{ "Event": { "analysis": "1", "date": "2024-02-01", "extends_uuid": "", "info": "[Threat Intel] VajraSpy: A Patchwork of espionage apps", "protected": false, "publish_timestamp": "1780039410", "published": true, "threat_level_id": "1", "timestamp": "1780039410", "uuid": "7b7d8d69-d72f-4a5d-afd9-03ddc2ec3843", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#8675c7", "local": false, "name": "misp-galaxy:producer=\"ESET\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#6143a8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Boot or Logon Initialization Scripts - T1398\"", "relationship_type": "" }, { "colour": "#64af28", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1417\"", "relationship_type": "" }, { "colour": "#0da3ae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1418\"", "relationship_type": "" }, { "colour": "#9c4b3a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\"", "relationship_type": "" }, { "colour": "#b418fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\"", "relationship_type": "" }, { "colour": "#bbb53d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\"", "relationship_type": "" }, { "colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": "" }, { "colour": "#775b18", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\"", "relationship_type": "" }, { "colour": "#85feae", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Application Layer Protocol - T1437\"", "relationship_type": "" }, { "colour": "#8eb1d9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\"", "relationship_type": "" }, { "colour": "#932961", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Video Capture - T1512\"", "relationship_type": "" }, { "colour": "#142555", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Notifications - T1517\"", "relationship_type": "" }, { "colour": "#25f1d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1533\"", "relationship_type": "" }, { "colour": "#3b33aa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Subvert Trust Controls - T1553\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#7d7034", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"QUILTED TIGER\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"VajraSpy\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Call Log - T1636.002\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Manipulation - T1641\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1646\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Keylogging - T1417.001\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"One-Way Communication - T1481.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Messages - T1636.004\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1437.001\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#170059", "local": false, "name": "rectifyq:topic=\"mobile-attack\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736663133", "to_ids": false, "type": "link", "uuid": "e2aef2d4-4a0b-4992-95fd-feb88d33268e", "value": "https://www.welivesecurity.com/en/eset-research/vajraspy-patchwork-espionage-apps/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736663133", "to_ids": false, "type": "text", "uuid": "244ced75-4b82-4ba1-9b8c-af0cf995e662", "value": "ESET researchers have identified 12 Android espionage apps that were available on Google Play between 2021 and 2023 and are still available in the wild, but not on alternative app stores, as previously thought." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736663133", "to_ids": false, "type": "text", "uuid": "1b82337b-a6a4-43ad-8ab4-60287ff1f778", "value": "Name: VajraSpy: A Patchwork of espionage apps\nAuthor: AlienVault\nAdversary: Patchwork\nTags: [\"VajraSpy\", \"Patchwork\", \"Android\"]\nTgtd countries: [\"Pakistan\", \"Malaysia\", \"India\"]\nMlwr families: [\"TikTalk\", \"VajraSpy\"]\nAttack_ids: [\"T1398\", \"T1417\", \"T1418\", \"T1420\", \"T1422\", \"T1426\", \"T1429\", \"T1430\", \"T1437\", \"T1481\", \"T1512\", \"T1517\", \"T1533\", \"T1553\", \"T1566\", \"T1082\"]\nIndustries: [\"Diplomatic\", \"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736663133", "to_ids": false, "type": "threat-actor", "uuid": "250ad929-89a2-441d-b421-94491b853c79", "value": "Patchwork" }, { "category": "Payload delivery", "comment": "VajraSpy trojan No sample in VT\r\nLast check:22/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740235509", "to_ids": true, "type": "sha1", "uuid": "e009a394-019f-49bd-a441-bb2a617f25d4", "value": "bcd639806a143bd52f0c3892fa58050e0eeef401", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039407", "to_ids": true, "type": "ip-dst", "uuid": "973b2c90-6ce4-40d2-85c6-12264177d48c", "value": "34.120.160.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#661a1f", "local": false, "name": "asn:asn=\"396982\"", "relationship_type": "" }, { "colour": "#b21243", "local": false, "name": "asn:as-owner=\"GOOGLE-CLOUD-PLATFORM\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236275", "to_ids": true, "type": "hostname", "uuid": "13db86b8-da4f-44d2-82c3-2ba7a26675f6", "value": "hello-chat-c47ad-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236297", "to_ids": true, "type": "hostname", "uuid": "ecf9a987-2c6b-4e41-af31-228e1dc5a701", "value": "chit-chat-e9053-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236319", "to_ids": true, "type": "hostname", "uuid": "ff5b89df-6c75-4c14-b584-42f8670f1e28", "value": "meetme-abc03-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236341", "to_ids": true, "type": "hostname", "uuid": "d59ea584-e1f5-40a5-b514-6007af33e4f9", "value": "chatapp-6b96e-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236363", "to_ids": true, "type": "hostname", "uuid": "f86b2bcf-ea36-4938-91ad-c14f9fc057ef", "value": "tiktalk-2fc98-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236385", "to_ids": true, "type": "hostname", "uuid": "a52c8765-df8a-484b-92bc-5ab064ca3b8d", "value": "wave-chat-e52fe-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236407", "to_ids": true, "type": "hostname", "uuid": "975888f6-5120-4f44-949e-2ec7764bf3f3", "value": "privchat-6cc58-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236429", "to_ids": true, "type": "hostname", "uuid": "83b4bb94-7fdc-4ff4-b2ae-0b45a07757e9", "value": "glowchat-33103-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236451", "to_ids": true, "type": "hostname", "uuid": "4a416c0e-494f-4f7f-9451-bd25fa6f761b", "value": "letschat-5d5e3-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236473", "to_ids": true, "type": "hostname", "uuid": "f19d14eb-0cab-40fa-af86-74bf4f70fced", "value": "quick-chat-1d242-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236495", "to_ids": true, "type": "hostname", "uuid": "1ce12f60-69d0-46bf-b38c-b52be85be226", "value": "yooho-c3345-default-rtdb.firebaseio.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039408", "to_ids": true, "type": "ip-dst", "uuid": "8e740f47-849f-44a9-9455-0e702c066b28", "value": "35.186.236.207", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#661a1f", "local": false, "name": "asn:asn=\"396982\"", "relationship_type": "" }, { "colour": "#b21243", "local": false, "name": "asn:as-owner=\"GOOGLE-CLOUD-PLATFORM\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1740236539", "to_ids": true, "type": "hostname", "uuid": "890f7655-eb98-4291-8fd2-414585f31226", "value": "rafaqat-d131f-default-rtdb.asia-southeast1.firebasedatabase.app", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "VajraSpy C&C servers", "deleted": false, "disable_correlation": false, "timestamp": "1780039410", "to_ids": true, "type": "ip-dst", "uuid": "0610e87b-1252-45b9-910b-7b4b930d20be", "value": "160.20.147.67", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#ab73e4", "local": false, "name": "asn:asn=\"30823\"", "relationship_type": "" }, { "colour": "#2a0349", "local": false, "name": "asn:as-owner=\"AUROLOGIC aurologic