{ "Event": { "analysis": "1", "date": "2025-01-22", "extends_uuid": "", "info": "[Threat Intel] Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai", "protected": false, "publish_timestamp": "1780383623", "published": true, "threat_level_id": "3", "timestamp": "1780383623", "uuid": "751a8f48-fcb7-4f39-9ca1-6e78b550b15c", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#5f06d7", "local": false, "name": "misp-galaxy:producer=\"Qualys\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#f28fb8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"OS Credential Dumping - T1003\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#ff841f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1071\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#7adb57", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#59699c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"", "relationship_type": "" }, { "colour": "#f07d7c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Standard Port - T1571\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#356c41", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Encrypted Channel - T1573\"", "relationship_type": "" }, { "colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": "" }, { "colour": "#50bd28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Service Discovery - T1046\"", "relationship_type": "" }, { "colour": "#4c0fbb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Ingress Tool Transfer - T1105\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#d52b43", "local": false, "name": "misp-galaxy:target-information=\"Mexico\"", "relationship_type": "" }, { "colour": "#f9cdc4", "local": false, "name": "misp-galaxy:target-information=\"Indonesia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:botnet=\"Mirai\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3a00e0", "local": false, "name": "rectifyq:action-taken=\"x\"", "relationship_type": "" }, { "colour": "#3b00e2", "local": false, "name": "rectifyq:action-taken=\"linkedin\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "link", "uuid": "802da02d-1557-4b33-9a21-ca8169d26170", "value": "https://blog.qualys.com/vulnerabilities-threat-research/2025/01/21/mass-campaign-of-murdoc-botnet-mirai-a-new-variant-of-corona-mirai" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "text", "uuid": "0e1dec21-d20e-4824-b80c-17879efac733", "value": "The Qualys Threat Research Unit has uncovered a large-scale operation within the Mirai campaign, dubbed Murdoc Botnet. This variant exploits vulnerabilities in AVTECH Cameras and Huawei HG532 routers, demonstrating enhanced capabilities to compromise devices and establish expansive botnet networks. The campaign, which began in July 2024, uses ELF file and Shell Script execution to deploy the botnet sample. Over 1300 IPs were found active, with 100+ distinct sets of servers distributing the malware. The botnet targets vulnerable devices using existing exploits like CVE-2024-7029 and CVE-2017-17215. Affected countries include Malaysia, Thailand, Mexico, and Indonesia. The malware uses shell scripts to fetch, execute, and remove payloads on compromised devices." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "text", "uuid": "33c4426c-e3eb-4ac4-9eeb-2d034f1ffc95", "value": "Name: Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai\nAuthor: AlienVault\nAdversary: Murdoc Botnet\nTags: [\"iot\", \"murdoc botnet\", \"botnet\", \"mirai\"]\nTgtd countries: [\"Malaysia\", \"Thailand\", \"Mexico\", \"Indonesia\"]\nMlwr families: [\"Mirai\", \"Murdoc Botnet\"]\nAttack_ids: [\"T1003\", \"T1133\", \"T1082\", \"T1071\", \"T1190\", \"T1059\", \"T1210\", \"T1566\", \"T1078\", \"T1571\", \"T1027\", \"T1573\", \"T1498\", \"T1046\", \"T1105\"]\nIndustries: []" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "threat-actor", "uuid": "5815d839-062b-48a8-ad4f-f54c55fdaea0", "value": "Murdoc Botnet" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041100", "to_ids": true, "type": "ip-dst", "uuid": "825ba355-6472-4464-9a85-0a6ee6a3a1cd", "value": "113.98.105.213", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9ef9a4", "local": false, "name": "asn:asn=\"4134\"", "relationship_type": "" }, { "colour": "#2f9c31", "local": false, "name": "asn:as-owner=\"CHINANET-BACKBONE No.31,Jin-rong Street\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041102", "to_ids": true, "type": "ip-dst", "uuid": "767dd4d1-9204-4235-8202-2a0c929fc7fe", "value": "121.163.127.5", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e44b9d", "local": false, "name": "asn:asn=\"4766\"", "relationship_type": "" }, { "colour": "#dfa1b3", "local": false, "name": "asn:as-owner=\"KIXS-AS-KR Korea Telecom\"", "relationship_type": "" }, { "colour": "#0735ba", "local": false, "name": "asn:as-country=\"KR\"", "relationship_type": "" }, { "colour": "#061c19", "local": false, "name": "misp-galaxy:country=\"south korea\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041103", "to_ids": true, "type": "ip-dst", "uuid": "b55e3227-0aea-48b1-bf60-e079d65c9fb7", "value": "204.76.203.3", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e1e1fe", "local": false, "name": "asn:asn=\"51396\"", "relationship_type": "" }, { "colour": "#9debd0", "local": false, "name": "asn:as-owner=\"PFCLOUD\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041105", "to_ids": true, "type": "ip-dst", "uuid": "d7b848bc-04e0-4f7b-9e95-1637da1736e0", "value": "87.121.112.77", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#520d7e", "local": false, "name": "asn:asn=\"34224\"", "relationship_type": "" }, { "colour": "#1c933e", "local": false, "name": "asn:as-owner=\"NETERRA-AS\"", "relationship_type": "" }, { "colour": "#059db5", "local": false, "name": "asn:as-country=\"BG\"", "relationship_type": "" }, { "colour": "#390b5f", "local": false, "name": "misp-galaxy:country=\"bulgaria\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041106", "to_ids": true, "type": "ip-dst", "uuid": "50d4046c-f01a-4cdf-b47d-1fb126a8cdf7", "value": "124.223.106.247", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#781e6a", "local": false, "name": "asn:asn=\"45090\"", "relationship_type": "" }, { "colour": "#7f7f9d", "local": false, "name": "asn:as-owner=\"TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041111", "to_ids": true, "type": "ip-dst", "uuid": "ac057461-f657-4b59-ac99-1c62d03daaff", "value": "182.234.183.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#915456", "local": false, "name": "asn:asn=\"9416\"", "relationship_type": "" }, { "colour": "#c1af44", "local": false, "name": "asn:as-owner=\"MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc.\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041112", "to_ids": true, "type": "ip-dst", "uuid": "38c0a551-f1aa-4124-93de-066d705ca37e", "value": "185.216.70.121", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041114", "to_ids": true, "type": "ip-dst", "uuid": "093357c5-f25d-4250-ae81-0ede768d1083", "value": "185.97.255.159", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#700d8d", "local": false, "name": "asn:asn=\"49542\"", "relationship_type": "" }, { "colour": "#86860e", "local": false, "name": "asn:as-owner=\"AS-ARTPLANET\"", "relationship_type": "" }, { "colour": "#fdd220", "local": false, "name": "asn:as-country=\"RU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041116", "to_ids": true, "type": "ip-dst", "uuid": "677b7d1d-d815-4306-9414-c8d7bbb64dc1", "value": "45.141.157.124", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e0901a", "local": false, "name": "asn:asn=\"209696\"", "relationship_type": "" }, { "colour": "#9d48f0", "local": false, "name": "asn:as-owner=\"NILSAT\"", "relationship_type": "" }, { "colour": "#059db5", "local": false, "name": "asn:as-country=\"BG\"", "relationship_type": "" }, { "colour": "#390b5f", "local": false, "name": "misp-galaxy:country=\"bulgaria\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041117", "to_ids": true, "type": "ip-dst", "uuid": "35c3abad-0ba7-4054-8be1-7c42b98c7791", "value": "45.202.35.86", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c8ffe0", "local": false, "name": "asn:asn=\"6079\"", "relationship_type": "" }, { "colour": "#0f6f06", "local": false, "name": "asn:as-owner=\"RCN-AS\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041119", "to_ids": true, "type": "ip-dst", "uuid": "7f84dd02-b3b4-4900-8542-28c118104dcf", "value": "59.127.196.190", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#65b804", "local": false, "name": "asn:asn=\"3462\"", "relationship_type": "" }, { "colour": "#d9a2f4", "local": false, "name": "asn:as-owner=\"HINET Data Communication Business Group\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041120", "to_ids": true, "type": "ip-dst", "uuid": "bd096359-116c-4a8c-b072-6a162c67e0f8", "value": "77.61.147.141", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#02b393", "local": false, "name": "asn:asn=\"1136\"", "relationship_type": "" }, { "colour": "#c5a629", "local": false, "name": "asn:as-owner=\"KPN KPN National\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041122", "to_ids": true, "type": "ip-dst", "uuid": "35a5112e-f8b2-4456-b715-18c1d8b6c290", "value": "78.134.4.112", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#60a45a", "local": false, "name": "asn:asn=\"35612\"", "relationship_type": "" }, { "colour": "#3e1cbb", "local": false, "name": "asn:as-owner=\"NGI-AS\"", "relationship_type": "" }, { "colour": "#c4c131", "local": false, "name": "asn:as-country=\"IT\"", "relationship_type": "" }, { "colour": "#224d6a", "local": false, "name": "misp-galaxy:country=\"italy\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737640500", "to_ids": true, "type": "ip-dst", "uuid": "aefa1baa-fb52-4d71-807a-272dd4f4b327", "value": "85.209.43.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383552", "to_ids": true, "type": "ip-dst", "uuid": "9a28729f-fc5b-417a-a9b1-1a8d353194b5", "value": "89.190.156.211", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#92bb7f", "local": false, "name": "asn:asn=\"49870\"", "relationship_type": "" }, { "colour": "#7aff88", "local": false, "name": "asn:as-owner=\"AS49870-BV\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383554", "to_ids": true, "type": "ip-dst", "uuid": "501aa361-5850-4bbc-8835-93f7934988dd", "value": "91.92.243.49", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#ce048f", "local": false, "name": "asn:asn=\"209800\"", "relationship_type": "" }, { "colour": "#434f78", "local": false, "name": "asn:as-owner=\"METASPINNER-ASN\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "vulnerability", "uuid": "ae9bdc45-5c08-4495-b9c0-80d7eaf87755", "value": "CVE-2017-17215" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737562114", "to_ids": false, "type": "vulnerability", "uuid": "4d321100-8128-46f6-9c60-9a395a36dce8", "value": "CVE-2024-7029" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383555", "to_ids": true, "type": "ip-dst", "uuid": "b0207ef3-3a8d-4021-a34a-449675850e85", "value": "103.124.107.17", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#81ef33", "local": false, "name": "asn:asn=\"142036\"", "relationship_type": "" }, { "colour": "#7287a6", "local": false, "name": "asn:as-owner=\"HOSTEONS-AS-AP Hosteons Pte. Ltd.