{ "Event": { "analysis": "2", "date": "2020-06-02", "extends_uuid": "", "info": "[Threat Intel] \"StayHomeMalaysia.apk\"", "protected": false, "publish_timestamp": "1780039902", "published": true, "threat_level_id": "2", "timestamp": "1772901992", "uuid": "8082801e-d211-46a0-8d90-445d642181b3", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#e1e5b7", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"SMS Control - T1582\"", "relationship_type": "" }, { "colour": "#e931d8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Contact List - T1636.003\"", "relationship_type": "" }, { "colour": "#704a15", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1429\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Internet Connection Discovery - T1422.001\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740482739", "to_ids": false, "type": "link", "uuid": "b38bfbdd-48a3-4016-bfe4-0a2724694626", "value": "https://x.com/malwrhunterteam/status/1267706781914075137" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746815422", "to_ids": true, "type": "url", "uuid": "71cf3b0b-b4c0-4709-ae56-ab82d2afec4b", "value": "https://defase241.s3.eu-central-1.amazonaws.com/StayHomeMalaysia.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1746815443", "to_ids": true, "type": "url", "uuid": "8dd1d8fc-3cd4-4693-a84a-dc17183439c0", "value": "https://fewfasdfwerta.s3.eu-central-1.amazonaws.com/StayAtHome.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740482880", "to_ids": false, "type": "link", "uuid": "5f25f2d2-86a3-4716-bef9-29f9e5ba722e", "value": "https://x.com/ReBensk/status/1267693269758214144" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746815464", "uuid": "db507038-88a7-4e12-97bd-63002086e8e7", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746815464", "to_ids": true, "type": "md5", "uuid": "b9f9142c-8b04-413b-9dd0-6f9eb1372a9c", "value": "b4546bfaa3f339f624a9fe8e64a682e1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740482897", "to_ids": true, "type": "sha1", "uuid": "19e4d68a-e2d6-44af-877c-767b4c15616b", "value": "670300e945e534725c411a0fff6a484f91ef2825", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740482897", "to_ids": true, "type": "sha256", "uuid": "ba329b75-4298-4809-85eb-1b2c5b656434", "value": "2c77586ac25becd2c7241a807dd7e408ddaa518a6061dcf95ab6d2f910749555", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740482897", "to_ids": true, "type": "ssdeep", "uuid": "2ad73daa-d3fd-450c-bacf-c72444695db0", "value": "24576:SLUw7EpLn29Uip52nWas/TmidjoWJbIFvZOZPbkbt9DitP5aM4cJM7tSb0lh9MZd:oUw7oL29UM52Was/T5j7Jb+uPbEpaxTd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740482897", "to_ids": false, "type": "size-in-bytes", "uuid": "c0abb0a9-0eb2-4aeb-9ac0-1fc0139ca31a", "value": "1409442" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740482897", "to_ids": true, "type": "vhash", "uuid": "f005adb3-c58f-4638-a018-bc75101c01fb", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740482897", "to_ids": true, "type": "filename", "uuid": "bd7b56db-8bcf-42ad-a4fc-9a18451873f3", "value": "StayHomeMalaysia.apk" }, { "category": "Other", "comment": "Checked: 25/02/2025\nLast-scan\t: 03/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740482897", "to_ids": false, "type": "text", "uuid": "a0e620ea-5442-4f9f-b58e-e0740338ffa4", "value": "Type Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:16/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746815486", "uuid": "d345a831-1cc9-4bc9-9f33-1ced56bef9f9", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746815486", "to_ids": true, "type": "md5", "uuid": "881bda79-d7b5-4fe6-8f6d-d2233d71f8d3", "value": "8ff52a49b6efc41c5bd3f77c406297f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740482919", "to_ids": true, "type": "sha1", "uuid": "dc57a6d6-b3a9-4d7e-9c07-0e651ffa2830", "value": "5f7e1f00eef53c3654b406bc097094d4a2727469", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740482919", "to_ids": true, "type": "sha256", "uuid": "ea17feb1-3410-4e6f-a210-4b12fa8c2aab", "value": "4a21ec52a544e3b77ed0ddb5dea5f5fac91714a4aa0a40396cc85663d4e15444", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740482918", "to_ids": true, "type": "ssdeep", "uuid": "e04c199b-c4ee-41ea-8513-055b0573f1e2", "value": "24576:mpksHl6HVFRbL1yfAuM38WZpVJFZeM4cJM7tSb0lh9MZe3X2/z35FQ7YibISCqfk:mplHIVF9L1hp3NZpzHP4c+Rc9p" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740482918", "to_ids": false, "type": "size-in-bytes", "uuid": "c70c3cd5-f5bc-4a83-be72-f7b400b11d51", "value": "1443411" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740482918", "to_ids": true, "type": "vhash", "uuid": "3827eacd-977e-4364-bc5b-d22360934402", "value": "e76a34f15d1b8cd115c0db4c2ead22b9" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740482918", "to_ids": true, "type": "filename", "uuid": "8a248150-29f2-4f04-b142-38a448602e88", "value": "StayAtHome.apk" }, { "category": "Other", "comment": "Checked: 25/02/2025\nLast-scan\t: 04/06/2020", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740482918", "to_ids": false, "type": "text", "uuid": "8fd51c1e-7dd7-44dd-abd1-acf0fc8b7bec", "value": "Type Description: Android\n\nMicrosoft: Trojan:Script/Wacatac.C!ml\nVT Total Detection:28/63" } ] } ] } }