{ "Event": { "analysis": "1", "date": "2022-08-30", "extends_uuid": "", "info": "[Threat Intel] Rising Tide: Chasing the Currents of Espionage in the South China Sea", "protected": false, "publish_timestamp": "1780039417", "published": true, "threat_level_id": "1", "timestamp": "1772901940", "uuid": "83f31bcf-cf2e-4ebb-b8c2-7ef9e6925c9e", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#2d8ee7", "local": false, "name": "misp-galaxy:producer=\"Proofpoint\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#9e0269", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"", "relationship_type": "" }, { "colour": "#e8825f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"", "relationship_type": "" }, { "colour": "#2e58ce", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"", "relationship_type": "" }, { "colour": "#ad5a96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Hijack Execution Flow - T1574\"", "relationship_type": "" }, { "colour": "#45a451", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": "" }, { "colour": "#43c8db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"", "relationship_type": "" }, { "colour": "#50bcaa", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Software Discovery - T1518\"", "relationship_type": "" }, { "colour": "#e12cbc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Non-Application Layer Protocol - T1095\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#75ec20", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#d53577", "local": false, "name": "misp-galaxy:target-information=\"Cambodia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Defense\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Education\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Energy\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Manufacturing\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"News - Media\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Oil\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"scanbox\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"APT\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736666750", "to_ids": false, "type": "link", "uuid": "186e63ba-91a1-459d-a4be-b2c6bf86e1e7", "value": "https://www.proofpoint.com/us/blog/threat-insight/chasing-currents-espionage-south-china-sea" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736666750", "to_ids": false, "type": "text", "uuid": "b806667a-c085-4984-886b-4778aefda8b1", "value": "Proofpoint and PwC Threat Intelligence have jointly identified a cyber espionage campaign, active since April 2022 through June, delivering the ScanBox exploitation framework to targets who visit a malicious domain posing as an Australian news website." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736666750", "to_ids": false, "type": "text", "uuid": "54186732-f6f0-4c00-8c13-eb7dd5fbdbb7", "value": "Name: Rising Tide: Chasing the Currents of Espionage in the South China Sea\nAuthor: AlienVault\nAdversary: TA423 APT40\nTags: [\"Scanbox\", \"Meterpreter\", \"Javascript\", \"Phishing\", \"RTF\"]\nTgtd countries: [\"United States of America\", \"Malaysia\", \"Australia\", \"Japan\", \"Cambodia\"]\nMlwr families: [\"scanbox\"]\nAttack_ids: [\"T1566\", \"T1102\", \"T1195\", \"T1056\", \"T1574\", \"T1189\", \"T1055\", \"T1518\", \"T1095\", \"T1140\", \"T1027\", \"T1036\"]\nIndustries: [\"Banking\", \"Healthcare\", \"Heavy Industry\", \"Media\", \"Manufacturing\", \"Financial\", \"Government\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736666750", "to_ids": false, "type": "threat-actor", "uuid": "61694326-72c7-4214-a373-c29248d4ea06", "value": "TA423 APT40" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263165", "to_ids": true, "type": "email-src", "uuid": "dbeec416-f4b4-43b4-b850-35ee7d52174d", "value": "visitable.daishaju@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "64bf2670-4f15-4b87-9bf3-88cd3ef7f904", "value": "goodlandteactuator@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "42c9a32d-b46f-4060-a00c-c7b6f15a7df9", "value": "claire3bluntxq@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "293d6789-6b19-46ae-9744-67942d587fb4", "value": "ascents.nestora2@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "a99267d2-d82c-4a0f-a1b3-96b51108b118", "value": "walknermohammad26@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "a22889b0-37a2-4043-8ae9-7220417447a1", "value": "entertainingemiliano20@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "0fa89bf5-55a7-4fde-8b53-76b427f1b3ed", "value": "osinskigeovannyxw@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "245a267d-735b-48b9-be8c-f3b512babf18", "value": "brittanisoq@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "875eac1c-99c2-4c56-876c-bfc6d281692d", "value": "charmainejuxtzk@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "fa8ec89f-c69e-428d-b381-aa6fca8d8f24", "value": "gradyt18iheme@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "6dfd1c48-a121-46ab-a4a0-b1b717478216", "value": "dagny382cber@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "df883a68-a277-4d94-8f07-752154f01980", "value": "marikok2bedax@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "872e813f-334d-4f50-81c8-3b74d9c98872", "value": "pearlykeap3l@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "eab445e4-16ce-47d8-938e-2a885f7380df", "value": "mattbotossd@outlook.