GmbH\"", "relationship_type": "" }, { "colour": "#141680", "local": false, "name": "asn:as-country=\"DE\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"germany\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236583", "uuid": "8eb15a2e-9820-4977-8208-93b77c6a4336", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236583", "to_ids": true, "type": "md5", "uuid": "647efebd-1c2f-46a6-9d18-857c2d473030", "value": "e95c7b7d33ffa747dc9dea6701fc1159", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235481", "to_ids": true, "type": "sha1", "uuid": "1d621080-53a2-401d-b31e-f0c1640b02fb", "value": "baf6583c54fc680aa6f71f3b694e71657a7a99d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235482", "to_ids": true, "type": "sha256", "uuid": "76e0eb24-7ad5-43b1-b082-6428af7fe75f", "value": "c06f8c3fd23ae7124cc06eb63c0411418715bf99d3c9fa66525790b2b4c61858", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234515", "to_ids": true, "type": "ssdeep", "uuid": "2fa61934-8831-47d3-a3f4-baa49c92eb8e", "value": "196608:7nYw4dlhwj97Aawdh5PS43U2n2pp6GrGFUqv8FWF9oD13y65Rvc1vxk9WU0SZzpe:7nYXm9xwXg4t2ThGl0m81C6/049WU0H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234515", "to_ids": false, "type": "size-in-bytes", "uuid": "22db49db-5db0-48dc-9998-f4190f824a81", "value": "11299329" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234515", "to_ids": true, "type": "vhash", "uuid": "c10ad04b-6686-41a3-aeb5-700029634134", "value": "631acd694bc5e14eca4ab30e72974c89" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234515", "to_ids": true, "type": "filename", "uuid": "1deb13cf-0ec7-4a44-8919-f17746cfc9bb", "value": "Hello Chat.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234515", "to_ids": false, "type": "text", "uuid": "8adfa0e3-ae67-4061-a604-f8ec0eb7e39b", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:21/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236605", "uuid": "eb23d208-dbbb-4508-a818-f7b244bd6605", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236605", "to_ids": true, "type": "md5", "uuid": "7590adf0-de3f-48be-af51-8bcf7b093a97", "value": "21e996e74ed60a618413c4d703906f74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235483", "to_ids": true, "type": "sha1", "uuid": "2ff3117f-9b33-4a9d-a45d-78c03e3d7e68", "value": "846b83b7324dfe2b98264bafac24f15fd83c4115", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235484", "to_ids": true, "type": "sha256", "uuid": "363dbbf5-4f09-46e4-b50a-9744d2166d64", "value": "1f744fcc5b503328e8707c93f36904d17d2a71db3aa948803c98a5d54160b878", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234538", "to_ids": true, "type": "ssdeep", "uuid": "332ca2da-683c-4c7d-bf14-2c1cc57aa567", "value": "786432:J8o9Y1IKlnoVt2HEnNwznJP53FwHlwm9oeHJ4FzV7oCaClqs+K3itulJy0/Y:PKoVAHPFP53SvXHJ48xCssHitOg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234538", "to_ids": false, "type": "size-in-bytes", "uuid": "077c8ec6-2423-45e0-8ebb-4146a7095a9f", "value": "56394744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234538", "to_ids": true, "type": "vhash", "uuid": "2df4c1a2-7eb2-4f1a-bdcc-a9451fc68ac5", "value": "d10b7a2984f3266c15a444175c46f8c1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234538", "to_ids": true, "type": "filename", "uuid": "fcc4fb8c-fd79-47c2-8d85-eca8600674bb", "value": "Chit Chat.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234538", "to_ids": false, "type": "text", "uuid": "2cbb4204-ec41-4fdc-b414-ad11b16f487e", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:22/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236626", "uuid": "0a82dfb7-170c-47e1-9979-649efcae7b0c", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236626", "to_ids": true, "type": "md5", "uuid": "eb05e345-2669-45bc-8188-8734e2854b72", "value": "259035caab78d2f18fb022dc30552470", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235485", "to_ids": true, "type": "sha1", "uuid": "8c2dde7f-803b-40b6-9291-9f2cb519ef08", "value": "5cfb6cf074ff729e544a65f2bcfe50814e4e1bd8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235486", "to_ids": true, "type": "sha256", "uuid": "9ad9608e-9782-49c1-8bda-edd178c60335", "value": "35f52cb5085cc58e8d005d249bfcaa17244f1be3147780e1ac64990006db2ccc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234