\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383557", "to_ids": true, "type": "ip-dst", "uuid": "c378a741-3767-4d4e-8997-fc1fcae87aa8", "value": "103.138.46.11", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#2a9745", "local": false, "name": "asn:asn=\"136119\"", "relationship_type": "" }, { "colour": "#c3c1d1", "local": false, "name": "asn:as-owner=\"BALIFIBERNET-AS-ID PT Bali Towerindo Sentra, Tbk\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383558", "to_ids": true, "type": "ip-dst", "uuid": "9b5a2731-1603-492f-89f3-e14c7eb16e00", "value": "103.30.43.120", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#89180a", "local": false, "name": "asn:asn=\"55933\"", "relationship_type": "" }, { "colour": "#8d5bf4", "local": false, "name": "asn:as-owner=\"CLOUDIE-AS-AP Cloudie Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383559", "to_ids": true, "type": "ip-dst", "uuid": "d3f570b3-fcfd-4c8b-af2f-6993fd7c409a", "value": "106.0.51.178", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0367d9", "local": false, "name": "asn:asn=\"9422\"", "relationship_type": "" }, { "colour": "#c5b9c1", "local": false, "name": "asn:as-owner=\"SOLNET-ID PT SOLNET INDONESIA\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383561", "to_ids": true, "type": "ip-dst", "uuid": "bfbbad11-c32b-4ddf-b2d8-f2f4dfff46d7", "value": "114.33.8.73", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#65b804", "local": false, "name": "asn:asn=\"3462\"", "relationship_type": "" }, { "colour": "#d9a2f4", "local": false, "name": "asn:as-owner=\"HINET Data Communication Business Group\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383562", "to_ids": true, "type": "ip-dst", "uuid": "af9f8ea3-bcd8-42ca-8bb6-a31c56705e52", "value": "117.54.226.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#b4a561", "local": false, "name": "asn:asn=\"9340\"", "relationship_type": "" }, { "colour": "#5258ad", "local": false, "name": "asn:as-owner=\"INDONET-AS-AP INDO Internet, PT\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383563", "to_ids": true, "type": "ip-dst", "uuid": "ffcd071f-bd93-4301-bc54-f267b87bd991", "value": "122.117.142.237", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#65b804", "local": false, "name": "asn:asn=\"3462\"", "relationship_type": "" }, { "colour": "#d9a2f4", "local": false, "name": "asn:as-owner=\"HINET Data Communication Business Group\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383565", "to_ids": true, "type": "ip-dst", "uuid": "fb3c554b-3796-41b2-94fd-3b24a6772a83", "value": "124.33.173.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#382b39", "local": false, "name": "asn:asn=\"17506\"", "relationship_type": "" }, { "colour": "#eaa63b", "local": false, "name": "asn:as-owner=\"UCOM ARTERIA Networks Corporation\"", "relationship_type": "" }, { "colour": "#bab83b", "local": false, "name": "asn:as-country=\"JP\"", "relationship_type": "" }, { "colour": "#e8b447", "local": false, "name": "misp-galaxy:country=\"japan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383566", "to_ids": true, "type": "ip-dst", "uuid": "b277c564-27b2-44c0-aa56-7d7a3ee8b210", "value": "142.179.80.122", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0403b0", "local": false, "name": "asn:asn=\"852\"", "relationship_type": "" }, { "colour": "#1e2931", "local": false, "name": "asn:as-owner=\"TELUS Communications\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383567", "to_ids": true, "type": "ip-dst", "uuid": "5756427f-57d0-463d-aa78-de463c928dcf", "value": "154.216.17.126", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0065cb", "local": false, "name": "asn:asn=\"11404\"", "relationship_type": "" }, { "colour": "#8749eb", "local": false, "name": "asn:as-owner=\"AS-WAVE-1\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383568", "to_ids": true, "type": "ip-dst", "uuid": "1df1d5eb-fb1e-4bae-ac9b-ad6591b05224", "value": "154.216.17.169", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0065cb", "local": false, "name": "asn:asn=\"11404\"", "relationship_type": "" }, { "colour": "#8749eb", "local": false, "name": "asn:as-owner=\"AS-WAVE-1\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383570", "to_ids": true, "type": "ip-dst", "uuid": "51ebdf29-1ccf-493e-9499-3e8bb8865005", "value": "154.216.18.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0065cb", "local": false, "name": "asn:asn=\"11404\"", "relationship_type": "" }, { "colour": "#8749eb", "local": false, "name": "asn:as-owner=\"AS-WAVE-1\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383571", "to_ids": true, "type": "ip-dst", "uuid": "c41a7e13-9ce9-4ba6-8611-6902db165c09", "value": "154.216.19.108", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0065cb", "local": false, "name": "asn:asn=\"11404\"", "relationship_type": "" }, { "colour": "#8749eb", "local": false, "name": "asn:as-owner=\"AS-WAVE-1\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383572", "to_ids": true, "type": "ip-dst", "uuid": "018e0456-d71e-4b8c-80af-d78a2f24373d", "value": "154.216.19.225", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#0065cb", "local": false, "name": "asn:asn=\"11404\"", "relationship_type": "" }, { "colour": "#8749eb", "local": false, "name": "asn:as-owner=\"AS-WAVE-1\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737640862", "to_ids": true, "type": "ip-dst", "uuid": "c7010190-dc1a-44ed-839d-66ffc84feadc", "value": "156.96.155.238", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383574", "to_ids": true, "type": "ip-dst", "uuid": "f566d231-5eee-4912-997a-5ac7d8024456", "value": "175.106.11.242", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#57083d", "local": false, "name": "asn:asn=\"46023\"", "relationship_type": "" }, { "colour": "#de55aa", "local": false, "name": "asn:as-owner=\"QUANTUMNET-AS-ID PT Quantum Tera Network\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383576", "to_ids": true, "type": "ip-dst", "uuid": "0b58d6b0-2761-4f44-99f9-96e9e7cfc392", "value": "181.197.159.183", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c29110", "local": false, "name": "asn:asn=\"18809\"", "relationship_type": "" }, { "colour": "#40e3f8", "local": false, "name": "asn:as-owner=\"Cable Onda\"", "relationship_type": "" }, { "colour": "#5a7dcf", "local": false, "name": "asn:as-country=\"PA\"", "relationship_type": "" }, { "colour": "#f31b7b", "local": false, "name": "misp-galaxy:country=\"panama\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383577", "to_ids": true, "type": "ip-dst", "uuid": "ee8a7022-cc53-47c9-8092-d72ae9275262", "value": "182.155.250.21", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#1c793a", "local": false, "name": "asn:asn=\"17809\"", "relationship_type": "" }, { "colour": "#a378c4", "local": false, "name": "asn:as-owner=\"VEETIME-TW-AP VEE TIME CORP.\"", "relationship_type": "" }, { "colour": "#9053fd", "local": false, "name": "asn:as-country=\"TW\"", "relationship_type": "" }, { "colour": "#1237d4", "local": false, "name": "misp-galaxy:country=\"taiwan\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383578", "to_ids": true, "type": "ip-dst", "uuid": "a4192725-b7da-4205-b9a2-55bbd5396b3f", "value": "185.132.125.229", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#64bed2", "local": false, "name": "asn:asn=\"9009\"", "relationship_type": "" }, { "colour": "#41c276", "local": false, "name": "asn:as-owner=\"M247\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383579", "to_ids": true, "type": "ip-dst", "uuid": "2e34029e-45fd-4ff3-ae09-327fdc376c10", "value": "190.123.46.21", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#55358a", "local": false, "name": "asn:asn=\"52284\"", "relationship_type": "" }, { "colour": "#802127", "local": false, "name": "asn:as-owner=\"Panamaserver.com\"", "relationship_type": "" }, { "colour": "#5a7dcf", "local": false, "name": "asn:as-country=\"PA\"", "relationship_type": "" }, { "colour": "#f31b7b", "local": false, "name": "misp-galaxy:country=\"panama\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737640993", "to_ids": true, "type": "ip-dst", "uuid": "fbc47aed-838f-487e-8519-4b4bbc058d55", "value": "194.55.186.222", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383581", "to_ids": true, "type": "ip-dst", "uuid": "ab130950-e26e-496c-b2b3-60fb38d93df9", "value": "202.162.33.243", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#ec4e48", "local": false, "name": "asn:asn=\"17996\"", "relationship_type": "" }, { "colour": "#614465", "local": false, "name": "asn:as-owner=\"UIINET-ID-AP PT Global Prima Utama\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383583", "to_ids": true, "type": "ip-dst", "uuid": "3828077a-5db5-4f56-9615-d5200a55927a", "value": "203.131.215.35", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#49dafb", "local": false, "name": "asn:asn=\"37992\"", "relationship_type": "" }, { "colour": "#9b46ba", "local": false, "name": "asn:as-owner=\"THAMMASAT-BORDER-AS Thammasat University in thailand\"", "relationship_type": "" }, { "colour": "#588581", "local": false, "name": "asn:as-country=\"TH\"", "relationship_type": "" }, { "colour": "#fa21fa", "local": false, "name": "misp-galaxy:country=\"thailand\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383584", "to_ids": true, "type": "ip-dst", "uuid": "e63ad78c-6bf5-41bb-8e50-7d866c09dbe5", "value": "204.93.164.31", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#4745f2", "local": false, "name": "asn:asn=\"16509\"", "relationship_type": "" }, { "colour": "#5424ef", "local": false, "name": "asn:as-owner=\"AMAZON-02\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383585", "to_ids": true, "type": "ip-dst", "uuid": "db83a911-df20-4472-8653-ed51ebca51be", "value": "204.93.201.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6a00d7", "local": false, "name": "asn:asn=\"23352\"", "relationship_type": "" }, { "colour": "#033e81", "local": false, "name": "asn:as-owner=\"SERVERCENTRAL\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383587", "to_ids": true, "type": "ip-dst", "uuid": "74ea73d7-cd7a-4ff6-80f1-a8ebd6dc72bd", "value": "211.143.198.163", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#abc9b1", "local": false, "name": "asn:asn=\"9808\"", "relationship_type": "" }, { "colour": "#3b1ce5", "local": false, "name": "asn:as-owner=\"CHINAMOBILE-CN China Mobile Communications Group Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383588", "to_ids": true, "type": "ip-dst", "uuid": "357f3754-b003-4580-a68a-7ad1202ac5e1", "value": "211.143.198.208", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#abc9b1", "local": false, "name": "asn:asn=\"9808\"", "relationship_type": "" }, { "colour": "#3b1ce5", "local": false, "name": "asn:as-owner=\"CHINAMOBILE-CN China Mobile Communications Group Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383589", "to_ids": true, "type": "ip-dst", "uuid": "2d21b1b0-10a5-47d2-bab8-b2ba21a7be2d", "value": "223.153.192.84", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9ef9a4", "local": false, "name": "asn:asn=\"4134\"", "relationship_type": "" }, { "colour": "#2f9c31", "local": false, "name": "asn:as-owner=\"CHINANET-BACKBONE No.31,Jin-rong Street\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383591", "to_ids": true, "type": "ip-dst", "uuid": "f80c969f-53b4-459a-a81a-d848084225b2", "value": "31.162.170.