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "cc27cf2a-f9fe-47a0-a3f7-8b6607053b14", "value": "thuang6102@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "eb30231d-b8c3-4332-bdaa-fac14869eafb", "value": "earlt1948@gmail.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "6cbcbede-74b5-497c-abf1-b5e4238e283f", "value": "amianggitaphill@yahoo.com" }, { "category": "Payload delivery", "comment": "Phishing Email Sender Address", "deleted": false, "disable_correlation": false, "timestamp": "1740263166", "to_ids": true, "type": "email-src", "uuid": "2559b874-9eec-4e44-9dd9-809c0ba0bb7d", "value": "zoezlb@gmail.com" }, { "category": "Other", "comment": "Phishing Email Header From", "deleted": false, "disable_correlation": false, "timestamp": "1740263258", "to_ids": false, "type": "other", "uuid": "74219d14-30b9-406c-884d-59f08391e147", "value": "Daisha Manalo \r\nBlair Goodland \r\nClaire Blunt \r\nNestor Pyles \r\nMohammad Walkner \r\nEmiliano Regulus \r\nEmiliano Regulus \r\nGeovanny Osinski \r\nBrittani Silvestre \r\nCharmaine Jubinville \r\nGrady Iheme \r\nDagny Berdecia \r\nMariko Dax \r\nPearly Keasler \r\nMatt Botos \r\nami phillips \r\nTom Huang \r\nThomas Earl \r\nzoe browne " }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740267971", "to_ids": true, "type": "url", "uuid": "1ea2ed19-ff24-4777-aa02-21a08f884a91", "value": "http://australianmorningnews.com/?p=23", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740267992", "to_ids": true, "type": "url", "uuid": "b6b3e36c-df74-484f-bbb3-ce85b48b79f4", "value": "http://australianmorningnews.com/?p=30", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268013", "to_ids": true, "type": "url", "uuid": "f083ec35-1320-46d2-a040-d23ca2ab2703", "value": "http://australianmorningnews.com/?p=58", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268034", "to_ids": true, "type": "url", "uuid": "c1164488-0d0f-4eb5-8e1e-2ab3383ea36e", "value": "http://australianmorningnews.com/?p=55", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268056", "to_ids": true, "type": "url", "uuid": "4123baf5-20ee-4a6b-b20e-ffdbb9c13e3d", "value": "http://australianmorningnews.com/?p=23-", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Phishing URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268077", "to_ids": true, "type": "url", "uuid": "6516fc8f-f2e6-420c-b86d-2aaba395ea72", "value": "http://asutralianmorningnews.com/?p=19-", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Related to Darkpink APT phishing", "deleted": false, "disable_correlation": false, "timestamp": "1747520468", "to_ids": true, "type": "url", "uuid": "f7caa66d-92f0-400a-8d8a-6816ae3fa8b9", "value": "http://asutralianmorningnews.com/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268118", "to_ids": true, "type": "domain", "uuid": "fa1b292e-ecbf-4a54-aca1-fdac7ebc6e01", "value": "australianmorningnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268140", "to_ids": true, "type": "hostname", "uuid": "40a15f35-8078-4be4-99b2-68406b0cfc74", "value": "image.australianmorningnews.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268161", "to_ids": true, "type": "domain", "uuid": "3842d48e-61a0-4a2a-936f-6d4eede62a6b", "value": "regionail.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268182", "to_ids": true, "type": "domain", "uuid": "7f92342a-5662-421e-a512-97fb6b7a33aa", "value": "heraldsun.me", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268204", "to_ids": true, "type": "domain", "uuid": "4a0717e7-e93d-4a4e-90a4-beda4e645e4c", "value": "walmartsde.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Actor-controlled Domain", "deleted": false, "disable_correlation": false, "timestamp": "1740268225", "to_ids": true, "type": "domain", "uuid": "c058fdf5-2547-4f99-b903-a768ec362d31", "value": "theaustralian.in", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Registrant