561", "to_ids": true, "type": "ssdeep", "uuid": "3a3445f2-abe9-41d2-a5cf-25f7a3f40d1d", "value": "393216:v53mTKCN5fpP4RqC1FXbl8EzbjQsHfPxJd9DfWlsF:1qps1Np9zbJJznF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234561", "to_ids": false, "type": "size-in-bytes", "uuid": "27b35243-9395-45dd-bca4-2c2e5fdab183", "value": "19608262" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234561", "to_ids": true, "type": "vhash", "uuid": "ce861ed2-564a-45aa-9b9b-5e5e7d01ab86", "value": "35a2e5efa85753d4fda24c48e222a294" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234561", "to_ids": true, "type": "filename", "uuid": "375e3f76-fdd1-4331-84ce-30bcec51bb25", "value": "5cfb6cf074ff729e544a65f2bcfe50814e4e1bd8.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234561", "to_ids": false, "type": "text", "uuid": "70a23904-9ea5-4aa7-a0fe-75619c9189c3", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/71" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236649", "uuid": "4be1a3d5-8f2e-43c1-bce1-3c6a6cb741a7", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236649", "to_ids": true, "type": "md5", "uuid": "4cbc88d7-9d81-43b8-a153-c800ce453db9", "value": "b62e21c2a7091da95bd8c345b4e963bf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235488", "to_ids": true, "type": "sha1", "uuid": "7f292a54-d6f8-447b-846a-f468dbc2d4ee", "value": "1b61dc3c2d2c222f92b84242f6fcb917d4bc5a61", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235488", "to_ids": true, "type": "sha256", "uuid": "515e7540-25a6-44f6-8cfb-a7b943c94eea", "value": "c547fc04afad7538be1c638019867145dabf630afc2eba1ece7f972892598a65", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234585", "to_ids": true, "type": "ssdeep", "uuid": "5819272b-b1cc-40e1-82dd-e8abda2c6fb7", "value": "786432:OkURXJEK5cHM0Id2d7JoOyA8xTRmIazAEaKs/ZEefkAPpgKKoXkjeqtULRse:IhtdG7Jozx1PGLfsgKKoUDtqRX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234585", "to_ids": false, "type": "size-in-bytes", "uuid": "60859176-3ad4-43e6-bf06-58a404641c7d", "value": "48934248" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234585", "to_ids": true, "type": "vhash", "uuid": "8ae2d32e-dd02-40c8-81d0-23e74b6e4678", "value": "ddf67894c594eb3791771d15752eefb4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234585", "to_ids": true, "type": "filename", "uuid": "ce783652-3ed8-476d-904a-ae39e7872ac3", "value": "Nidus.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234585", "to_ids": false, "type": "text", "uuid": "a44e6afe-b65b-41dc-9d00-29896f300ed5", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236671", "uuid": "c5234973-2689-4219-8f47-d09840b76f3f", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236671", "to_ids": true, "type": "md5", "uuid": "73fc66db-2437-41af-89e4-d195cf832b45", "value": "eb3e7d94069786eceb34b683e671eec2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235490", "to_ids": true, "type": "sha1", "uuid": "7fabf74a-4e60-4c0f-b534-9284b4cc87e3", "value": "137ba80e443610d9d733c160ccdb9870f3792fb8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235490", "to_ids": true, "type": "sha256", "uuid": "7860dc7c-0595-47de-b688-f7e50fe93a7d", "value": "9115408ab7227f30cb6d3f785c208377b31da208171def1c3ec4d81c6f833585", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234629", "to_ids": true, "type": "ssdeep", "uuid": "9a83cebb-40d9-4bd1-bafc-c796e3e648ae", "value": "786432:CpYKPFBFyINygoWfD7/QHEnNzXkjFznJqqtUQ3f5cH2PpgKKw42:b0FvOg/AH8UxFztX3x8KKw42" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234629", "to_ids": false, "type": "size-in-bytes", "uuid": "7c6c291d-7334-4805-a284-5e58a5044ba9", "value": "46701823" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234629", "to_ids": true, "type": "vhash", "uuid": "92a7c044-5e0f-4dc9-95d5-cf4244b29620", "value": "d498255fbff92c4693a332f7c2d91333" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234629", "to_ids": true, "type": "filename", "uuid": "f4837972-c875-4d82-93a8-265aede75705", "value": "137ba80e443610d9d733c160ccdb9870f3792fb8.