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e540ab", "local": false, "name": "asn:asn=\"12389\"", "relationship_type": "" }, { "colour": "#f74a40", "local": false, "name": "asn:as-owner=\"ROSTELECOM-AS PJSC Rostelecom. Technical Team\"", "relationship_type": "" }, { "colour": "#fdd220", "local": false, "name": "asn:as-country=\"RU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383592", "to_ids": true, "type": "ip-dst", "uuid": "deaf8a71-c976-4c10-b9bc-9c0cfdfa284f", "value": "36.95.130.197", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#57f6e9", "local": false, "name": "asn:asn=\"7713\"", "relationship_type": "" }, { "colour": "#f66e0d", "local": false, "name": "asn:as-owner=\"TELKOMNET-AS-AP PT Telekomunikasi Indonesia\"", "relationship_type": "" }, { "colour": "#ba14e3", "local": false, "name": "asn:as-country=\"ID\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"indonesia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383594", "to_ids": true, "type": "ip-dst", "uuid": "f1a0f015-0d50-44b7-b89b-57d65e7ef9b6", "value": "38.6.224.24", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fda25d", "local": false, "name": "asn:asn=\"398478\"", "relationship_type": "" }, { "colour": "#10b9c7", "local": false, "name": "asn:as-owner=\"PEG-HK\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383595", "to_ids": true, "type": "ip-dst", "uuid": "859d2bd8-8ab4-4fa4-a7b1-347855bffef5", "value": "38.6.224.248", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fda25d", "local": false, "name": "asn:asn=\"398478\"", "relationship_type": "" }, { "colour": "#10b9c7", "local": false, "name": "asn:as-owner=\"PEG-HK\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383596", "to_ids": true, "type": "ip-dst", "uuid": "64952e3b-4db9-4168-bba7-6dd2f6ff9940", "value": "45.125.66.129", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#70bd37", "local": false, "name": "asn:asn=\"133398\"", "relationship_type": "" }, { "colour": "#91ffab", "local": false, "name": "asn:as-owner=\"TELE-AS Tele Asia Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383598", "to_ids": true, "type": "ip-dst", "uuid": "ccd2dbcb-dbad-4143-b138-862e18c2e528", "value": "45.141.157.105", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e0901a", "local": false, "name": "asn:asn=\"209696\"", "relationship_type": "" }, { "colour": "#9d48f0", "local": false, "name": "asn:as-owner=\"NILSAT\"", "relationship_type": "" }, { "colour": "#059db5", "local": false, "name": "asn:as-country=\"BG\"", "relationship_type": "" }, { "colour": "#390b5f", "local": false, "name": "misp-galaxy:country=\"bulgaria\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383599", "to_ids": true, "type": "ip-dst", "uuid": "a3d72de1-682e-4c47-839e-e07d8034b946", "value": "45.148.121.58", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c5bafe", "local": false, "name": "asn:asn=\"62068\"", "relationship_type": "" }, { "colour": "#62a61b", "local": false, "name": "asn:as-owner=\"SPECTRAIP SpectraIP B.V.\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737641319", "to_ids": true, "type": "ip-dst", "uuid": "eb5b5b17-49cc-4a81-b2e4-0fbbd82d92c7", "value": "45.152.112.110", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383603", "to_ids": true, "type": "ip-dst", "uuid": "32c61aad-a2c1-40a1-8862-0f030f1ecda4", "value": "45.201.209.37", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a3e39c", "local": false, "name": "asn:asn=\"131178\"", "relationship_type": "" }, { "colour": "#0b5389", "local": false, "name": "asn:as-owner=\"EZECOM-AS-AP EZECOM CO., LTD.\"", "relationship_type": "" }, { "colour": "#ab4b29", "local": false, "name": "asn:as-country=\"KH\"", "relationship_type": "" }, { "colour": "#f958db", "local": false, "name": "misp-galaxy:country=\"cambodia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383604", "to_ids": true, "type": "ip-dst", "uuid": "b2f0e529-82ee-4a0b-9ddf-e965cdc35fec", "value": "45.202.35.35", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c8ffe0", "local": false, "name": "asn:asn=\"6079\"", "relationship_type": "" }, { "colour": "#0f6f06", "local": false, "name": "asn:as-owner=\"RCN-AS\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383606", "to_ids": true, "type": "ip-dst", "uuid": "ef9343ca-9b71-4c3d-bbeb-e53d3eeadadc", "value": "45.87.41.8", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c5bafe", "local": false, "name": "asn:asn=\"62068\"", "relationship_type": "" }, { "colour": "#62a61b", "local": false, "name": "asn:as-owner=\"SPECTRAIP SpectraIP B.V.\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383608", "to_ids": true, "type": "ip-dst", "uuid": "112dd2de-11e9-45ea-a2c7-690d19135614", "value": "46.32.47.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e0a0d9", "local": false, "name": "asn:asn=\"39642\"", "relationship_type": "" }, { "colour": "#472842", "local": false, "name": "asn:as-owner=\"NORLYS-FIBERNET\"", "relationship_type": "" }, { "colour": "#e803a2", "local": false, "name": "asn:as-country=\"DK\"", "relationship_type": "" }, { "colour": "#22a395", "local": false, "name": "misp-galaxy:country=\"denmark\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383609", "to_ids": true, "type": "ip-dst", "uuid": "f6c4f5f0-2efe-4433-8369-2abe31a9a612", "value": "47.90.43.134", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#836891", "local": false, "name": "asn:asn=\"45102\"", "relationship_type": "" }, { "colour": "#692b04", "local": false, "name": "asn:as-owner=\"ALIBABA-CN-NET Alibaba US Technology Co., Ltd.\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383611", "to_ids": true, "type": "ip-dst", "uuid": "b5d64a28-e002-4151-9dea-3a35039aa007", "value": "58.152.186.135", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6d639b", "local": false, "name": "asn:asn=\"4760\"", "relationship_type": "" }, { "colour": "#d749fe", "local": false, "name": "asn:as-owner=\"HKTIMS-AP HKT Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383612", "to_ids": true, "type": "ip-dst", "uuid": "48010495-29e7-4a3f-b95d-7cbddc5e015a", "value": "62.72.185.39", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#15dbfe", "local": false, "name": "asn:asn=\"212238\"", "relationship_type": "" }, { "colour": "#1f1556", "local": false, "name": "asn:as-owner=\"CDNEXT\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383614", "to_ids": true, "type": "ip-dst", "uuid": "3d88b337-0de7-4db2-8fa1-35e0045512f6", "value": "78.97.33.45", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#482f6e", "local": false, "name": "asn:asn=\"12302\"", "relationship_type": "" }, { "colour": "#ec6788", "local": false, "name": "asn:as-owner=\"VODAFONE_RO Charles de Gaulle nr.15\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737641543", "to_ids": true, "type": "ip-dst", "uuid": "22a90288-723f-4ec3-8bcb-f791c2e451e6", "value": "85.209.43.252", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383616", "to_ids": true, "type": "ip-dst", "uuid": "c8779ee0-87e3-47ee-a815-bccda6aaff89", "value": "92.109.2.218", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6ba8af", "local": false, "name": "asn:asn=\"33915\"", "relationship_type": "" }, { "colour": "#5d79c9", "local": false, "name": "asn:as-owner=\"TNF-AS\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383617", "to_ids": true, "type": "ip-dst", "uuid": "5fffe8a5-6bd1-4b8e-8eba-1b0833b6f7e4", "value": "92.119.159.25", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#405277", "local": false, "name": "asn:asn=\"44812\"", "relationship_type": "" }, { "colour": "#afa7fc", "local": false, "name": "asn:as-owner=\"IPSERVER-RU-NET Fiord\"", "relationship_type": "" }, { "colour": "#fdd220", "local": false, "name": "asn:as-country=\"RU\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383619", "to_ids": true, "type": "ip-dst", "uuid": "c4262d66-e9e8-48a0-9fb4-9654d6863513", "value": "92.38.135.46", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383620", "to_ids": true, "type": "ip-dst", "uuid": "3d7fed71-8b2b-4d92-a6d5-81df59fdd94d", "value": "92.66.72.172", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#02b393", "local": false, "name": "asn:asn=\"1136\"", "relationship_type": "" }, { "colour": "#c5a629", "local": false, "name": "asn:as-owner=\"KPN KPN National\"", "relationship_type": "" }, { "colour": "#3ae32e", "local": false, "name": "asn:as-country=\"NL\"", "relationship_type": "" }, { "colour": "#768323", "local": false, "name": "misp-galaxy:country=\"netherlands\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383622", "to_ids": true, "type": "ip-dst", "uuid": "ea184970-18d8-4e71-88db-f078d01cc1f5", "value": "144.202.68.196", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780383623", "to_ids": true, "type": "ip-dst", "uuid": "35c6ddf4-3cd2-4378-a33f-113b37a7afca", "value": "103.114.160.250", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#81ef33", "local": false, "name": "asn:asn=\"142036\"", "relationship_type": "" }, { "colour": "#7287a6", "local": false, "name": "asn:as-owner=\"HOSTEONS-AS-AP Hosteons Pte. Ltd.\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Attribution", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737636076", "to_ids": false, "type": "campaign-name", "uuid": "d71ce910-5ada-422b-9f56-0c71a9681920", "value": "Murdoc Botnet", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1737636105", "to_ids": false, "type": "link", "uuid": "8062af69-c0b1-4910-8f2f-6d2a453d22dd", "value": "https://en.fofa.info/result?qbase64=Ym9keT0ibXVyZG9jX2JvdG5ldCIgJiYgY291bnRyeT0iTVki" }, { "category": "Attribution", "comment": "Each compromised server has common \"murdoc_botnet\" string", "deleted": false, "disable_correlation": false, "timestamp": "1737636209", "to_ids": false, "type": "other", "uuid": "5c1aea21-431a-4c01-8649-3b651c965bbe", "value": "murdoc_botnet" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641692", "uuid": "7fd90e0f-8c22-4061-89bc-9ec4b2e9dc6f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641692", "to_ids": true, "type": "md5", "uuid": "bbacce9c-6797-4dae-84e5-57edb8ceae41", "value": "001ba5bcd535088c420d5a7cc8a2e70e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638433", "to_ids": true, "type": "sha1", "uuid": "abbf1e19-372e-4b81-ab88-f48b98dd0ae2", "value": "6e9f999fab67883617bb36082be135b211da5a19", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638433", "to_ids": true, "type": "sha256", "uuid": "d71309ed-eebd-41e8-9b44-79f2996f71a9", "value": "978167c28a9c8f6f111ad18e1682d904989e8d72020e30144e1c0c8bb7fd3952", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637553", "to_ids": true, "type": "ssdeep", "uuid": "80180969-e4dd-4eae-9c58-24d63278e5ca", "value": "1536:aFNufGsPqBAsdA0qfZ2Ceui22IYnri86ls1dENO:q4fBCzA0qfsCeui22TrZdEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637553", "to_ids": false, "type": "size-in-bytes", "uuid": "31b9b89d-0d5b-4644-8d4e-dbc9298202df", "value": "54656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637553", "to_ids": true, "type": "vhash", "uuid": "99046aef-996b-488c-a53a-b3b6cbdd2335", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637553", "to_ids": true, "type": "filename", "uuid": "a3d06f38-9de5-4474-aba1-e1fc78fc9e5c", "value": "copy" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637553", "to_ids": false, "type": "text", "uuid": "70f25ff2-3753-45d4-b586-6e5b38cac7d4", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.EP!