Email", "deleted": false, "disable_correlation": false, "timestamp": "1740263343", "to_ids": true, "type": "email-src", "uuid": "2caa5a38-9c68-4603-ac54-3557aebae9f3", "value": "suzannehhu316@outlook.com" }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268246", "to_ids": true, "type": "url", "uuid": "b0f92c4b-416e-4aac-833a-40ed3dba4333", "value": "http://image.australianmorningnews.com/i/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268267", "to_ids": true, "type": "url", "uuid": "4b236485-eb43-47f4-b8c8-9f63c0a1740d", "value": "http://image.australianmorningnews.com/i/?cwhe18nc", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268288", "to_ids": true, "type": "url", "uuid": "979c910d-53e7-48d1-a9a5-c652ab39580f", "value": "http://image.australianmorningnews.com/i/v.php?m=b", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268309", "to_ids": true, "type": "url", "uuid": "4fcd39c9-f073-426a-a03f-033ce2ccabfb", "value": "http://image.australianmorningnews.com/i/c.php?data=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268330", "to_ids": true, "type": "url", "uuid": "60859aa7-97b6-4e93-ba5a-0a5352b0a406", "value": "http://image.australianmorningnews.com/i/k.php?data=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268352", "to_ids": true, "type": "url", "uuid": "1a0c786f-e4a7-47bc-b763-87e9a9659815", "value": "http://image.australianmorningnews.com/i/p.php?data=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268373", "to_ids": true, "type": "url", "uuid": "644ad2cf-308f-4061-a83a-f0944ca57545", "value": "http://image.australianmorningnews.com/i/v.php?m=a&data=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268394", "to_ids": true, "type": "url", "uuid": "f26d4f73-0d47-48bd-83fc-b05fdd204087", "value": "http://image.australianmorningnews.com/i/v.php?m=p&data=", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ScanBox URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268415", "to_ids": true, "type": "url", "uuid": "56794447-1bc7-41d7-a0d6-6675dc6a66a3", "value": "http://image.australianmorningnews.com/i/v.php?m=plug", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267868", "to_ids": true, "type": "sha256", "uuid": "21ba2782-be23-40cb-a827-ae34db06799e", "value": "f55c020d55d64d9188c916dcbece901bc6eb373ed572d349ff61758bd212857f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267869", "to_ids": true, "type": "sha256", "uuid": "91d68537-d423-4fb7-b108-a4b6feaa9fec", "value": "5681cf40c3f00c1a0dc89c05d983c0133cc6bf198bce59acfef788d25bcd9f69", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267870", "to_ids": true, "type": "sha256", "uuid": "f6bb3283-39f7-4b00-80e5-adabc628f647", "value": "22df809c1f47cb8d685f9055ad478991387016f03efd302fdde225215494eb83", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267871", "to_ids": true, "type": "sha256", "uuid": "b5d8510b-ae33-4dfb-aac2-ce4e30929038", "value": "b7e435ccded277740d643309898d344268010808e0582f34ae07e879ac32cf1e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267872", "to_ids": true, "type": "sha256", "uuid": "0bc481e4-4c4d-4e69-b978-ae201d874692", "value": "3909ae9b64b281cca55fc2cd6d92a11b882d1a58e4c34a59a997a7cb65aba8ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267873", "to_ids": true, "type": "sha256", "uuid": "c51b7403-5b5e-418e-a2ed-90d364a0bbf3", "value": "54ad4c1853179a59d5e9c48b1cfa880c91c5bf390fcfb94e700259b3f8998cb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267875", "to_ids": true, "type": "sha256", "uuid": "c69837d3-fa36-433b-9bb9-7ddfb45a0390", "value": "c4471540b811f091124c166ab51d6d03b6757f71e29c61a0e360e5c64957fcdd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267876", "to_ids": true, "type": "sha256", "uuid": "9c29d8eb-d99a-4f5e-821f-f5e409f7657b", "value": "400be1d28d966ba8491f54237adad52ad4eea8a051f45f49774b92cbfdfcf1ea", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267877", "to_ids": true, "type": "sha256", "uuid": "9c350f20-94ad-4c91-9b25-d174a37f57f0", "value": "8033a52b327ad6635fc75f6c2c17b2cb4d56e1fd00081935541c0fb020e2582f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267878", "to_ids": true, "type": "sha256", "uuid": "7deaedd8-67ac-4bb5-b91f-aadc146bbed8", "value": "a115051a02e4faa8eb06d3870af44560274847c099d8e2feb2ef8db8885edf5e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "RTF Template Injection Attachment No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267879", "to_ids": true, "type": "sha256", "uuid": "9f1e47fb-79b9-4422-8ee9-013eb90bd268", "value": "57c8123dd505dadb640872f83cf0475871993e99fdb40d8b821a9120e3479f53", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740263423", "to_ids": true, "type": "ip-dst|port", "uuid": "48873d02-b2a4-4d61-a530-8575fc2a8697", "value": "139.59.60.116|443" }, { "category": "Network activity", "comment": "C2 IP", "deleted": false, "disable_correlation": false, "timestamp": "1740263423", "to_ids": true, "type": "ip-dst|port", "uuid": "aa100a22-f166-4892-a2aa-bbea9d20d903", "value": "172.105.114.27|80" }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268437", "to_ids": true, "type": "url", "uuid": "2bb9946c-7189-4b79-84fb-662c680ca43d", "value": "https://regionail.xyz/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268458", "to_ids": true, "type": "url", "uuid": "109d3c4a-5435-474b-94d7-1bc77704636e", "value": "https://regionail.xyz/austrade.au", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268479", "to_ids": true, "type": "url", "uuid": "8707aac0-5ed3-4543-a0a4-bc67f13ce177", "value": "https://magloball.com/nDo3SB", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268500", "to_ids": true, "type": "url", "uuid": "36d6f8fe-0104-47f1-a1f7-dbf5f778d3ea", "value": "https://theaustralian.in/europa.eeas", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268521", "to_ids": true, "type": "url", "uuid": "e1ac0740-2bd9-43b8-9ab4-18761d5b11ba", "value": "https://theaustralian.in/office", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268543", "to_ids": true, "type": "url", "uuid": "f4a1c87d-4442-4203-9a24-9cb9e6fdf25c", "value": "https://theaustralian.in/word", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268564", "to_ids": true, "type": "url", "uuid": "1a337a30-40e4-430d-a573-7efd4cb611c9", "value": "http://172.105.114.27/v", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "RTF