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234629", "to_ids": false, "type": "text", "uuid": "a4b3ef7a-b902-4370-8e17-87743ea5e41c", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236693", "uuid": "995eb620-0c8e-4bca-bad6-f39c1df45119", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236693", "to_ids": true, "type": "md5", "uuid": "de5f3c42-4870-4a13-87bf-67ff435068c7", "value": "195a6f2c703375a90a614f7a25c962d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235492", "to_ids": true, "type": "sha1", "uuid": "e5a27c25-c98b-4c72-9aef-03277e299cca", "value": "5f860d5201f9330291f25501505ebab18f55f8da", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235492", "to_ids": true, "type": "sha256", "uuid": "5339758f-3350-4ef7-8d93-77196d4d3d45", "value": "0757de1fd165f72a084f955dc3fe45480a92b18b6153e116d1992586ca8ccd02", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234652", "to_ids": true, "type": "ssdeep", "uuid": "a50a17a6-388f-49c6-8a13-e344b6ea2e19", "value": "786432:QIY/uQTfuRwJEFZHt2A1G8HAvXpZXh8A1Sm+bSHmACJlOSIQ48sCS+3lsfhgG57Y:JxQCrZHhdgRZX+mASHmAOlnIX8Kf9Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234652", "to_ids": false, "type": "size-in-bytes", "uuid": "2d78b94b-fa10-4db9-b660-a387724af850", "value": "96118802" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234652", "to_ids": true, "type": "vhash", "uuid": "4c4a9de4-9d43-4ddf-87fb-f120ef526cba", "value": "52b71b0fe3173141c4b3a47bcf7e4939" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234652", "to_ids": true, "type": "filename", "uuid": "d322f29a-9d39-488a-abdc-40a848aa4b3a", "value": "WaveChat.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234652", "to_ids": false, "type": "text", "uuid": "95c7eda4-376d-4f57-878f-c6dd7f08aa08", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:16/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236715", "uuid": "0f43cafc-b657-4672-9eb4-90e16193a592", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236715", "to_ids": true, "type": "md5", "uuid": "5f62121c-0a51-4ee3-97cc-eb1e5aea1ebc", "value": "84504c2f077b1c73ec3a64bfa4429cf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235494", "to_ids": true, "type": "sha1", "uuid": "472844e4-6666-4d13-9c41-2659cb45c36a", "value": "3b27a62d77c5b82e7e6902632da3a3e5ef98e743", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235495", "to_ids": true, "type": "sha256", "uuid": "92536476-0737-4462-be14-e937b3a02ff1", "value": "2fdb7c4430660cb49547ac2828a631810d4e3d245a6501ce00825faa169cb7d0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234675", "to_ids": true, "type": "ssdeep", "uuid": "ec1b150a-8e53-4191-8322-8c2148379823", "value": "393216:pKBHAZCv3rUJ3/jqjgzGBdJySsQhbnenMsd9+M4/J:IBAAv3K/j+tyOm+TJ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234675", "to_ids": false, "type": "size-in-bytes", "uuid": "5dbb19a9-8464-4107-bbe6-e38358b6657f", "value": "17016228" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234675", "to_ids": true, "type": "vhash", "uuid": "5b6c17dc-22e2-4aa1-a976-d5c711c99e6e", "value": "50d9e86167d458015a991fe8e0348030" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234675", "to_ids": true, "type": "filename", "uuid": "184468d5-eef4-4505-995b-408f524a7e12", "value": "Privee Talk-v1.7-ApkDownloadforWindows.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 24/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234675", "to_ids": false, "type": "text", "uuid": "9e3e1dfb-8051-4a69-a15a-219c0ba24f2f", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: Trojan:AndroidOS/VajraSpy!MTB\nVT Total