{ "Event": { "analysis": "1", "date": "2020-02-05", "extends_uuid": "e992f61a-b40f-4285-bf71-34a563e6794a", "info": "[Threat Intel] APT40 targeting Malaysia government officials", "protected": false, "publish_timestamp": "1780039684", "published": true, "threat_level_id": "1", "timestamp": "1780039684", "uuid": "954a57ee-8998-438d-af4e-0274f6fa5e43", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#3000b9", "local": false, "name": "rectifyq:workflow=\"enrichment\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#a3aa59", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"", "relationship_type": "" }, { "colour": "#0aebeb", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"", "relationship_type": "" }, { "colour": "#03bdda", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"APT40\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Government, Administration\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#120044", "local": false, "name": "rectifyq:sub-category=\"intrusion-analysis\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"Medium\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736670680", "to_ids": false, "type": "link", "uuid": "ac4fc2a9-191b-4830-9877-36c817c52068", "value": "https://medium.com/@Sebdraven/apt-40-in-malaysia-61ed9c9642e9" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740307907", "to_ids": false, "type": "link", "uuid": "3c1fc16a-2aa2-45df-a04f-c57ab24ea65d", "value": "https://www.mycert.org.my/portal/advisory?id=MA-770.022020", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736670680", "to_ids": false, "type": "text", "uuid": "dabf4c91-0513-49dd-b9aa-e78853ed9eeb", "value": "MyCERT observed an increase in number of artifacts and victims involving a campaign against Malaysian Government officials by a specific threat group. The group motives is believe to be data theft and exfiltration.\nReconnaissance: The group has leveraged previously compromised email addresses or impersonation of emails to send spear-phishing emails\nDelivery: Send spear-phishing emails with malicious attachments although Google Drive has been observed. This includes pretending to be a journalist, an individual from a trade publication, or someone from a relevant military organization or non-governmental organization (NGO).\nWeaponization: Microsoft document with enable macro that extract malicious exe to download loader." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736670680", "to_ids": false, "type": "text", "uuid": "e8eb5a1a-1354-4ce2-a2a5-6ed365333499", "value": "Name: APT40 targeting Malaysia government officials\nAuthor: AlienVault\nAdversary: APT40\nTags: [\"APT40\", \"malware\", \"DADJOKE\", \"TEMP.Periscope\", \"malaysia\"]\nTgtd countries: [\"Malaysia\"]\nMlwr families: [\"DADJOKE\"]\nAttack_ids: [\"T1193\", \"T1203\", \"T1073\"]\nIndustries: [\"Government\", \"Transportation\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1736670680", "to_ids": false, "type": "threat-actor", "uuid": "2f085507-ea91-4869-8215-be7e3fc6c53a", "value": "APT40" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884152", "to_ids": true, "type": "url", "uuid": "fdbbdf59-c8bf-446a-8902-c1cc83d47abe", "value": "http://dynamics.ddnsking.com/Word.dotm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884173", "to_ids": true, "type": "hostname", "uuid": "d72d5b9d-b698-4913-b059-ef81e8dbc45f", "value": "vvavesltd.servebeer.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884195", "to_ids": true, "type": "hostname", "uuid": "144f80cc-f97e-488b-bf9d-0a6c781ea1d1", "value": "thestar.serveblog.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884216", "to_ids": true, "type": "hostname", "uuid": "c7a444b3-f7ed-4958-9325-54a249947eb4", "value": "byfleur.myftp.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884238", "to_ids": true, "type": "url", "uuid": "579856c8-ec23-4e56-8032-5ce65d0e62c5", "value": "http://152.89.161.5/mpsvc.