Template Injection & Payload Delivery URL", "deleted": false, "disable_correlation": false, "timestamp": "1740268586", "to_ids": true, "type": "url", "uuid": "032a6f62-ab05-4633-bf40-783df14b82a8", "value": "http://walmartsde.com/UpdateConfig", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267880", "to_ids": true, "type": "sha256", "uuid": "33adefca-2fe2-483a-b52e-5d4b9f7b7d37", "value": "981c762ce305cd5221e8757bafa50a00fff8fbc92db5612b311c458d48c29793", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267882", "to_ids": true, "type": "sha256", "uuid": "a37507df-3fc9-4d32-9a56-4fbe94bb6f35", "value": "13f593f217b4686d736bcfce3917964632e824cb0d054248b9ffcacc59b470d4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267883", "to_ids": true, "type": "sha256", "uuid": "af1bb147-d988-49b5-be8b-b749261cd8b7", "value": "c4f6fedb636f07e1e53eaef9f18334122cb9da4193c843b4d31311347290a78f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267884", "to_ids": true, "type": "sha256", "uuid": "0adfd56b-ab5e-41af-81bb-511af2d809be", "value": "ab963bf7b1567190b8e5f48e7c88d53c02d7a3a57bd2294719595573a1f2b7c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267885", "to_ids": true, "type": "sha256", "uuid": "ec195a5f-b9f2-45c7-951a-fc84748a246f", "value": "e3f1519db0039e7423f49d92d43d549b152b534856a7efde1a7eda7a9276bb22", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267887", "to_ids": true, "type": "sha256", "uuid": "c8a54ae8-7e67-4309-884c-52846b9c0724", "value": "e1f34cb031bac517796c363c2b31366509bf1367599fd5583c6bc2b0314758bb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267888", "to_ids": true, "type": "sha256", "uuid": "3e6e8e5e-525d-408f-ac31-27c225ca89f4", "value": "55a5871b36109a38eed8aef943ccddf1ae9945f27f21b1c62210a810bb0f7196", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Payload No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740267889", "to_ids": true, "type": "sha256", "uuid": "e79fd59e-100e-42f1-b146-89694f30747b", "value": "7e1ab1b08eb4b69df11955c3dfe3050be467a374adb704a917ee1a69abcc58a5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268607", "uuid": "28e5c37d-006b-4b67-a734-3c14584d5fd7", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268607", "to_ids": true, "type": "md5", "uuid": "ac5b359f-a828-4aca-acc2-6e8a750ae9d7", "value": "3d2cd2ddb95f2dec74375e7475dfe743", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267850", "to_ids": true, "type": "sha1", "uuid": "f071ff22-de4c-4103-8847-b306e7d24d0a", "value": "cbb0bfbd6dbb8277b7f32c6cda83500301191904", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267850", "to_ids": true, "type": "sha256", "uuid": "4b384adb-5b0f-461c-b77a-9969a277e5ee", "value": "7795936ed1bdb7a5756c1ff821b2dc8739966abbb00e3e0ae114ee728bf1cf1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266371", "to_ids": true, "type": "ssdeep", "uuid": "b022cc76-9478-4c7d-a507-0f1b779528cf", "value": "384:SDAmDA9CaHXdjGM61XJkwyaqRot4pWdLML+LqURnicxphrGq3gcv:ODA9CiXdjG6UUSbRn/rlv" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266371", "to_ids": false, "type": "size-in-bytes", "uuid": "80984bbe-db0a-42e9-87f3-4503606cac48", "value": "24518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266371", "to_ids": true, "type": "vhash", "uuid": "54639632-d67e-4e4a-955f-811986933cb5", "value": "1bcbfe2070c4a277197dddd49b71581e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266371", "to_ids": true, "type": "filename", "uuid": "82822ee4-a028-4869-8db2-69a810244dd3", "value": "7795936ed1bdb7a5756c1ff821b2dc8739966abbb00e3e0ae114ee728bf1cf1a.js" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266371", "to_ids": false, "type": "text", "uuid": "20becc1d-f51c-4386-8c5d-82b316926b9b", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:32/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268628", "uuid": "27a21cd0-1753-43f3-826d-68214422afe4", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268628", "to_ids": true, "type": "md5", "uuid": "cb1e91ef-d39b-4104-9681-0447aee91851", "value": "6f8688d0691985e43261408c50764c40", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267851", "to_ids": true, "type": "sha1", "uuid": "ba3894b0-73fb-47dd-802e-284de1257a2c", "value": "e0b044a314d6a1ba2a844588e03d46aa4e6099a