Detection:28/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236737", "uuid": "f528aad4-f9be-4cd0-88a7-4f45aaf15db5", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236737", "to_ids": true, "type": "md5", "uuid": "abe916bb-1d63-4bd1-b99e-05b3fb3c6974", "value": "666ca68e8a21ae09ed20722d06a06a0b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235497", "to_ids": true, "type": "sha1", "uuid": "63752ba1-9a20-4900-8fff-76998c9ee76c", "value": "44e8f9d0cd935d0411b85409e146acd10c80bf09", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235498", "to_ids": true, "type": "sha256", "uuid": "4a954954-4a35-4570-8429-cfa8add3fab4", "value": "1e2c03876cb0a4dfb588be0de5bffd11aff57d556dbfb8a92793470ab3c66038", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234699", "to_ids": true, "type": "ssdeep", "uuid": "aeacc37e-eea7-4dd1-9c93-b79c7efa639b", "value": "786432:Ald0amJQqNH73OeV60HgUUEDhLhcLIUC7UgMbkv2FbJJQaM:kMtb3G0HeElLgJC3DOJe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234699", "to_ids": false, "type": "size-in-bytes", "uuid": "8cafef99-e147-46ea-9380-58f960328596", "value": "50124912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234699", "to_ids": true, "type": "vhash", "uuid": "7593057e-60f8-41a1-ac98-abcce6603720", "value": "558ed7bf082d8f40f44b2339a38a7ab7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234699", "to_ids": true, "type": "filename", "uuid": "e0c821f5-d9b6-464e-ae78-94870e0ce6d2", "value": "Glow+Chat_2.8_apkcombo.com.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234699", "to_ids": false, "type": "text", "uuid": "f42f51b9-aa53-41a8-9130-f7cf2aa4a470", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:25/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236759", "uuid": "9adbf6b0-87dd-4a4c-8200-0bd350c5ed45", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236759", "to_ids": true, "type": "md5", "uuid": "07c1b227-34fd-46dc-b77d-678b5e3566bd", "value": "07f106d4ce4845ad26e89688d7ed2552", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235501", "to_ids": true, "type": "sha1", "uuid": "730a29c2-2b5f-40a6-b0f2-ac48e59cfb28", "value": "94dc9311b53c5d9cc5c40cd943c83b71bd75b18a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235501", "to_ids": true, "type": "sha256", "uuid": "48bff515-fc03-49f4-b2d6-32b8445abf6a", "value": "55dd05f02ead336c99d491fa7a9945cf8f113215c5147710874be68fde519cd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234725", "to_ids": true, "type": "ssdeep", "uuid": "80ac024c-096b-48df-8f2f-f20ca4052c39", "value": "786432:1mlxL74wfsGb2L6nL73OeV60HgUUEDhLhcLIUC7UgMbkveFbJJQWF:2FHf9yW3G0HeElLgJC3DGJnF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234725", "to_ids": false, "type": "size-in-bytes", "uuid": "70f0b8ff-3a01-4662-86ac-82836c1ca653", "value": "50104362" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234725", "to_ids": true, "type": "vhash", "uuid": "7209cb5c-faee-4f16-bfce-2c0f2a60f762", "value": "558ed7bf082d8f40f44b2339a38a7ab7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234725", "to_ids": true, "type": "filename", "uuid": "7dbf20d2-9fb6-4ffc-b50b-ecd56a7e6424", "value": "Let's Chat_2.8_apkcombo.com.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234725", "to_ids": false, "type": "text", "uuid": "0fb4d70b-f970-4d74-8f77-4d4261c692ca", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:22/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236781", "uuid": "72281adf-e74f-4f37-a86e-831236e2d2f8", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236781", "to_ids": true, "type": "md5", "uuid": "54c6b90a-374b-43bb-8511-e5e1b49fec49", "value": "432316e6d85a3b4cec9cd196d7d79916", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235504", "to_ids": true, "type": "sha1", "uuid": "3a5058d9-2bd4-43c1-9daf-41177c95c7cf", "value": "e0d73c035966c02df7bce66e6ce24e016607e62e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235504", "to_ids": true, "type": "sha256", "uuid": "9df99cd9-b7b0-4d83-ad29-ef4dfac5622c", "value": "64b2a100e8ca305d7362eeb4858694156d676989b8c6d6d8d01cdebe84dafc7b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234752", "to_ids": true, "type": "ssdeep", "uuid": "f7233861-119a-448b-9b45-98b030cc7679", "value": "786432:t6URXJE3aKwxTRmIazAK0Id2d7JoOyAa7ZEeNnqtUMkgRsFPpgKK25cH4Xkjr:nEfwx1PGfdG7Jop9qtBRfKKk9Un" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234752", "to_ids": false, "type": "size-in-bytes", "uuid": "50235a12-6de7-417f-99b4-3c975ae7046d", "value": "49237529" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234752", "to_ids": true, "type": "vhash", "uuid": "783b6662-6c88-48d2-b79b-200b1d54b5b7", "value": "ddf67894c594eb3791771d15752eefb4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234752", "to_ids": true, "type": "filename", "uuid": "c42d2c9f-82b3-41d4-99ae-f60e547d6341", "value": "$R2SNR8Y" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234752", "to_ids": false, "type": "text", "uuid": "a5abc466-45f2-496c-9c15-776bb258ee71", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:26/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236803", "uuid": "80f235a3-6682-4b52-a841-243cf2eb53db", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236803", "to_ids": true, "type": "md5", "uuid": "34a79c42-1694-44b0-a3fe-e58a911056ca", "value": "33859968406795496cc3df2cfc638104", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235506", "to_ids": true, "type": "sha1", "uuid": "e72787fa-4e47-447a-b979-51a31c808937", "value": "235897bcb9c14eb159e4e74de2bc952b3ad5b63a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235506", "to_ids": true, "type": "sha256", "uuid": "2eb2b60a-5b8a-48ef-930a-c38923fc20e6", "value": "0c7afefe507ace767217dd91bdb68b06947ca668559f025425baae2afb4fff6c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234775", "to_ids": true, "type": "ssdeep", "uuid": "007b1dc3-d38d-49d8-bef5-aea203711978", "value": "786432:mhod//GjwfsGbcnU/tVYLzbJJzPrY/uQTRG57WPIhE:mhGbf9kLj7rxQ06" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234775", "to_ids": false, "type": "size-in-bytes", "uuid": "2eaad8d9-5487-441c-a6b8-fa39f338cef7", "value": "38670521" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234775", "to_ids": true, "type": "vhash", "uuid": "132fc68c-d322-4dbf-a733-f23036320fbc", "value": "1dd0ddb7242bfc1be42ce0e3a56ea7bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234775", "to_ids": true, "type": "filename", "uuid": "0ba3bd34-8e42-4a66-8371-b13c1469038f", "value": "Quick Chat_4.0_apkcombo.com.xapk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 22/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234775", "to_ids": false, "type": "text", "uuid": "a5fe8d53-fb88-4459-a763-913a50ee22e6", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/70" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740236825", "uuid": "46866da6-4224-41c6-af04-b3640a8df474", "Attribute": [ { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740236825", "to_ids": true, "type": "md5", "uuid": "1fcb07cf-2215-498d-a904-bce00517d2ce", "value": "44c2b688516999ae61351988dbedd893", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740235508", "to_ids": true, "type": "sha1", "uuid": "ae64de9c-cbac-4835-a9aa-3c5d873e4194", "value": "8ab01840972223b314bf3c9d9ed3389b420f717f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "VajraSpy trojan", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740235508", "to_ids": true, "type": "sha256", "uuid": "a4ef79b6-82e6-4924-b54e-a8a8c7c9a3a0", "value": "ba9aeb87025ba26e7a54fe38f97bf28b72b1dac069e9fa6624a195a599c4b0ae", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740234798", "to_ids": true, "type": "ssdeep", "uuid": "800df6b8-7735-40c0-a9a8-6a0aafd0a398", "value": "786432:xqAHhBuplJXza/IfH53DznJqqtU5XkjEPpgKKw5HEnNk5cHL:4dJXu/IfH53DFztcULKKw5HpQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740234798", "to_ids": false, "type": "size-in-bytes", "uuid": "b693af91-63fe-4be3-9822-51ae23788675", "value": "44361893" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740234798", "to_ids": true, "type": "vhash", "uuid": "a73ec303-612d-4c4f-8846-9b0ecb6f5c67", "value": "b9dc84b91445d2a451d47c1dc49f6f93" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740234798", "to_ids": true, "type": "filename", "uuid": "d15846b2-1a86-474d-aa15-03d7bac3dc5f", "value": "YohooTalk.apk" }, { "category": "Other", "comment": "Checked: 22/02/2025\nLast-scan\t: 25/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740234798", "to_ids": false, "type": "text", "uuid": "5da03d31-1a9d-4961-8fcc-7a272b140aaf", "value": "VajraSpy trojan\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:27/67" } ] } ] } }