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:42/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641713", "uuid": "7374b231-5475-4405-96a6-d0434f9d7262", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641713", "to_ids": true, "type": "md5", "uuid": "63633589-7e4a-44ac-860c-f1b9c9c75c41", "value": "0142d1ae25f6c186173fd7be20ab0d35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638435", "to_ids": true, "type": "sha1", "uuid": "cc626943-6918-4d2a-a5be-6626856a85a6", "value": "69e26a445f8eea1ab8b8363d3ff946e9d62eb84f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638435", "to_ids": true, "type": "sha256", "uuid": "c7d17cfb-67c6-473d-bd54-94bdd40dfd3e", "value": "c9fe390890a8b0586e8d5ac410685a7c4ed147858b10eb75459fa1afca8dc84d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637574", "to_ids": true, "type": "ssdeep", "uuid": "532b7c30-30ae-4ac1-b11d-c6cde3a0e4f6", "value": "3072:askFQ+ur3aYFkapN7Dk20RMk4tzgbRrWam/FZ:FmQZN3ouFtLFZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637574", "to_ids": false, "type": "size-in-bytes", "uuid": "cb431f95-7dd0-44ec-98d5-69a38c22bc0e", "value": "155656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637574", "to_ids": true, "type": "vhash", "uuid": "882b0ba3-b209-4fd2-b8c6-d533ed137427", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637574", "to_ids": true, "type": "filename", "uuid": "2ff4ea56-11c0-430b-aefb-6dfadedd7198", "value": "skid.x86" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637574", "to_ids": false, "type": "text", "uuid": "a7b78508-df43-4ead-b841-77a93a47b04d", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.GF!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:40/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "fa3d6a96-8dbf-4829-b158-3cc4c110a8da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "a08a667f-f6fd-45a4-91a9-73db56c46807", "value": "23ee5a8b998de681eb94885abdb35dd6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "199c619e-0969-48fe-88fd-85fae7f06076", "value": "b666bad55d0f0b1feff26e4fdef60db6ef67ed12", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "8919ce39-a779-4c40-8918-4e1dd4a337ed", "value": "c0ae1eb249705f61d45ca747c91c02a411557a28792f4064c1d647abb580bc10", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637596", "to_ids": true, "type": "ssdeep", "uuid": "0538a29b-5a3c-4ce0-a010-2f42b6ff489c", "value": "1536:WinNLc8aos4+7bPEjpO7CxW2XJMeAvNebSIYLwyV8Q0HOn:dNSoscjpO7DMAFnbMDQ0Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637596", "to_ids": false, "type": "size-in-bytes", "uuid": "abb83b40-5596-4739-9d3a-4fbf1ecee78b", "value": "81866" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637596", "to_ids": true, "type": "vhash", "uuid": "cb86a71c-4c13-4ea0-9ae1-eb3279123298", "value": "2d95a3eef3f8823032af4e268c480662" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637596", "to_ids": true, "type": "filename", "uuid": "1f75d963-24d6-4fe5-acce-39b9d9c0263d", "value": "x86." }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637596", "to_ids": false, "type": "text", "uuid": "dda4429b-da3f-4fff-90ef-5bc4285668a3", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.DC!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:42/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "7a40f491-d912-4acf-8fbf-d294df41f17c", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "e6b9087b-3afd-48ab-9948-8961a8381c33", "value": "321367874c11451a5ac8f89551cdf5a7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "09f392f3-3a04-4346-a383-8c575d9b125b", "value": "2cc7b1c76e4468a16eec8480a5fdd106f6019b99", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "e645fcba-c343-49c2-abc6-a1aa4ee3b69d", "value": "34881ca6cff31098ed669fc379ca8b9d319aab5f14e0fb7d0b107a20ff1130e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637617", "to_ids": true, "type": "ssdeep", "uuid": "5e646817-576a-4c4b-901f-4f7addf8f665", "value": "6144:UTAFN2zWwY7xa/2mSimB0cBJzNr6nBwaM/RMd2Px:yK6Y7xa/2mSimLn1Ewj/Od2J" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637617", "to_ids": false, "type": "size-in-bytes", "uuid": "29809a1c-60ed-4a87-a7f3-413a2554a750", "value": "206808" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637617", "to_ids": true, "type": "vhash", "uuid": "368fc578-f841-4f42-adc2-320c8619d777", "value": "e15ff15d3f0147556b4ea5f371f6303a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637617", "to_ids": true, "type": "filename", "uuid": "ca2c2a26-f30d-4b27-a9c8-3552391efe64", "value": "34881ca6cff31098ed669fc379ca8b9d319aab5f14e0fb7d0b107a20ff1130e9.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637617", "to_ids": false, "type": "text", "uuid": "45d37d52-d9b7-4490-92c6-30d2ec91267a", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:38/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "43be3317-0b57-4704-a285-caa1efd22273", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "a9fd29ed-c58e-4862-9ea4-d24bc874892d", "value": "344202a75c93c712af47bf0c865b38f4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "af5148dd-2f4f-4419-bba4-5139789da105", "value": "175026bcd9a6a8904ebd4cd29d16a315e984fa60", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "fd77114a-53a0-45e6-aa55-4a2db5cd9c6a", "value": "6b8ef346df6c002aaba3bcf91bed0ce8078a76e4600bcf86c08a6eef80d4c77a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637639", "to_ids": true, "type": "ssdeep", "uuid": "3387b329-4d31-479f-af35-1bbd0ed965b8", "value": "3072:Nbtfg7S5bj+fIM7fENFhk2cRY4QUsQM/xmFd8ch:NbpYS0YEeNUmzK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637639", "to_ids": false, "type": "size-in-bytes", "uuid": "f5ec272f-b8e0-4dc6-b67d-d8f107aa0c65", "value": "159752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637639", "to_ids": true, "type": "vhash", "uuid": "74fd89cf-9c9f-4a48-8e07-48fdd28e23e1", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637639", "to_ids": true, "type": "filename", "uuid": "4dc7fc82-6cb1-42d1-a7a2-81c913ec31f6", "value": "6b8ef346df6c002aaba3bcf91bed0ce8078a76e4600bcf86c08a6eef80d4c77a.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637639", "to_ids": false, "type": "text", "uuid": "547f2bd9-ad7d-4341-b3b9-2f4356c898c8", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:40/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "65a8212e-a6ad-47fe-9523-b233e9d75503", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "c623a6ab-6ac7-41f2-bdb2-83d4947c1cba", "value": "37e97a09ba3e7255c3ce289dc4c951d3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "1f6b72d4-2b00-42fd-908f-e0cd3c13136e", "value": "302397b7b6d019eea8725a32b2fbec85e6afdc38", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "56c99dbb-a05b-4f00-b77b-7b9d08258cbf", "value": "0db611e84182be1d6726c272214ae7977fc19b325ba0fc96f458a37365d7c4f2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637661", "to_ids": true, "type": "ssdeep", "uuid": "0d946a06-1caf-44b8-95b6-f1ae9cbda683", "value": "1536:3FB/TZHamCjiskoVowP7nKVfVAcmZADjf0TTsdS2p0AmO2ol75Hy2zlBl9CwywE0:DTEme1ifVsA303WS2Ce1ysf0w" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637661", "to_ids": false, "type": "size-in-bytes", "uuid": "52639e3c-56b6-4888-88cf-41a6da135f3f", "value": "154272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637661", "to_ids": true, "type": "vhash", "uuid": "2138a888-2bee-4945-911f-509b1667153f", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637661", "to_ids": true, "type": "filename", "uuid": "59ef5119-7902-4417-90bb-aa12ec71e8f7", "value": "skid.arm5" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637661", "to_ids": false, "type": "text", "uuid": "94340f92-ce2d-44f4-ac2a-53368d664523", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:40/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "41544759-23f3-4736-ad33-5866de759311", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "f6aa50df-e5d3-4390-96c7-a41aeefe9320", "value": "54bc7ded42ad84c533b2559df52fe9ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "36bae1f4-9038-4f35-b408-ebbbbee0f7fa", "value": "66a0abf93b84c549bf1d1b89381f399abec697ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "638772cf-2094-4309-a5bc-e572b9deaaa8", "value": "e127153563c1e9352067e94b28687828514734d583ca6bd89ad6e9b01be46170", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637682", "to_ids": true, "type": "ssdeep", "uuid": "e3fe488a-b491-4485-a5f2-a0dd03e0952a", "value": "1536:+Gd1Knvu+q3X/CJE0m4ycVyEjUNiwLSAoutQADbU7TmJAWXmbOPOEKG6lI80Qe8y:Jgno3vcy7LSPA87imWXioWILQL2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637682", "to_ids": false, "type": "size-in-bytes", "uuid": "a77e98d8-db14-4b53-b47b-233b85cc6add", "value": "150400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637682", "to_ids": true, "type": "vhash", "uuid": "25d1c3a7-fd52-48d7-bc8e-15536f97f675", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637682", "to_ids": true, "type": "filename", "uuid": "299f35b8-8e71-48e8-9a4a-5925f0a02bb7", "value": "e127153563c1e9352067e94b28687828514734d583ca6bd89ad6e9b01be46170.