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267851", "to_ids": true, "type": "sha256", "uuid": "490a3a52-1ea9-46fc-9b1b-5b0d538d69f1", "value": "4dedb022d3c43db6cddd87f250db4758bd88c967f98302d97879d9fc4fadd8a2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266392", "to_ids": true, "type": "ssdeep", "uuid": "43e7523f-9dba-49bc-a000-974be59bc96d", "value": "3:R/cYCQEd7XRDXBmKGlLe:REYCQ4tDXBmlq" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266392", "to_ids": false, "type": "size-in-bytes", "uuid": "4364f6f6-d7cb-4f02-b495-49d7dc376fbd", "value": "59" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266392", "to_ids": true, "type": "vhash", "uuid": "64636cf0-0d02-465b-ae16-5431a98b8310", "value": "df45996796bdb8cb19eaff83caf1cedd" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266392", "to_ids": false, "type": "text", "uuid": "dea3ae6e-e52f-418e-ab04-8112884d9436", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:21/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268649", "uuid": "76b43a80-027f-4a65-8163-9a6f4493d32a", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268649", "to_ids": true, "type": "md5", "uuid": "9c6025ef-3f3a-4e6d-a7a7-187ec227a4fb", "value": "33094e2d6878eb6faab9fbdb2a4a4ebe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267853", "to_ids": true, "type": "sha1", "uuid": "f4be3d27-1c48-4fde-8b88-57074f0a8644", "value": "4145b09f21467e71e40af420d5545c62ab1b442c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267853", "to_ids": true, "type": "sha256", "uuid": "4ff12c10-fa64-40ea-8a7b-fd52b798d35a", "value": "5a1c689cddb036ca589f6f2e53d323109b94ce062a09fb5b7c5a2efedd7306bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266414", "to_ids": true, "type": "ssdeep", "uuid": "10da6676-0bca-4582-bfae-3f6a2a0f97ee", "value": "48:50yL+gu/F4QUyPpX+98r/fM3iGj31OkHHRf:O3gu/F4dyQ2tGD1Oyf" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266414", "to_ids": false, "type": "size-in-bytes", "uuid": "05390b03-9251-432e-8d9a-bb6c873f4a7b", "value": "2700" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266414", "to_ids": true, "type": "vhash", "uuid": "c266a6c3-75f7-4f26-a352-ed6afc1c5bb7", "value": "9731efee7e23b748581d379e2d76e2bf" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266414", "to_ids": true, "type": "filename", "uuid": "682b7d42-a165-42a8-9112-20a0dccc1e19", "value": "5a1c689cddb036ca589f6f2e53d323109b94ce062a09fb5b7c5a2efedd7306bc.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266414", "to_ids": false, "type": "text", "uuid": "ec627bdb-0207-4a0b-b358-7bca641136a7", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:32/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268670", "uuid": "a38e1ed8-8e59-46da-9f28-739c7f506633", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268670", "to_ids": true, "type": "md5", "uuid": "6a084ebc-bcfb-4604-bbe5-70888453cfc8", "value": "d6704f0eccb1802dc931422224923843", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267854", "to_ids": true, "type": "sha1", "uuid": "35e60551-8c22-46aa-8097-0aaf1f22e652", "value": "e1dda6c75ca284a03ea826fe7e49f5c64aa6636c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267854", "to_ids": true, "type": "sha256", "uuid": "eae79b81-f7d7-4236-ad67-9ce8af448714", "value": "cb981d04f21a97fdb46b101a882a3490e245760489f4122deb4a0ac951a8eaee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266436", "to_ids": true, "type": "ssdeep", "uuid": "9135edfd-089c-425b-8b76-bf28d4417dbc", "value": "24:2pgR4tngsdTsC1Obz4fcRgdOdEdcaFGdQDER5EGdVggKu9YQRKhK2esy75fB:50yL+gu/F4QoRm4yPpm0y7VB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266436", "to_ids": false, "type": "size-in-bytes", "uuid": "3928c59b-be3a-413d-850f-f249a97cbb5a", "value": "1685" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266436", "to_ids": true, "type": "vhash", "uuid": "6175eb96-069d-4809-a023-e15433cd0631", "value": "31d35295b28037a93688e5a9dd315eb5" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266436", "to_ids": true, "type": "filename", "uuid": "80c2f18d-3e5c-4867-804c-49c7daae8e98", "value": "cb981d04f21a97fdb46b101a882a3490e245760489f4122deb4a0ac951a8eaee.js" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 09/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266436", "to_ids": false, "type": "text", "uuid": "2559038d-e39f-47e9-b79d-ee6b92b94b67", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:31/60" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268692", "uuid": "3241e682-d406-4433-9224-5b5653ffc151", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268692", "to_ids": true, "type": "md5", "uuid": "718495de-6e79-4173-878f-e8f698c2e483", "value": "f87602542673e7dde30075b2e340a47f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267855", "to_ids": true, "type": "sha1", "uuid": "42403a19-4b7f-47bd-a6be-1f5faab51236", "value": "99344cc185ab0a14658489be390a30cca32a933d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267855", "to_