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884259", "to_ids": true, "type": "url", "uuid": "e3529402-f2a2-46a3-a930-08720a1d1499", "value": "http://139.162.44.81/main.dotm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884280", "to_ids": true, "type": "url", "uuid": "bc2bfa30-d645-479a-b502-23b45fc06c4a", "value": "http://207.148.79.152/main.dotm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884302", "to_ids": true, "type": "url", "uuid": "b9f2d7be-4acc-40d3-ac2c-44de4537aa1c", "value": "http://167.99.72.82/main.dotm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884323", "to_ids": true, "type": "url", "uuid": "52e69479-0d74-48a5-b6bd-555f81d700b1", "value": "http://159.65.197.248/WinWord.dotm", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884344", "to_ids": true, "type": "url", "uuid": "a380062e-0707-48c1-be17-639637374ee2", "value": "http://152.89.161.5/msmpeng.txt", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884365", "to_ids": true, "type": "url", "uuid": "c62f8838-eda9-4731-96a9-dffc5f3bd3c7", "value": "http://195.12.50.168/D2_de2o@sp0/", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884386", "to_ids": true, "type": "hostname", "uuid": "d4a7c930-3df6-4938-bc38-c587fdcdd065", "value": "accountsx.bounceme.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884409", "to_ids": true, "type": "hostname", "uuid": "a8ffc5cb-7540-44af-958d-04591df8dd64", "value": "dynamics.ddnsking.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884430", "to_ids": true, "type": "hostname", "uuid": "84e23c69-2f65-4721-be57-4633aa724b64", "value": "capitana.onthewifi.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884451", "to_ids": true, "type": "hostname", "uuid": "9ee843ee-ccb5-478c-9251-d224a2354d0d", "value": "kulkarni.bounceme.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740309998", "to_ids": true, "type": "md5", "uuid": "a51fe60c-71e8-478b-8652-687e8bb82cd6", "value": "4114857f9bc888122b53ad0b56d03496", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740309999", "to_ids": true, "type": "md5", "uuid": "59f3da74-ecae-4204-96b1-e38488e349a5", "value": "3c43eb86d40ae78037c29bc94b3819b7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:23/02/2025", "deleted": false, "disable_correlation": false, "timestamp": "1740310000", "to_ids": true, "type": "md5", "uuid": "97989fa6-b394-4a71-b5f3-861926233ea3", "value": "6e9f0c3f64cd134ad9dfa173e4474399", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736670681", "to_ids": false, "type": "vulnerability", "uuid": "f516b3f1-8fdb-4ff8-8fe5-59343372f3b8", "value": "CVE-2014-6352" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1736670681", "to_ids": false, "type": "vulnerability", "uuid": "8d9120f1-0d8c-427b-ab65-185cc657bded", "value": "CVE-2017-0199" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740884472", "to_ids": true, "type": "domain", "uuid": "ec811e51-9de5-4efa-a9df-084e6fc851c8", "value": "invoke.ml", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039665", "to_ids": true, "type": "ip-dst", "uuid": "97d7e220-c6fa-42ee-9cf6-25c3560d4168", "value": "108.61.223.27", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039667", "to_ids": true, "type": "ip-dst", "uuid": "1f0970b7-d9c1-45d0-a826-cb2452666b9e", "value": "139.162.23.6", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#680e86", "local": false, "name": "asn:asn=\"63949\"", "relationship_type": "" }, { "colour": "#edf21f", "local": false, "name": "asn:as-owner=\"AKAMAI-LINODE-AP Akamai Connected Cloud\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039668", "to_ids": true, "type": "ip-dst", "uuid": "1a05aafc-53a8-4320-8653-6c4b5a730584", "value": "139.162.44.81", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#680e86", "local": false, "name": "asn:asn=\"63949\"", "relationship_type": "" }, { "colour": "#edf21f", "local": false, "name": "asn:as-owner=\"AKAMAI-LINODE-AP Akamai Connected