{ "Event": { "analysis": "1", "date": "2024-05-24", "extends_uuid": "", "info": "[Threat Intel] Inside the SharpPanda's Malware Targeting Malaysia", "protected": false, "publish_timestamp": "1780436442", "published": true, "threat_level_id": "2", "timestamp": "1780436413", "uuid": "81133e85-f177-4cef-ac06-a8a03de535bd", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"SharpPanda\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#110041", "local": false, "name": "rectifyq:sub-category=\"malware-analysis\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#3a00dd", "local": false, "name": "rectifyq:action-taken=\"diamond-model\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:f3b46834-6ce9-44ef-852d-d7ac61a12920=\"b76558a6-755e-48ff-aa0f-2f5815f3687a\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770861364", "to_ids": false, "type": "link", "uuid": "082dd230-0f1f-4623-8a88-2047a0ce51f5", "value": "https://notes.netbytesec.com/2024/05/inside-sharppandas-malware-targeting.html", "Tag": [ { "colour": "#6b003a", "local": true, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780041937", "to_ids": true, "type": "ip-dst", "uuid": "b002e4ce-1741-4949-bac3-b8dc0c5431ae", "value": "185.239.226.91", "Tag": [ { "colour": "#18de80", "local": false, "name": "asn:asn=\"134835\"", "relationship_type": "" }, { "colour": "#ab6901", "local": false, "name": "asn:as-owner=\"SNL-HK Starry Network Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770863290", "to_ids": true, "type": "sha256", "uuid": "fad29838-1b34-4115-8485-18c501976703", "value": "20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1770861390", "to_ids": true, "type": "sha1", "uuid": "5f8363c3-b7d5-4be4-8f66-253243809a95", "value": "ba12750f122462d16b4847adcb927b86af60b5d6" }, { "category": "Other", "comment": "diamond-model", "deleted": false, "disable_correlation": false, "timestamp": "1770861675", "to_ids": false, "type": "comment", "uuid": "76f63d1f-997a-4293-84d3-f08abf053990", "value": "https://raw.githubusercontent.com/rectifyq/Collections/refs/heads/main/Diamond-Models/2024/240524-SharpPanda/3.png" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1780435616", "uuid": "23f0a6b8-b40f-4a6a-aa0e-931d26e55d5e", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1770863291", "to_ids": true, "type": "md5", "uuid": "91e475bb-6811-4b65-bbd4-cdba78566ef7", "value": "b85316f68d9f1dbac481e3f397ebf1b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1770863291", "to_ids": true, "type": "sha1", "uuid": "10619d34-33ec-433c-beba-744a50585001", "value": "ba12750f122462d16b4847adcb927b86af60b5d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1770863291", "to_ids": true, "type": "sha256", "uuid": "e5f83e58-f610-42e4-850a-c292932e804c", "value": "20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1770863290", "to_ids": true, "type": "ssdeep", "uuid": "ee4942c9-2eec-4d54-ab32-4a85c5492543", "value": "6144:LFmiXuqQ8rDKmNceekuF4mxAuL1ZEPKW:pVXlrmmNctkuWmx1ZS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1770863290", "to_ids": false, "type": "size-in-bytes", "uuid": "b0031d51-f33d-4cde-81ee-ca8c976f4f46", "value": "272384" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1770863290", "to_ids": true, "type": "vhash", "uuid": "fd9699e7-4e7a-4561-8e17-4deb9e32f68f", "value": "025056655d15156068z51hz13z2fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1770863290", "to_ids": true, "type": "filename", "uuid": "31503a5a-fb35-44fb-8c9e-7d7286cbe77d", "value": "20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41.exe" }, { "category": "Other", "comment": "Checked: 12/02/2026\nLast-scan\t: 17/01/2026", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1770863290", "to_ids": false, "type": "text", "uuid": "52cc8b27-9e72-43ab-bd51-1e504060958e", "value": "Type Description: Win32 EXE\nMicrosoft: Trojan:Win32/Doina!MTB\nVT Total Detection:56/71\nFirst Submission:2023-12-20T06:39:19.000000+00:00\nLast Submission:2025-05-20T13:18:00.000000+00:00" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1780435616", "to_ids": true, "type": "filename", "uuid": "c587b6a3-57e7-49c1-a228-09c8c5d3cdd4", "value": "REKOD MINIT KSN KEPADA YAB PM 2023 - 15.exe" } ] } ] } }