ids": true, "type": "sha256", "uuid": "08075c65-137d-49e8-a829-ac4618b7dcb4", "value": "3d37a977f36e8448b087f8e114fe2a1db175372d4b84902887808a6fb0c8028f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266457", "to_ids": true, "type": "ssdeep", "uuid": "9a175a2f-139d-4336-b479-53023457a1aa", "value": "384:xzs/sdpMtMHRg5A5YjELW3gj3HERLOppfpXd8:2+1r3oB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266457", "to_ids": false, "type": "size-in-bytes", "uuid": "5a99f872-8ba1-440c-b7d4-50ccf549f1e0", "value": "34700" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266457", "to_ids": true, "type": "vhash", "uuid": "9fb0dea5-fc3d-4abc-b74c-a3ab9ae8fdc9", "value": "d6a14fa0fa1e7fb33a8a27e53fd50b53" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266457", "to_ids": false, "type": "text", "uuid": "f24327fc-1669-42f7-8ee0-24e6ff511de9", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:32/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268713", "uuid": "e9f4e9de-3702-4652-b3ed-3922baebce15", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268713", "to_ids": true, "type": "md5", "uuid": "62086fef-a4bd-4876-abb3-ce6e1809d8e1", "value": "f542bd63c685840dfb42136c2669bd6b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267856", "to_ids": true, "type": "sha1", "uuid": "ea6dbc2a-fb94-448f-8198-00bf789886e2", "value": "dd4e4ae898576c2eba2312b482ff5ec7905c3395", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267857", "to_ids": true, "type": "sha256", "uuid": "ea52a01f-8c03-4757-a19e-56340d3f23d2", "value": "e8a919e0e02fecfe538a8698250ac3eaba969e2af2cc9d96fc86675a658e201e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266478", "to_ids": true, "type": "ssdeep", "uuid": "ca6c1f35-33fa-4140-a3f8-85fb9e343595", "value": "48:50yL+gu/F4QytyPpzndN5subieyOwIBaBFpSlBc4b+Ccw:O3gu/F4xty1nL5suufnIABFYTCjw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266478", "to_ids": false, "type": "size-in-bytes", "uuid": "aab52667-7589-44ac-8d5a-2b22e7064514", "value": "2162" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266478", "to_ids": true, "type": "vhash", "uuid": "cccb534f-5559-4eb4-9341-4d69f0427c1b", "value": "c00fb26fd795902db288de5bcb103c5f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266478", "to_ids": true, "type": "filename", "uuid": "ada8ca30-83fa-4edc-b9f3-f06ab70388d4", "value": "e8a919e0e02fecfe538a8698250ac3eaba969e2af2cc9d96fc86675a658e201e.js" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266478", "to_ids": false, "type": "text", "uuid": "48cca5cd-c1ab-42a4-b5a4-23845ff66dab", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:33/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268734", "uuid": "1e289a37-4caf-4694-b9d7-20320e28a1c0", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268734", "to_ids": true, "type": "md5", "uuid": "714167ce-1c48-42da-944a-3a1f8e05e3fd", "value": "21e087f31c02bf417d958d356a13f315", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267858", "to_ids": true, "type": "sha1", "uuid": "77bcb603-4e22-4295-aee8-f7c4d7185f19", "value": "134972f1c40d792cc56ee684cbc890e9ebae20c1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267858", "to_ids": true, "type": "sha256", "uuid": "1cd3c1cc-82f3-4354-ab91-895edfc46e7a", "value": "0b9447cb00ae657365eb2b771f4f2c505e44ca96a0a062d54f3b8544215fc082", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266500", "to_ids": true, "type": "ssdeep", "uuid": "21584813-c927-494f-b02e-519b247837e6", "value": "24:2pgR4tngsdTsC1Obz4fcRgdOdEdcaFGdQD0dVggKu9Ycbt1RWvgk0a/2d:50yL+gu/F4QqyPpswvgra/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266500", "to_ids": false, "type": "size-in-bytes", "uuid": "466bc586-eaf8-43a2-a617-50ebeb147bc7", "value": "1363" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266500", "to_ids": true, "type": "vhash", "uuid": "e707d4aa-97cc-4485-ba1d-4aabf3ef8a95", "value": "997fe91361e5c4ffddbdae7a0c971eed" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266500", "to_ids": true, "type": "filename", "uuid": "da11a038-3a1a-4f83-8f08-4e758da73ac8", "value": "0b9447cb00ae657365eb2b771f4f2c505e44ca96a0a062d54f3b8544215fc082.js" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266500", "to_ids": false, "type": "text", "uuid": "4e95d537-cf39-4868-8f73-6590bf28250b", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268755", "uuid": "d439c040-388a-459c-aa0f-6159bb64a961", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268755", "to_ids": true, "type": "md5", "uuid": "62e45f21-84ed-4fa9-ad2d-df0668bc2009", "value": "b46e92ace23a026e3d1772fecb1b6b3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267859", "to_ids": true, "type": "sha1", "uuid": "43d870ee-1876-4a20-94e5-77269ff9e1cb", "value": "29356fb4042b8ffc66209729fb1f75a2785e7368", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267859", "to_ids": true, "type": "sha256", "uuid": "eb035fba-d76a-433a-b63e-150b6d086594", "value": "2f204f3b3abc97efc74b6fa016a874f9d4addb8ac70857267cc8e4feb9dbba26", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266521", "to_ids": true, "type": "ssdeep", "uuid": "136cded2-07a1-49ba-b942-49c0cd39648d", "value": "768:rKRKA9CiXdjGHQWLUSDQ9evX43eEgyGEI2RwU8:rKRq/Q9evXKeEpGEI2RwU8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266521", "to_ids": false, "type": "size-in-bytes", "uuid": "b3da5889-0ad0-49ee-affa-eb7e0acec1ab", "value": "24685" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266521", "to_ids": true, "type": "vhash", "uuid": "61a9ede8-51af-46dd-adc7-6d488d6b7811", "value": "d3507d598789be35e90b18dda890d51d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266521", "to_ids": true, "type": "filename", "uuid": "06e3be48-d6a0-4790-8dea-f4db5378c9f6", "value": "2f204f3b3abc97efc74b6fa016a874f9d4addb8ac70857267cc8e4feb9dbba26.js" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266521", "to_ids": false, "type": "text", "uuid": "9ace622c-ea2d-4cf2-884f-cf017da32132", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:32/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268776", "uuid": "f0acbe1d-5c0a-492f-b831-c81ac579fe93", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268776", "to_ids": true, "type": "md5", "uuid": "8bd46c1f-c041-49f0-9cfe-f0599e9ab67b", "value": "88675e058531c8ac4440a1fb4f55d54f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267861", "to_ids": true, "type": "sha1", "uuid": "0b155d4b-f19a-40c7-9985-9234d27d83fa", "value": "7b83e2d5d4459c854a5f774545ccc7dd2a2b3668", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267861", "to_ids": true, "type": "sha256", "uuid": "d4ababb2-e04a-4380-a74f-33202193524b", "value": "2a17927834995441c18d1b1b7ec9594eedfccaacca11e52401f83a82a982760e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266542", "to_ids": true, "type": "ssdeep", "uuid": "32281312-6be2-40ee-bf3b-a2957eefbeac", "value": "768:FKRKA9CiXdjGHQWLUSDQ9evX43eEgyGEI2RwUz:FKRq/Q9evXKeEpGEI2RwUz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266542", "to_ids": false, "type": "size-in-bytes", "uuid": "b9590ae6-46b6-4d65-9168-8f956113457c", "value": "24791" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266542", "to_ids": true, "type": "vhash", "uuid": "53e87ed8-2105-4f55-9ed1-f3a1f29b691b", "value": "168ad1fbf62a25f3afcfba944fb10d09" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266542", "to_ids": true, "type": "filename", "uuid": "59728b54-1dee-44ef-b568-c1627be00621", "value": "2a17927834995441c18d1b1b7ec9594eedfccaacca11e52401f83a82a982760e.html" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266542", "to_ids": false, "type": "text", "uuid": "c31960a0-5de7-42c7-acb1-07ce7b98f20d", "value": "ScanBox Sample\r\nType Description: HTML\n\nMicrosoft: Trojan:HTML/Phish!MSR\nVT Total Detection:28/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268797", "uuid": "f1f82432-73a8-4549-944a-5cddc79c5d58", "Attribute": [ { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268797", "to_ids": true, "type": "md5", "uuid": "62e9cbf5-3e5e-4cb0-8292-13ce1cc3ca97", "value": "3e179ef0442be6dcaedbff9446eaf82a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267862", "to_ids": true, "type": "sha1", "uuid": "196ad293-1d5c-4d54-a2ca-d279ec9a0b29", "value": "e574d246b03602b7b99639a41123481b88a3bf3d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ScanBox Sample", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267862", "to_ids": true, "type": "sha256", "uuid": "46f00684-28fb-44ae-a17d-99d119fdcfdb", "value": "18db4296309da48665121899c62ed8fb10f4f8d22e44fd70d2f9ac8902896db1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266564", "to_ids": true, "type": "ssdeep", "uuid": "89c24553-d397-4f5a-b2f6-02b65ea38e26", "value": "384:StqNvvDAOiDA9CaHXdjGM61XJkJ9RhsaqRot4pWdLML+LJr7JK7/eiDU6LhZWUYV:KDA9CiXdjG6ZUSCY3VrXIRI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266564", "to_ids": false, "type": "size-in-bytes", "uuid": "977ff353-04f1-4607-9523-24b5ed8700f7", "value": "24518" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266564", "to_ids": true, "type": "vhash", "uuid": "32dfbf89-d972-4a08-aa37-793acb9fafb3", "value": "1bcbfe2070c4a277197dddd49b71581e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266564", "to_ids": true, "type": "filename", "uuid": "384bbf56-b5cb-4916-866d-4304c39779e3", "value": "18db4296309da48665121899c62ed8fb10f4f8d22e44fd70d2f9ac8902896db1.