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637682", "to_ids": false, "type": "text", "uuid": "67385eea-3cc8-4720-93c2-a3269889a1f2", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:40/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981763", "uuid": "440f68f7-9fb0-436b-9c53-132c6933d722", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "f9a6a098-2c35-4e60-a186-1ce6f8b80ac8", "value": "6966fbbdf73a15dc33e3cf857be7dd61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981763", "to_ids": true, "type": "sha1", "uuid": "b46acbb4-3766-411e-bf71-77b27cc22b1c", "value": "f4a4b39a2e162d97074d1b0b50914ecd5538b5f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981763", "to_ids": true, "type": "sha256", "uuid": "8a2e1bc9-9cb5-4fca-b52c-0e0c4b5f53b0", "value": "8f680ed38fa9229b7b3b53bf730526be633ff635c35df8537ef98ffb3e58e170", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637704", "to_ids": true, "type": "ssdeep", "uuid": "170cabee-922e-4bf4-8ebf-7a2d56c52495", "value": "3072:OBj+CxpQTHfigjI+tN5XB09SneKhZoLsiWOi83tz:uaVTH1eKYR3F" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637704", "to_ids": false, "type": "size-in-bytes", "uuid": "dca732e9-ea49-474a-9a69-bc01b4b29b76", "value": "159752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637704", "to_ids": true, "type": "vhash", "uuid": "2838863b-1a2e-4beb-9e2b-24f8648bd0e0", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637704", "to_ids": true, "type": "filename", "uuid": "03fbe69a-174f-4282-8197-f3e4c6a265cd", "value": ".Sx86" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637704", "to_ids": false, "type": "text", "uuid": "94562725-5bac-48a9-ac5f-fbdba364252d", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:41/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "e7be176c-31e0-461f-99a2-72ff7c50be39", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981763", "to_ids": true, "type": "md5", "uuid": "508a5025-5ac9-4ccd-9e46-8ca4423f500d", "value": "769aea7ea26bfc99dd337dbb26191705", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "db0ab0b6-24b0-4623-a584-07ed7ac1aa0d", "value": "d1b79037f929f318c1669ce39a5c484a9be4161b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "cc769cbf-ea1c-4ce7-a9de-4ff11cb5ac0b", "value": "b63c93206417321b6e35e1accb8f667810c3e8a93978070d24f8382cc3d488dd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637725", "to_ids": true, "type": "ssdeep", "uuid": "a5bd0664-23d3-4dcb-a9e6-1edef336de94", "value": "1536:A13J//isx1XUQfDugVylImza1FxuYB2A1zFCAD41STPIpKu4ROxOWpcSPCZI/puV:K5/K21ZfD2O/B2dAWSzQKuCs5q6/Wf1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637725", "to_ids": false, "type": "size-in-bytes", "uuid": "9ff78780-1b72-49fa-86d7-be210ea0e571", "value": "154240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637725", "to_ids": true, "type": "vhash", "uuid": "3fa3ed3f-eb45-4436-ae59-f62f78b8e459", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637725", "to_ids": true, "type": "filename", "uuid": "080ca77c-9057-480f-8585-1f21bb17a01f", "value": "b63c93206417321b6e35e1accb8f667810c3e8a93978070d24f8382cc3d488dd.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637725", "to_ids": false, "type": "text", "uuid": "f1c5271d-3616-4af4-9038-26d6791f4282", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:42/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "5a2bc300-8c71-4031-add0-a96f344d0f40", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "df0a4ca8-c2bd-4858-bb85-25da7778ccba", "value": "7d44dcddfb7b57c777ffa55aae9c2427", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "01c2662d-00f5-48ef-9ad1-d5bb51d375b6", "value": "c860f361ff4531332809ac7db2062e01a64be672", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "84b120e4-7b97-49a6-a041-6815c66c25c5", "value": "5234086aff9cd88b6b25fa068a860e91f5faf8d457df60cb207b329c69c27c0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637746", "to_ids": true, "type": "ssdeep", "uuid": "1a0f71b5-1121-492a-be83-10c5fcc63629", "value": "3072:Nbtfq7S5bj+fIM7fENFhk2cRY4QUsQM/xmFd8ch:Nbp2S0YEeNUmzK" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637746", "to_ids": false, "type": "size-in-bytes", "uuid": "7fbfa42e-2d13-4d1c-bc42-2bb1277580f9", "value": "159752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637746", "to_ids": true, "type": "vhash", "uuid": "507ebe9e-94b4-4d64-a598-12afe50be296", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637746", "to_ids": true, "type": "filename", "uuid": "26ad1bbd-12ba-4141-9281-5055b86fbbbc", "value": "5234086aff9cd88b6b25fa068a860e91f5faf8d457df60cb207b329c69c27c0d.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637746", "to_ids": false, "type": "text", "uuid": "b87e2fdd-65e6-49ee-bd29-c67d69d1b920", "value": "Type Description: ELF\nSymantec: Trojan.Gen.NPE\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:41/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641906", "uuid": "19594f81-2e22-4170-88df-de8e803098b0", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641906", "to_ids": true, "type": "md5", "uuid": "360bdcf4-5eaa-4a2e-a69f-95b3a2be73eb", "value": "802ea21155b88f73bf835d044c6999c3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638449", "to_ids": true, "type": "sha1", "uuid": "3cdbf292-fbde-49fe-8aaa-15fa5f8a6a59", "value": "3bf07fd009668719dd6454b705c699d77d589199", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638449", "to_ids": true, "type": "sha256", "uuid": "9cdf7d0d-4364-45b6-bc36-0714e2895b6b", "value": "22ff790406cee6d81e191ef7e344e10bc722821506e5f7979e224747a21d8a87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637768", "to_ids": true, "type": "ssdeep", "uuid": "0d81d4b5-9744-4bf1-abc1-fdbfc5dacbfb", "value": "1536:QP8qlgMVnlPFtzmT2kOwXeEdwg5a2jlwK4m+AFDo+2NYPg:kzlbVlN+2kOwXe8wg5a2jImWjNYPg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637768", "to_ids": false, "type": "size-in-bytes", "uuid": "06ae2a34-35e0-4c21-b6d7-67755b75664e", "value": "50560" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637768", "to_ids": true, "type": "vhash", "uuid": "d41cf6bd-66cf-4463-b952-5d0573871b11", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637768", "to_ids": true, "type": "filename", "uuid": "3eaed023-1cc0-461a-8849-b487a6452838", "value": "skid.x86" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637768", "to_ids": false, "type": "text", "uuid": "b7041556-fead-43d6-913c-63bd2dab5b4f", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.EP!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:43/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641927", "uuid": "244e4a47-14e7-4055-89aa-c81e6b0633ce", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641927", "to_ids": true, "type": "md5", "uuid": "88a9183e-1935-4b62-9054-25f25dea1eb6", "value": "8bed0b9a5fcf46fdc9d31a669a3f99be", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638451", "to_ids": true, "type": "sha1", "uuid": "b4e47490-4685-4a16-b546-7680f56ad4a2", "value": "a54334cb3187689457b04ed98d799b15288d029e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638451", "to_ids": true, "type": "sha256", "uuid": "d6324221-9b64-4aac-bc36-78012b1eb6ce", "value": "ffa702f8681a58b52e70e445fc4daa8c2e909d6b20ab3eee635959f66672fd27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637789", "to_ids": true, "type": "ssdeep", "uuid": "641a9699-e89e-4c25-8b55-385cf7882d63", "value": "3072:Ftu3lNkH9qtQRzdMYut118BUFD998wCqk40DzD6lHHHHHHHHHHHHHHHkHMHHHHHI:Hu3luHwRJLCo" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637789", "to_ids": false, "type": "size-in-bytes", "uuid": "afcdd400-6a02-4021-ae77-f51ade27610e", "value": "168040" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637789", "to_ids": true, "type": "vhash", "uuid": "2e54bcd8-8927-451b-9778-64f392d883ea", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637789", "to_ids": true, "type": "filename", "uuid": "a9546881-a4db-4d2d-ba76-92220a1de98c", "value": "selfrep.x86" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637789", "to_ids": false, "type": "text", "uuid": "fa06cd59-a046-4b8e-9c33-07d69549ee19", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:42/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641948", "uuid": "a61f4aa7-3335-48cb-9de8-81bab16f7cdb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641948", "to_ids": true, "type": "md5", "uuid": "b0846bd4-8b5d-4232-95e5-545d3b5abf2b", "value": "e1ec05d07d1a1527ecc04b4cf910be67", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638452", "to_ids": true, "type": "sha1", "uuid": "f1219124-5e6c-4aff-bef8-cdb889746a45", "value": "bd35985f20d2f9f0380b4a6603b08433d784cf41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638452", "to_ids": true, "type": "sha256", "uuid": "8953318e-220e-42dd-83a9-3cca57e12bcf", "value": "dc90a8edca7c5185dcca104cee44930f750e48b53d6ee712b3fcd8a6e6305225", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637811", "to_ids": true, "type": "ssdeep", "uuid": "c11a889b-a304-45f9-8738-39b4acb90e19", "value": "1536:C4FvsVOoujT6waMKrGbZ5YNmQYlD27TKRz3C0lx+rJCRX:NvuOoauvGN5YEQYlD2am0lUJCRX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637811", "to_ids": false, "type": "size-in-bytes", "uuid": "eaee1dd9-dc21-4397-bb16-147b7ad8314b", "value": "63424" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637811", "to_ids": true, "type": "vhash", "uuid": "9c526ddd-c5fe-47a1-b3d0-f65744548715", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637811", "to_ids": true, "type": "filename", "uuid": "0e4bdec7-5ef2-4996-8305-79664fc5bb29", "value": "e1ec05d07d1a1527ecc04b4cf910be67.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637811", "to_ids": false, "type": "text", "uuid": "23a4c44a-c3a9-4e74-84dd-b739e5c08ffb", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.BH!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:41/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "553eda6b-720b-4c3a-b4f1-55c4dd6729d8", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "c1ae8b82-d9d7-4c74-881a-d47d5c11c06b", "value": "fa25a367264bf80241953c025c172fde", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "1e61061a-4bf8-4fe0-9213-7832b5645eae", "value": "70fc203e3980f87aa451fbc83a846d9a6e642af3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "d56462d9-db1e-420e-9c09-73a02bcf66bb", "value": "6552b87ddc2e6442e163c99e780f2549de5b78b56b8b91d8743ce61c55b1b558", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637833", "to_ids": true, "type": "ssdeep", "uuid": "3f8c2d44-15fa-40b4-aebd-2b126495e218", "value": "1536:aFNufGsPqBAsdA0qfZ2Ceui22ww/ri86ls1dENO:q4fBCzA0qfsCeui22LrZdEN" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637833", "to_ids": false, "type": "size-in-bytes", "uuid": "dbe261e0-8a5e-4933-ac86-3d1e9123ae44", "value": "54656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637833", "to_ids": true, "type": "vhash", "uuid": "08327c7c-9372-4d6a-9654-134e0356dd35", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637833", "to_ids": true, "type": "filename", "uuid": "514952de-fccf-46d5-aaec-a157be3e122b", "value": "6552b87ddc2e6442e163c99e780f2549de5b78b56b8b91d8743ce61c55b1b558.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637833", "to_ids": false, "type": "text", "uuid": "ee49d7bb-fda2-4787-ab07-bc197068b4be", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.EP!