnxTs/EUsi:4tGY9TJPgk5cJi/4nXkjiggGmnxnUJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793207", "to_ids": false, "type": "size-in-bytes", "uuid": "300ec7ef-aa7d-439e-8165-bff3efc7e154", "value": "120715" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793207", "to_ids": true, "type": "vhash", "uuid": "573c1320-6728-4449-b47a-34ea575eae24", "value": "f9c77d83d69471a2a7fe4165742bbb8e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793207", "to_ids": true, "type": "filename", "uuid": "1e68de2e-f1ed-4701-ad16-7313858da0bf", "value": "ccc.gif" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793207", "to_ids": false, "type": "text", "uuid": "64e8cba5-d9e4-4a9f-bf23-72366ca4bdbc", "value": "Type Description: ZIP\nMicrosoft: None\nVT Total Detection:48/68\nFirst Submission:2023-03-03T04:23:52.000000+00:00\nLast Submission:2023-03-03T04:23:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833757", "uuid": "7a0bd62b-11d3-4af4-b136-23069fbf19ca", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833757", "to_ids": true, "type": "md5", "uuid": "3fa7105a-b59f-42a3-b5f5-18e7617b8f3b", "value": "187435ffa73536096bdb2ab57504f903", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793228", "to_ids": true, "type": "sha1", "uuid": "3d4b16ad-f9a6-418b-9c2c-f97d628e9c8d", "value": "42d40f8502b48262fb52a8f0e7e061904d9b553b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793229", "to_ids": true, "type": "sha256", "uuid": "d3082940-d2ca-40da-a609-f9413650da48", "value": "6d620e86fd37c9b92a0485b0472cb1b8e2b1662fbb298c4057f8d12ad42808b4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793228", "to_ids": true, "type": "ssdeep", "uuid": "0eaf0dee-d4a8-4c87-96dc-73fe45b38336", "value": "3072:exDKXmZxELNBUh4qsrWg5F60/XzbDKuPsHi0wNv9xp:exD5imvsrWO1/XzIHiZFDp" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793228", "to_ids": false, "type": "size-in-bytes", "uuid": "77cbdeb5-cd59-427b-a1ae-7f68fb371aab", "value": "135168" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793228", "to_ids": true, "type": "vhash", "uuid": "a55b4e56-e947-456a-a95a-58c7c8df832d", "value": "115076655d155515155038z4ehz1kz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793228", "to_ids": true, "type": "filename", "uuid": "d37f0172-4e13-4b7f-8ced-0ab337a5cbb9", "value": "AccHelper.xll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793228", "to_ids": false, "type": "text", "uuid": "e95e97ad-0166-4e51-9bd0-d4bd7a266de7", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:51/72\nFirst Submission:2023-02-07T19:14:10.000000+00:00\nLast Submission:2023-07-23T22:35:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746833779", "uuid": "5b01a9be-a7a3-483f-b9e5-4789eeea8c66", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746833779", "to_ids": true, "type": "md5", "uuid": "8a08f84c-1671-49fc-93ca-2f632bc7859b", "value": "a904e16443ea47c4e60de7435ac474a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746793250", "to_ids": true, "type": "sha1", "uuid": "90750dff-c492-4b5f-a9d2-8cd535697970", "value": "78cebcb6528e1eacdc51a094ca1fca73d219c4d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746793250", "to_ids": true, "type": "sha256", "uuid": "edabc5fc-6434-44e6-8daa-e29a821a05c4", "value": "d23784c30a56f402bb71d116ef8b5bcc8609061be0ecc6d1014686ff4227197f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746793249", "to_ids": true, "type": "ssdeep", "uuid": "78852c09-22bf-4a9c-9601-bd67c2c7f4fd", "value": "1536:4PyuroPJt5HXt0loRrerIixgbe40XCsU5Gwen/kSqsW+U1cdG63XinwS1sRD3vHU:9urIX0CRrB9e40SxokjEG63XiwS1sRD8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746793249", "to_ids": false, "type": "size-in-bytes", "uuid": "610badc8-d1a3-42d0-afa6-ef55cbb31f56", "value": "96256" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746793249", "to_ids": true, "type": "vhash", "uuid": "95b6b86a-3577-4a3a-94fd-ea1517ca02be", "value": "194056655d15156038z47hz1kz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746793249", "to_ids": true, "type": "filename", "uuid": "67980fd9-fc8c-4df3-8ceb-2bb0b151f568", "value": "ANALYS32.xll" }, { "category": "Other", "comment": "Checked: 09/05/2025\nLast-scan\t: 02/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746793249", "to_ids": false, "type": "text", "uuid": "e57a80c2-98f7-40bf-9fb4-4e9f6ddabbe8", "value": "Type Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:54/72\nFirst Submission:2023-02-07T19:14:22.000000+00:00\nLast Submission:2023-07-05T07:45:42.000000+00:00" } ] } ] } }