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266564", "to_ids": false, "type": "text", "uuid": "dca05baa-35cc-42d4-87a0-55aae43ed080", "value": "ScanBox Sample\r\nType Description: JavaScript\n\nMicrosoft: Trojan:JS/Tnega!MSR\nVT Total Detection:31/61" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268819", "uuid": "1ec25764-e7f4-48df-accb-63e3b9234158", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268819", "to_ids": true, "type": "md5", "uuid": "7257a4e7-e13a-4ab0-ae48-5fb9505eb451", "value": "3c2ec71dbec0629c92ee081fa5523190", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267864", "to_ids": true, "type": "sha1", "uuid": "4fc1bd91-912b-4329-969e-410535266a7a", "value": "c34429bccfa61fc4d2bfc7be42227017fcefd4a9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267864", "to_ids": true, "type": "sha256", "uuid": "af33a4e8-0681-4121-8872-ecab25d85ec1", "value": "d357502511352995e9523c746131f8ed38457c38a77381c03dda1a1968abce42", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266941", "to_ids": true, "type": "ssdeep", "uuid": "b09fdf12-3740-4a79-99e6-9d175c0ca21c", "value": "3072:NgNpVWJxi/7gKNkhSC+t+MMCTs0kH+Bkx6uyXnZeiB+Du31WgClRxrWMP5D7oOwp:Q7gKNkhSR/5kHouyXnZhB+R8WHg" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266941", "to_ids": false, "type": "size-in-bytes", "uuid": "25756097-3d49-46e8-a1b5-ff929e0aa10d", "value": "214952" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266941", "to_ids": true, "type": "vhash", "uuid": "ddb70dfd-0292-48d3-bc82-ade3d0695f96", "value": "0250566d1555156az58z1vz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266941", "to_ids": true, "type": "filename", "uuid": "f36877cb-527a-4740-abac-f8cce32a630c", "value": "msedgeupdate.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 15/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266941", "to_ids": false, "type": "text", "uuid": "aebfeb45-2c3b-4e5c-ad57-40042dff477e", "value": "Legitimate PE used in DLL Sideloading\r\nType Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268841", "uuid": "bc20a97d-d29c-4244-af8e-4af9ab896b68", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268841", "to_ids": true, "type": "md5", "uuid": "b835475b-f3aa-49f0-9c56-1f54032ae1f8", "value": "c5c600f5bcc25805dc42e791a543fdd5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267865", "to_ids": true, "type": "sha1", "uuid": "d3f27f8e-8d04-4ca0-8366-7677402eb67e", "value": "417b89976cd7356c76c3d0a1c2a504b0bfe2f5c5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267865", "to_ids": true, "type": "sha256", "uuid": "368db114-170b-4ec3-9230-8d7a80732661", "value": "98fbd5eb6ae126fda8e36e3602e6793c1f719ef3fdbf792689035104b39f14ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740266983", "to_ids": true, "type": "ssdeep", "uuid": "7375320a-e8b0-4df1-accc-35ca1bdb2bc0", "value": "1536:Zl9dEj3g832Y/HoFINHSN41G5iNu0mtm5FagIWSPahXjYktx0gxOytswL+f66fQG:Zl9dYLu0mtmPagIWSPahXjYktx0gxOy+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740266983", "to_ids": false, "type": "size-in-bytes", "uuid": "5bc38acc-7e6b-400b-854e-665374fe25d6", "value": "89536" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740266983", "to_ids": true, "type": "vhash", "uuid": "8726a30d-0d8c-4778-a5c4-2d8c9a832122", "value": "28403655551f0f315700d3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740266983", "to_ids": true, "type": "filename", "uuid": "d15a6f8d-118a-4eaa-b27b-8e3d85e5ef35", "value": "XDesProc.exe" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/02/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740266983", "to_ids": false, "type": "text", "uuid": "58d1756b-c5d1-4cac-9ba2-1811d7265d24", "value": "Legitimate PE used in DLL Sideloading\r\nType Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:0/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740268862", "uuid": "dcf19a7e-905a-4d1e-b5f3-362c9d7dc965", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740268862", "to_ids": true, "type": "md5", "uuid": "9e98d288-44d9-4316-9cf6-bc39319bde0e", "value": "9f5f2f0fb0a7f5aa9f16b9a7b6dad89f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267866", "to_ids": true, "type": "sha1", "uuid": "66b1358b-04f0-4e73-81ef-eac75a087ea5", "value": "603f73160dcc49da297a10f0691cefe4dddd9772", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate PE used in DLL Sideloading", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267867", "to_ids": true, "type": "sha256", "uuid": "b9e1b123-b9d1-4ecd-a353-9edb72ef967f", "value": "6d2b301e77839fff1c74425b37d02c3f3837ce50e856c21ae4cf7ababb04addc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267025", "to_ids": true, "type": "ssdeep", "uuid": "3e5d7bd0-9a4f-48db-83b8-5c4519ac1cfa", "value": "384:cyq+lmjXbHEno/vmOmG0njumBSZJ2YJLWEbxS:hlAknoGDBKFZLVbI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267025", "to_ids": false, "type": "size-in-bytes", "uuid": "88d3ca9d-8450-452c-a4af-5e92f6304de9", "value": "30192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267025", "to_ids": true, "type": "vhash", "uuid": "a2437a1f-9b0f-48ee-ba0f-493a1211bd73", "value": "034056151d05551bz8!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267025", "to_ids": true, "type": "filename", "uuid": "f69bd59d-ba8f-4134-81f8-b4b73b6a040d", "value": "Google Desktop" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267025", "to_ids": false, "type": "text", "uuid": "c79ae197-f748-4f97-8012-d588bea65c61", "value": "Legitimate PE used in DLL Sideloading\r\nType Description: Win32 EXE\n\nMicrosoft: None\nVT Total Detection:0/72" } ] } ] } }