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:41/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737641991", "uuid": "81c94736-a987-477f-9874-3f26da33ca89", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737641991", "to_ids": true, "type": "md5", "uuid": "e3a71414-5e84-4828-89d8-80cbf97de080", "value": "fc453786c874149e665953b442ae9594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638455", "to_ids": true, "type": "sha1", "uuid": "275671f3-8825-4709-9d13-e781a9e6a50f", "value": "cdc1df4ffb4065a67a671605f1ce39657560b61c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638456", "to_ids": true, "type": "sha256", "uuid": "07c92d03-b3f0-4025-b5d0-26acffb823d8", "value": "2c365aded5c3f7422c72261c678b42edb2311ac9b2c0b9af444e5b3c2d734bd0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637854", "to_ids": true, "type": "ssdeep", "uuid": "d94c3044-82ab-4e2d-bc5d-4dbaf458a2f9", "value": "3072:kskFQ+ur3aYFkapN7Dk20RMk4tzgbRrWam/FZ:3mQZN3ouFtLFZ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637854", "to_ids": false, "type": "size-in-bytes", "uuid": "dc5df038-4abe-4668-bfde-5cdd7d6b142d", "value": "155656" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637854", "to_ids": true, "type": "vhash", "uuid": "f479cd7b-4630-4918-b3f2-20dc8f0b523c", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637854", "to_ids": true, "type": "filename", "uuid": "b1b4e76a-36d9-465c-8b3f-42d017eac1a8", "value": "fc453786c874149e665953b442ae9594.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637854", "to_ids": false, "type": "text", "uuid": "69630941-c4b9-406e-ad1b-c7a2765c435b", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.GF!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:41/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642012", "uuid": "53e62bdb-4523-47ae-bb95-87c52541efef", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642012", "to_ids": true, "type": "md5", "uuid": "00f7ba7f-8e49-4e32-81ed-c0ffafdb0ebe", "value": "ef012ac99eec265ae35280145217eafb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638457", "to_ids": true, "type": "sha1", "uuid": "a068d71d-4042-4685-a3bd-4ccfabdeacae", "value": "c3268bc30e006db7915b7a2dae4ccf184a9b17f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638457", "to_ids": true, "type": "sha256", "uuid": "ea2c60c8-41e6-4d00-80c8-48e943f17901", "value": "10a08485432392fed90f3f3aaa7903566c57df5b27ed329a7d26a5b549d277e9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637875", "to_ids": true, "type": "ssdeep", "uuid": "6aff242c-3b22-4533-ab27-ec5ab92dd536", "value": "3072:YUQXrDxLuRIU84p/TiErwy+ZjWnHDzr1v/i5HmaY:YnXrdLCuZKndPaY" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637875", "to_ids": false, "type": "size-in-bytes", "uuid": "0da3a23c-f720-484c-867a-fc8a93e80ae6", "value": "163944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637875", "to_ids": true, "type": "vhash", "uuid": "f788f7b7-ddf5-4984-9649-ec8b6f2cfaf6", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637875", "to_ids": true, "type": "filename", "uuid": "dfddbfa8-268f-449f-a57c-f6d5b9992455", "value": "279120446" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637875", "to_ids": false, "type": "text", "uuid": "84dcbd91-33ff-468a-a1b6-a6379fc29d9d", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.GF!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:38/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642034", "uuid": "0b675fbf-59b0-4f45-8795-d6938c1ac454", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642034", "to_ids": true, "type": "md5", "uuid": "fd235385-0a62-42e5-9a00-74ff122d41b0", "value": "5c5d217cf6943707f3afb39966e35efe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638458", "to_ids": true, "type": "sha1", "uuid": "96b59794-7da5-4b13-8526-80d8b716f652", "value": "a96a9826309f29308888435dab826cfea57f2280", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638458", "to_ids": true, "type": "sha256", "uuid": "490de093-7113-4904-b025-eedc65a8cfa8", "value": "54fea8da696ddf115893858af924296d9229846cbd8afceca990a381b3363eb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637897", "to_ids": true, "type": "ssdeep", "uuid": "72283518-e821-40c2-914d-1ba4bcf059b5", "value": "1536:PRwJZbJOfunL7552bguDkrrB6A98h3ADsmYTC5PBcmCOGONB6itM3WGrlQxwywrG:ZGbkfW/tnB69AJYu1Bcf6WGK/9o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637897", "to_ids": false, "type": "size-in-bytes", "uuid": "ad93722c-1241-4913-b875-9a15d7927bdf", "value": "150182" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637897", "to_ids": true, "type": "vhash", "uuid": "048a799f-e07c-4ca5-bb90-cd73e84d3055", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637897", "to_ids": false, "type": "text", "uuid": "a3358754-95ce-4499-905f-e935f10f8b7f", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:37/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "ed6f5403-64cb-490a-8039-31a2eb6d2e10", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "9218f29c-703c-4f19-a5c6-78ef6f3b2c3a", "value": "a9d06491667aa1b1779a05d2d155f53b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "0d42a4a6-d523-44c5-8d4b-a4b693f8ea5b", "value": "824bb4c7edeec97f08ac9dc6dff149311dc51883", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "1cddd872-42d3-4902-b6ef-78fa67cc7d7c", "value": "5577a035d1a5023edc5a404694ff4ed45a6b250bfce00f87a42b087e419970d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637918", "to_ids": true, "type": "ssdeep", "uuid": "175bbaae-c082-474a-b924-70c54c3933cf", "value": "1536:oWnDEV4q2JUcH/flaaQlXSQBST6eUNl1Gi2UFSB8oRtCkAPeMGzw/9uy6OOl3z:pZH0aQlXSQBO0zFSCoHCLmNM/9uBj" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637918", "to_ids": false, "type": "size-in-bytes", "uuid": "ec44d3ee-0fc9-45c0-ab79-26476d526da1", "value": "124514" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637918", "to_ids": true, "type": "vhash", "uuid": "06afa4f1-fb9d-421e-b476-9877a5c819a0", "value": "bd8d9776bb178fc2254919a1a05e7e2e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637919", "to_ids": true, "type": "filename", "uuid": "465e78ec-88fd-4d42-9b68-971743fb4989", "value": "22751531225052130" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637919", "to_ids": false, "type": "text", "uuid": "1995af4f-0437-4cb4-b92f-da05c0672a3a", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:43/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "c6f8d101-f5eb-444f-b036-f4732a2d12a2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "7e51f322-433e-4df8-808f-ff71e8aa0763", "value": "f8cb13149c23bbd473d188a22895da3b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "448928c5-80f6-4cf6-ac75-86a5e96b8f3b", "value": "172706c7f4a20962907a75cc3c37d60afa867861", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "b55c8c42-1994-48c6-b44e-3475ba4cca1d", "value": "5d6a900988bc42ad3e2b08253f01fa8090d0abc112d06410dd5d4e9f7aa02c42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637941", "to_ids": true, "type": "ssdeep", "uuid": "189a3e68-5fad-4c48-b995-ed220398d43f", "value": "768:undMdDuxM9h+gTGFUgAcEQlbElkirAtTt/ixbQjFc6eDYJpqvLqtJGw:aMYxf+QUOLkk6AtQNQjFcHkq8Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637941", "to_ids": false, "type": "size-in-bytes", "uuid": "c40a50e0-f5f4-4161-8197-63f58025822d", "value": "50272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637941", "to_ids": true, "type": "vhash", "uuid": "6b4c19ed-077d-43eb-89cc-658efacea6dc", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637941", "to_ids": true, "type": "filename", "uuid": "f5367643-8c6b-46fc-9028-fa8bf7ef4975", "value": "5d6a900988bc42ad3e2b08253f01fa8090d0abc112d06410dd5d4e9f7aa02c42.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637941", "to_ids": false, "type": "text", "uuid": "e9a842a9-ceb2-4c13-b154-f7d5cd612509", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:43/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642098", "uuid": "ab945427-e10d-4bbe-8ac7-8cdc62b75942", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642098", "to_ids": true, "type": "md5", "uuid": "f68ecb81-6235-4844-ae4d-36940aa1f0cf", "value": "76abe173655108323199f1f3df7cdc6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638463", "to_ids": true, "type": "sha1", "uuid": "32ca98d1-750b-4896-bb7d-c5b003166350", "value": "f3628ead2ff40c4befdeecfbfe232a849f13cf8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638463", "to_ids": true, "type": "sha256", "uuid": "28307c3b-4f22-4345-b185-e30395ebeed0", "value": "60dc6802d55f1130f47ee631c245328250951e5d300942177fedae1845ab7912", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637962", "to_ids": true, "type": "ssdeep", "uuid": "b07abc94-02e1-4297-93f6-174b993c5a90", "value": "1536:GCAuDE/fT9C7nygkeHPpYNgjLuLkA4EtQADT0tTgdIY3TxOxOSV3EBkIR5+olN2f:bDWxOHhaLkdAUtMaY3dyAkW58T" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637962", "to_ids": false, "type": "size-in-bytes", "uuid": "27b88a39-8c5b-4876-839f-c86106a9bb0b", "value": "150432" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637962", "to_ids": true, "type": "vhash", "uuid": "ce990527-75cc-4978-9fc8-7c8d487963f9", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637962", "to_ids": true, "type": "filename", "uuid": "3ef0486a-9855-46d1-9f37-8bafeac75c20", "value": "76abe173655108323199f1f3df7cdc6e.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637962", "to_ids": false, "type": "text", "uuid": "b20e4d7b-9bc3-4daf-be33-86e75d242fac", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:38/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "aaf0bb9e-099b-4f82-8f06-aef8e09cf096", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "66c7791b-d5b6-4bd0-be95-3b9ed0d03406", "value": "6d459d0c0617fd1d907a1703f7d05774", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "a6f5b177-ef48-472f-a67c-99631178f823", "value": "6b97659caa3df9e8514c224adea5dfc8cc73c12a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "98a17938-9ae0-43b8-81c0-8e4254297f82", "value": "60fad3d03171353efea70a0e9a0c511d34c3bbd8f9f57bfa6e8d989cd858ba14", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737637984", "to_ids": true, "type": "ssdeep", "uuid": "9a40d7f2-b0cc-4c7c-93b2-29b6c51b0374", "value": "1536:nBUUj/bOvFXiif9Z/m/rdvhItwppB5AlZKGwADbPPTxyAJzVfOkOlz9yIDNBNl9l:Btj2Fnf9W7LB5Y6AfPNDJzVADJKFg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737637984", "to_ids": false, "type": "size-in-bytes", "uuid": "06bbbe96-fb22-4b54-95e3-5933995a14e1", "value": "154240" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737637984", "to_ids": true, "type": "vhash", "uuid": "11fecbdf-b401-45a4-b6af-c65f3173e784", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737637984", "to_ids": true, "type": "filename", "uuid": "72c8f185-254a-4a21-909e-96db5ffe8b00", "value": ".Sarm" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737637984", "to_ids": false, "type": "text", "uuid": "a4c67d4b-f640-4a60-9162-56e04f89e1ba", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:39/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642141", "uuid": "d7c6610a-31cc-4a64-aae2-3dd20a946c05", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642141", "to_ids": true, "type": "md5", "uuid": "d0f3745a-3e2e-495e-b526-fe6a383173a1", "value": "93843460d37f84a4aa7c42843e4d83c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638466", "to_ids": true, "type": "sha1", "uuid": "0342c1a8-3954-4b26-9a00-d92df810c99e", "value": "8c94fc6384e03f9c55a001845373fd67f4d27bbd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638467", "to_ids": true, "type": "sha256", "uuid": "8818e104-4dd9-44d0-8368-30626f4221ff", "value": "61c6767e74615917e29fc2d2342119ec81fa6794752966d4d7c9ef02545a4701", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638005", "to_ids": true, "type": "ssdeep", "uuid": "70960fb0-b433-465a-b3d1-8d5fd02828ae", "value": "6144:tUO/zly92apLcWiiiYyByZlanXBoM/RKmRjg:Fy92apLcWiiqAL+B9/UIs" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638005", "to_ids": false, "type": "size-in-bytes", "uuid": "1f63103c-4323-4dff-8c35-cc6d9224ca61", "value": "202585" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638005", "to_ids": true, "type": "vhash", "uuid": "5e453681-658b-4742-8098-3bafe469c4b5", "value": "e15ff15d3f0147556b4ea5f371f6303a" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638005", "to_ids": false, "type": "text", "uuid": "4e83b9b4-40dc-4938-9b7a-b29710b1bc1d", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AX!xp\nSentinelOne: None\nVT Total Detection:35/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642162", "uuid": "50c365d2-45c3-48c2-ab66-c3368459e4cf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642162", "to_ids": true, "type": "md5", "uuid": "cde99c14-d962-422a-a89c-1938ea1e6ec0", "value": "70125d1a06f33fbd92d73df8c3e5e495", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638468", "to_ids": true, "type": "sha1", "uuid": "5537a45e-86ce-4bfb-ba3a-783446845473", "value": "9afd6507697281e994be829f230bb6454ba603a3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638468", "to_ids": true, "type": "sha256", "uuid": "f772387b-226a-44d9-86f6-5918cf7f5798", "value": "6230cf081bf077de1ad2a42fc0b0f04aeb213855373ebaa26ebff797a5d4096f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638027", "to_ids": true, "type": "ssdeep", "uuid": "f0e0ffcd-3a2a-4fe0-a9a9-52624136be0b", "value": "768:8ZmZaaqqBagKiHscc8EQsda3qz9zU/PdxasqJg9oojDBeQiCmaiasJEw/m:GiaYfKi3Deuqz9zeSssETB7t90//" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638027", "to_ids": false, "type": "size-in-bytes", "uuid": "c1d96916-b5c5-4c15-a7eb-876bd66cc806", "value": "52172" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638027", "to_ids": true, "type": "vhash", "uuid": "cb8d2e79-5a80-4f47-8a22-de46f0e81383", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638027", "to_ids": true, "type": "filename", "uuid": "cd304d0b-c7f5-4dad-a223-2998bea22e78", "value": "70125d1a06f33fbd92d73df8c3e5e495.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638027", "to_ids": false, "type": "text", "uuid": "d73f0776-e27c-433c-898a-e690ba579260", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:41/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "4f20049e-2d66-488b-9066-9cdc38fb229e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "2463a8dd-db34-45b7-8171-7a87c77f9f3f", "value": "0e1e28fda71c433d734539538e5f5d1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "f951e18a-19b1-433d-b2b6-f685b3cdd5d7", "value": "ab5b638d375e579ad6cfc576cea4f279f9ccfe43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "01403734-448f-47db-91e2-c9fc6e988d22", "value": "69405c640e224c981555509bd088ef759c584228f989e46d89e83483f9c2e4b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638048", "to_ids": true, "type": "ssdeep", "uuid": "e4e6f0ee-be60-466c-b382-4cbac484b767", "value": "768:4xRgng/HsGfacI/4UWeBEQyAE4jty9+HuyqvzuYO1orZZ1IzJ6w:uggUlcIpLcUjtycOyozuV+dE1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638048", "to_ids": false, "type": "size-in-bytes", "uuid": "9e32e110-b965-414a-b266-964fbf9e259b", "value": "50272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638048", "to_ids": true, "type": "vhash", "uuid": "4b97ed37-e6aa-4f24-b11e-1e6547d20451", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638048", "to_ids": true, "type": "filename", "uuid": "056d71ba-7922-47d7-a88f-50048368afbc", "value": "69405c640e224c981555509bd088ef759c584228f989e46d89e83483f9c2e4b7.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638048", "to_ids": false, "type": "text", "uuid": "82524c95-4dfa-4c3e-9d53-99e72749ad16", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:43/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642204", "uuid": "cddc1fac-cf35-4177-9f4a-8c2286607f61", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642204", "to_ids": true, "type": "md5", "uuid": "1244220d-6632-44df-ab7e-bcfeec806e0e", "value": "b5a042a7f1031583a2e2561aa9bb42f5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638471", "to_ids": true, "type": "sha1", "uuid": "c02318b3-514d-4779-908c-9a7f5ea0c98a", "value": "87ad51d55b097d859f3186fb961abe6331595968", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638471", "to_ids": true, "type": "sha256", "uuid": "a752166f-5ba3-43bb-8b28-b6a95678a3f2", "value": "76ebd9695aef87cc975d63b3a7a9ecc7d31bcd53a29e70ba97464a61e102cf52", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638070", "to_ids": true, "type": "ssdeep", "uuid": "e2e935a0-0aca-4242-8b24-157bfcb11be2", "value": "1536:bQt3fELBrfrgY6UJ9XSmbTeplGAJLrRADM1kVTsXRLMxhAIOFBJXbJOQ5+lOhYwq:0xfUrfrvzClGoAqkV4hLMfor0QV4I0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638070", "to_ids": false, "type": "size-in-bytes", "uuid": "7f932ecd-101e-4f21-838f-d0876e484215", "value": "158368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638070", "to_ids": true, "type": "vhash", "uuid": "47ef0f65-2123-4f47-bf4e-2675f25cb6bb", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638070", "to_ids": true, "type": "filename", "uuid": "4e78e1fa-d5f9-411f-9a51-be24f93809b1", "value": "280010217" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638070", "to_ids": false, "type": "text", "uuid": "77eefec8-e9ed-48c8-9e70-0a7aa259de64", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:37/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642226", "uuid": "e84b5441-f58c-4251-9b11-07772d62905d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642226", "to_ids": true, "type": "md5", "uuid": "a7e8c1bf-8614-4866-ac1c-4936f4069068", "value": "940f6c62564d6e8c510f592ae6f7c5b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638472", "to_ids": true, "type": "sha1", "uuid": "5173fb56-22c1-46f1-a6b4-768bea155ca0", "value": "2722b13660de3231cfec5ea073ca800b364979ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638472", "to_ids": true, "type": "sha256", "uuid": "ad9c406b-65be-4a37-94c0-2f77a4db1bae", "value": "7b1c7eb73f5d668c11af8f7131883863774902883ad95aa520a1eb203cf50fe1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638091", "to_ids": true, "type": "ssdeep", "uuid": "527abe05-b823-4851-bfd9-dbf7e8bee2d6", "value": "6144:8idCIzPwj0a4GTCvzLuGyaiDVYD+EkM/R7k/:80wj0a4GTCvzSvFVJEZ/hS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638091", "to_ids": false, "type": "size-in-bytes", "uuid": "88b8fc3d-bb44-439e-83de-572c457eab3f", "value": "209981" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638091", "to_ids": true, "type": "vhash", "uuid": "6ce538a5-4ff5-4b02-99e9-b863c39d32b1", "value": "e15ff15d3f0147556b4ea5f371f6303a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638091", "to_ids": true, "type": "filename", "uuid": "78ccf5c1-59cb-45aa-a410-1b5edde139af", "value": "280137990" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638091", "to_ids": false, "type": "text", "uuid": "3b7e0d03-5ca0-4c21-b9ab-e12fb5c6eada", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AX!xp\nSentinelOne: None\nVT Total Detection:37/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "3dda8972-9072-4a8c-b4fd-ecee0a543c95", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "d84d3668-511e-4963-bf2d-27d497d63fb3", "value": "26422bebe81def0c3bae25946427f78d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "81adc194-46f5-471d-aa52-4931bf962c53", "value": "597b2861528dfb7c03aea93cf61aee1dbdf11f73", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "2a6fd942-3a83-4b2f-be95-db2681b3b37e", "value": "99a0ab2a04a9cae3666a4baf52d35b4c623f1f41b5eb1519156ebe02d2afeceb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638112", "to_ids": true, "type": "ssdeep", "uuid": "f6d031bd-c545-4a75-b831-fefce55bf439", "value": "1536:DysFjPb/BCu9MAq6GxA8chLoefgAM84ADoFLT9PKYnmHA5OSlAKOio03tlJ2Cwy3:PjD/Bji7QbfgHAWLhSYnWf9ihhlEI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638112", "to_ids": false, "type": "size-in-bytes", "uuid": "150d7ebb-098c-4e53-8004-f94e869170cc", "value": "154272" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638112", "to_ids": true, "type": "vhash", "uuid": "c73dca73-69c1-4f91-aedf-4425c3bc4c16", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638112", "to_ids": true, "type": "filename", "uuid": "c3658a1f-37df-425c-8c0e-fa46fabda337", "value": "99a0ab2a04a9cae3666a4baf52d35b4c623f1f41b5eb1519156ebe02d2afeceb.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638112", "to_ids": false, "type": "text", "uuid": "64ca3bef-df1b-480c-aa83-793a04e8b8b7", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:39/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642268", "uuid": "6d04446a-49fa-41b0-af42-ab42e0e99475", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642268", "to_ids": true, "type": "md5", "uuid": "7ff2c349-bc6b-4b58-a593-27be3e59039b", "value": "2c5a74ff1dadea587b0f61b8217ffa33", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638475", "to_ids": true, "type": "sha1", "uuid": "e271e4d2-ed86-47c8-a4e7-7ae95832bda0", "value": "da5a26f957672abb04048a87015e5f92a218c6c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638476", "to_ids": true, "type": "sha256", "uuid": "0bd60be1-2fcf-4abb-9d0b-490cd5a35ca2", "value": "a49ef0e44fd98c411c6db940018183e9ec06af7f6f3a4c1ae0b92d745e697066", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638134", "to_ids": true, "type": "ssdeep", "uuid": "2d76867d-c5c7-4ec6-ae32-8b160a04858a", "value": "1536:C3BLVWVHCVPJUpbC19Bw0spuLhAI0ztUADcyBTZhnhZhFOxOy990BkI+p+a/ldOj:OL0hQ7sELhUeAVB91hZ/MQkRp8aG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638134", "to_ids": false, "type": "size-in-bytes", "uuid": "c61e4e12-01f5-498d-9bb2-2b0e58a21e51", "value": "146406" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638134", "to_ids": true, "type": "vhash", "uuid": "3fec9c64-174f-450b-a690-30a290f5074f", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638134", "to_ids": false, "type": "text", "uuid": "301b44d7-d359-4c8e-a3d5-2e3d5e2a4d0d", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:37/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642290", "uuid": "8f82ea25-6d48-4f7a-beef-8af768bd9276", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642290", "to_ids": true, "type": "md5", "uuid": "fd1d0b5a-d61e-47c2-9517-40dca05d8bff", "value": "0637b9df9d6938f48d959e1697d4ef81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638477", "to_ids": true, "type": "sha1", "uuid": "e3c0b728-6967-48be-8485-e176139b24f4", "value": "88d3c0748ba89c40418ca6c95c64178f0962a82f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638477", "to_ids": true, "type": "sha256", "uuid": "588af779-67fe-4b54-aff0-ec99ea4dc05d", "value": "b8b5efbeaffa06e67f7801476b062926cd3e26ff7d16968d6c4fe6aa8f6856eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638155", "to_ids": true, "type": "ssdeep", "uuid": "a8df739d-d509-4c5d-b21f-74fcd6cb6ced", "value": "3072:3QIraiqCSgz2uxhPHLgVQiK3ERM/9KsVrqC:37raiqCSgz5xJYQiK3CM/9KguC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638155", "to_ids": false, "type": "size-in-bytes", "uuid": "b4d4d017-9245-4aeb-8a14-28e623f3cdc0", "value": "147663" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638155", "to_ids": true, "type": "vhash", "uuid": "5637345e-4a0e-4073-925b-097bbc713e78", "value": "49dac02d726044404081495462afac0e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638155", "to_ids": true, "type": "filename", "uuid": "f78cd5cd-c477-4139-8298-dbf38bdf2e88", "value": "0637b9df9d6938f48d959e1697d4ef81.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638155", "to_ids": false, "type": "text", "uuid": "3433783c-88f8-40d8-b515-a71867098b34", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:41/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642311", "uuid": "b71a83ce-0e00-4cf6-87ac-bd81c5e38177", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642311", "to_ids": true, "type": "md5", "uuid": "a56b3c71-80d0-4ea9-8922-10cf4e63cd62", "value": "16809129d70e2086b48500d544ea8d41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638478", "to_ids": true, "type": "sha1", "uuid": "c0c59a7d-48a0-4a89-82ff-1fa26eebb0cb", "value": "f56816c8bd03718111c39a04f855dee73c4b3f21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638478", "to_ids": true, "type": "sha256", "uuid": "c505c280-d2bc-44b8-aaf3-01914dbfd48e", "value": "b979fd33cb526a10ce9afbf3855d06c881b1bf55b0b6b1d10ebba5dc0d01c0c2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638177", "to_ids": true, "type": "ssdeep", "uuid": "887f6d7e-f0db-4540-92bf-429ffd279402", "value": "1536:1pbtAhKCUXBd2NBF4fnhdz2gOyHFUAVu0:1pBpeqfnhdz2KlUR0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638177", "to_ids": false, "type": "size-in-bytes", "uuid": "c19a7380-0fab-4c8a-9541-00355e2e7ec8", "value": "62876" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638177", "to_ids": true, "type": "vhash", "uuid": "8e1ca2be-9127-4142-91e0-65d4428219e6", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638177", "to_ids": true, "type": "filename", "uuid": "6765a15d-60cd-4d31-b1ed-e8bbb86e6c2b", "value": "16809129d70e2086b48500d544ea8d41.virus" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638177", "to_ids": false, "type": "text", "uuid": "b48302e2-a66d-4ac9-bfd9-81e9b67d25e0", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.AW!xp\nSentinelOne: None\nVT Total Detection:43/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "022dc5ff-be2e-4148-a4b5-87605c4636da", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "8aa74159-a4dc-4832-865d-327df8aa91ea", "value": "2bc99a018da0650c9bc0fa56c7c79320", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "2de6dbfc-c688-4e39-bf53-b9dca541dc99", "value": "f25a1690f4bb55010b710f2c142082d47f189b5d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "7c2641c3-8b1b-47b1-b6a6-a8ef27992aa3", "value": "c3b9ffca2b7f5c9fdefb39d6c13d657769ec140efd4513842dbc68adbad99efa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638198", "to_ids": true, "type": "ssdeep", "uuid": "347b2fa3-dff7-4f2e-9da4-c7105b8976a7", "value": "1536:C3BLVWVHCVPJUpbC19Bw0spuLhAI0ztUADcyBTZhnhZhFOxOy990BkI+p+a/ldO8:OL0hQ7sELhUeAVB91hZ/MQkRp8a" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638198", "to_ids": false, "type": "size-in-bytes", "uuid": "9a6090a2-d938-449f-858f-123666239397", "value": "146368" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638198", "to_ids": true, "type": "vhash", "uuid": "83bc2272-8cd9-4685-872d-efab9c8e5746", "value": "426177b03c790aee4e600a6d3ca1675e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638198", "to_ids": true, "type": "filename", "uuid": "08b2ec2b-976a-4394-8c78-7953a9e85ffd", "value": "c3b9ffca2b7f5c9fdefb39d6c13d657769ec140efd4513842dbc68adbad99efa.elf" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638198", "to_ids": false, "type": "text", "uuid": "3ee4c8c2-9ae7-41d2-b8a2-cb62db963252", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.CC!xp\nSentinelOne: None\nVT Total Detection:36/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1747981764", "uuid": "67de2f2d-0e34-4345-a60f-73189c03ab5a", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981764", "to_ids": true, "type": "md5", "uuid": "4fc2a889-f002-4e06-840f-2b3b9783f4d3", "value": "0fe4f0fb4c4ca8e779a19c6d0f07db68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981764", "to_ids": true, "type": "sha1", "uuid": "5cba66ea-0126-4467-8170-a7ce7f78fd93", "value": "98bc56ebd56f3edc3c3d1a0a1e26ec309e963395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981764", "to_ids": true, "type": "sha256", "uuid": "e3322798-a6ef-4087-8eac-170bcee9ff3a", "value": "e4504f9329e03f782a75dd10cc4f849e17ef9a116b3b05dcc82e5d82c846ef68", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638220", "to_ids": true, "type": "ssdeep", "uuid": "25c8651d-22c5-4a76-bc65-5a898370cc49", "value": "6144:kXzTbjiXMaNLjIP4730Q48gXGMInbTXM/Ragf10t:6iXMahjIP47tjsGMMTc/4gd+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638220", "to_ids": false, "type": "size-in-bytes", "uuid": "7a7f349f-8944-4b3e-b228-ad0c0bb15d14", "value": "209815" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638220", "to_ids": true, "type": "vhash", "uuid": "8017b45d-a9d5-4d52-83ab-d2ad22b06898", "value": "e15ff15d3f0147556b4ea5f371f6303a" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638220", "to_ids": true, "type": "filename", "uuid": "6f44adaf-0d17-4011-b53d-a317b648bad9", "value": ".Sarm7" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638220", "to_ids": false, "type": "text", "uuid": "888dd9b8-da70-4a01-abf1-b2ea888fb551", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: None\nVT Total Detection:39/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642375", "uuid": "ffbb81a6-83eb-40a1-974e-815f36897f86", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642375", "to_ids": true, "type": "md5", "uuid": "3669ce2e-5775-46b9-bd2b-a7ce739e4cc7", "value": "34f2a08c8be4b9dd28b68ec8f74db905", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638483", "to_ids": true, "type": "sha1", "uuid": "5ea1e9bf-7995-4647-9a42-c99a765105c9", "value": "7edcabf02b1685fb176c380da5f61491270d85ad", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638483", "to_ids": true, "type": "sha256", "uuid": "8a8f52af-c66b-4712-99f7-7e532659ada3", "value": "e87ad8c9586eeae7981ca0576764ceeeff93bbfcfa385703c5901b8d86d0194d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638241", "to_ids": true, "type": "ssdeep", "uuid": "a09f1fe9-be95-4f52-86ed-dbbafe6434ae", "value": "3072:kBY+Sx5wTHfiAjI+tN5Do09SneKiSoLsf2OsbRx:URlTnSeKwVRx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638241", "to_ids": false, "type": "size-in-bytes", "uuid": "f6440ef7-6cda-4b88-a8fc-6d0d3b2c31c2", "value": "159752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638241", "to_ids": true, "type": "vhash", "uuid": "8a095699-bc42-46d3-9ba0-5f709f148a60", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638241", "to_ids": true, "type": "filename", "uuid": "219100f0-7bfb-402e-b3c4-fb82cfa0f5f5", "value": "skid.x86" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638241", "to_ids": false, "type": "text", "uuid": "373a5691-6ff0-45ef-9c49-e5c6de196573", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Gafgyt.AW!xp\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:40/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642396", "uuid": "7451efda-5814-4900-9163-845a7ca42d7e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642396", "to_ids": true, "type": "md5", "uuid": "b5cad60d-bc31-4077-b381-307210ded05f", "value": "1f7529e735437f949cb531228ee3d353", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638485", "to_ids": true, "type": "sha1", "uuid": "0554841f-b944-4ffc-980b-0c5b56729344", "value": "39e5c9b81cecb0f651be32f79abd2fec375b2c62", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638485", "to_ids": true, "type": "sha256", "uuid": "22b45154-ddff-4345-a147-f8bd80aaa09a", "value": "f4308b08c0ca971a1420a5dca779d88b8172c29bc7238b723b43bb96d9b9a9e0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638263", "to_ids": true, "type": "ssdeep", "uuid": "97fd343f-5d9c-460e-8ae8-75d855d829b1", "value": "1536:TSowXVDfEllOJXdC7xy0I2fHb2RjAzMcssiUv6q2Ca4:bwFD8TaC7xyd2fHb2RMzMc/vvECa4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638263", "to_ids": false, "type": "size-in-bytes", "uuid": "6d77b38e-0ad8-4b91-9302-500cf560d5cf", "value": "58752" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1737638263", "to_ids": true, "type": "vhash", "uuid": "2e4a49ae-d285-471b-b811-7a36c4c599d5", "value": "397d54c63083e25930f53124b80ac614" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638263", "to_ids": false, "type": "text", "uuid": "a7be7f73-2f02-4724-8b0d-c9a01da3796c", "value": "Type Description: ELF\nSymantec: Linux.Mirai\nMicrosoft: Backdoor:Linux/Mirai.EP!MTB\nSentinelOne: Static AI - Malicious ELF\nVT Total Detection:43/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "24", "timestamp": "1737642418", "uuid": "b2d0f90a-0f1f-474f-bc06-5e1d888dcf89", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1737642418", "to_ids": true, "type": "md5", "uuid": "31c8c838-1bbb-47e0-a4f3-f3e983538928", "value": "5bf7742d8a20a9ccbd7af5a4cad4fb4a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1737638486", "to_ids": true, "type": "sha1", "uuid": "d9d36848-55a2-4892-be22-5997c82b161a", "value": "0223aa19a8fe4fa4dd8734cedb2288ddde3a9a4e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1737638486", "to_ids": true, "type": "sha256", "uuid": "9d15266f-7d75-4b05-be7f-4107e4456d81", "value": "f5aa93311d8dcde50d87ec010274fdd7a7653eed51264f0e2e648403ec4177d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1737638284", "to_ids": true, "type": "ssdeep", "uuid": "8a3da809-a281-4998-a070-6a288904a1fd", "value": "24:vSH7wsl9sNZu4A84T09eeNvtTAWn0I9daIqUh:vSHzUS84T09eQH0I9EIqk" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1737638284", "to_ids": false, "type": "size-in-bytes", "uuid": "72e9283b-a335-4a75-87ad-a0d0d27a2f0f", "value": "1770" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1737638284", "to_ids": true, "type": "filename", "uuid": "2bceb496-dde0-47d9-8a1f-315258ddd52c", "value": "z.sh" }, { "category": "Other", "comment": "Checked: 23/01/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1737638284", "to_ids": false, "type": "text", "uuid": "ef70642e-00dd-4cb1-b101-7c0a4b9e66c3", "value": "Type Description: Shell script\nSymantec: Scr.Malcode!gen107\nMicrosoft: TrojanDownloader:Linux/Morila!MTB\nSentinelOne: None\nVT Total Detection:38/61" } ] } ] } }