Cloud\"", "relationship_type": "" }, { "colour": "#d906de", "local": false, "name": "asn:as-country=\"SG\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"singapore\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039670", "to_ids": true, "type": "ip-dst", "uuid": "7ccb5d56-0330-40a0-9deb-abb17cf9ef92", "value": "139.59.66.229", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039671", "to_ids": true, "type": "ip-dst", "uuid": "1ae61d03-8ace-47e2-8659-c90558c0dbbd", "value": "149.28.151.144", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039673", "to_ids": true, "type": "ip-dst", "uuid": "3b30e01c-04e9-4cd8-9c47-1e11ebb6680a", "value": "152.89.161.5", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#64bed2", "local": false, "name": "asn:asn=\"9009\"", "relationship_type": "" }, { "colour": "#41c276", "local": false, "name": "asn:as-owner=\"M247\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039674", "to_ids": true, "type": "ip-dst", "uuid": "e38ee645-aac5-43c1-b14a-bcc490ba58a3", "value": "157.230.34.7", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039676", "to_ids": true, "type": "ip-dst", "uuid": "362b57f9-4b2c-4dbb-b0da-9c34b121689c", "value": "159.65.197.248", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039677", "to_ids": true, "type": "ip-dst", "uuid": "41a2cae3-3154-47a3-b4b1-de6744e5156a", "value": "167.99.72.82", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039679", "to_ids": true, "type": "ip-dst", "uuid": "f558d6be-ae0d-45f1-a0b4-8debd554c62b", "value": "195.12.50.168", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#64bed2", "local": false, "name": "asn:asn=\"9009\"", "relationship_type": "" }, { "colour": "#41c276", "local": false, "name": "asn:as-owner=\"M247\"", "relationship_type": "" }, { "colour": "#26f3a1", "local": false, "name": "asn:as-country=\"RO\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"romania\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039680", "to_ids": true, "type": "ip-dst", "uuid": "91dc2f6e-debb-4f61-8f05-841311dcb4fa", "value": "207.148.79.152", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039682", "to_ids": true, "type": "ip-dst", "uuid": "e9334703-5c35-43a4-aa05-cdab65dc369f", "value": "45.32.123.142", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1780039684", "to_ids": true, "type": "ip-dst", "uuid": "e836e62b-fb10-4723-8878-ef0b6cac6827", "value": "45.77.241.33", "Tag": [ { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740435703", "to_ids": false, "type": "link", "uuid": "9d22929e-67a7-4b67-ad52-730db70214b1", "value": "https://www.zdnet.com/article/malaysia-warns-of-chinese-hacking-campaign-targeting-government-projects/" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740779695", "to_ids": false, "type": "link", "uuid": "59dc445d-0d50-4880-b5e5-009249a33915", "value": "https://www.mycert.org.my/portal/details?menu=431fab9c-d24c-4a27-ba93-e92edafdefa5&id=e605c78d-4f22-4ca9-9de4-70681a069ea9" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309970", "uuid": "fff69143-4b82-45ce-8375-ca32b8f7c769", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309969", "to_ids": true, "type": "md5", "uuid": "806b9543-69ba-437b-813d-ef665861e95f", "value": "01b5276fdfda2043980cbce19117aaa0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309969", "to_ids": true, "type": "sha1", "uuid": "efc84aae-376e-4a28-a1d5-e85a4fc30aa2", "value": "2c79d8073e86a37bbcee375d77e2231adaa55a32", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309970", "to_ids": true, "type": "sha256", "uuid": "7ab41d4c-4f16-4a27-965a-d3f88d852808", "value": "fce38b7bb25817ccaf921d5ac96f4e6c9b865fbe020204af5cf34b604868d1fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309353", "to_ids": true, "type": "ssdeep", "uuid": "74377d5c-def0-4337-8c7e-08097de81adb", "value": "3072:kPi6cp6xHA90Ub5VwcrCM2iLIOtZBfHikWNdJkSpU:OHcqeLVwgzfNHY/J/+" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309353", "to_ids": false, "type": "size-in-bytes", "uuid": "a68cd6e9-5c23-43c9-944f-cb2f2c6ba618", "value": "148751" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309353", "to_ids": true, "type": "vhash", "uuid": "38e465bb-dbb6-4184-9d06-7e65f067ffb4", "value": "ba8a8dcf308b74616714221e0d3b3a1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309353", "to_ids": true, "type": "filename", "uuid": "a5133aa6-a42b-4779-9a83-de89d9738f8b", "value": "Timelines - ECRL.docx" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309353", "to_ids": false, "type": "text", "uuid": "01118535-5378-4813-b920-bcb7eb4bb93b", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Occamy.CCE\nVT Total Detection:38/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309971", "uuid": "9873ea91-5150-44a4-ae85-58e20ee2907b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309971", "to_ids": true, "type": "md5", "uuid": "807eed0a-9ac0-40fa-b1fe-dc52343a1101", "value": "4c47ca6ecf04cfe312eb276022a0c381", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309971", "to_ids": true, "type": "sha1", "uuid": "9e1389eb-1741-4798-b3c0-e7f6d0147711", "value": "9c65639a2c6ad8f0b05f728b708ef16f25a46a5a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309971", "to_ids": true, "type": "sha256", "uuid": "931fac1f-882b-4b5e-b053-01eda14d8ddb", "value": "4b0a9cbd861b67ad54cab8b46941212bfd1bf1943c7b9942d545a144ffcd5da6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309374", "to_ids": true, "type": "ssdeep", "uuid": "f82e9cc0-eb10-42b0-9fa2-11b80017b507", "value": "3072:y9VW+wJbCy0m75pcOo6G9j19MW+CM9eMRSGJe8p/+OqXG9Ve4o:y9Q9ZTc0G9jzMW+CM9nRSNwq4o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309374", "to_ids": false, "type": "size-in-bytes", "uuid": "e19d3f01-c5c7-4f86-870a-919115ec59c0", "value": "153600" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309374", "to_ids": true, "type": "vhash", "uuid": "20d9c2b4-e381-4350-8a4a-e910efca7ff0", "value": "115046655d1560e8z547z47z1021z15zf6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309374", "to_ids": true, "type": "filename", "uuid": "3b54cbac-1631-4042-a9f6-f93c329ccd3d", "value": "4b0a9cbd861b67ad54cab8b46941212bfd1bf1943c7b9942d545a144ffcd5da6_unpacked" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 21/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309374", "to_ids": false, "type": "text", "uuid": "59590307-41a0-481f-95fd-ddad1e6a7926", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:48/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309973", "uuid": "7884b13f-5492-487c-a1c8-30eb538846de", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309972", "to_ids": true, "type": "md5", "uuid": "d8038c2c-e9e5-43ef-a78c-a38011231e57", "value": "a827d521181462a45a7077ae3c20c9b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309972", "to_ids": true, "type": "sha1", "uuid": "82ca2c84-0c83-4da0-86e3-87f07e22b2e6", "value": "2fabc99261db5dd17d088501e58612115e406eed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309973", "to_ids": true, "type": "sha256", "uuid": "650a3f23-e69e-4378-ad4c-ea9a318d7133", "value": "f3186dafca8b032f5b942d81b66d3ab631dc41463d3c8d319f1a0a374f809cdf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309396", "to_ids": true, "type": "ssdeep", "uuid": "6e371aa7-909a-4023-b7de-d512ff5b22b7", "value": "3072:3suuovAqJP6rQYUeyD8OS2Ke7v13n/9m5y+I5sOn96ZU8wJo/uk6dtrjC:3suuolJcfU/DgSv1s57n7Ua/2d0" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309396", "to_ids": false, "type": "size-in-bytes", "uuid": "0507f2d2-9f22-4506-9354-2a9813cd81a9", "value": "178182" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309396", "to_ids": true, "type": "vhash", "uuid": "187574c1-bf00-475f-8ed8-d048ad565380", "value": "13b719c55ee18f859169b2ebdd65db66" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309396", "to_ids": true, "type": "filename", "uuid": "63658e01-60b5-4efe-b700-6d17ca0bf6bf", "value": "743097___1c3f54c0-e9d5-4825-9aad-f0d18033adad.docx" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 15/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309396", "to_ids": false, "type": "text", "uuid": "e61bc29f-cf8c-4cc8-9c61-af21f04a0177", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Occamy.CF3\nVT Total Detection:42/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309974", "uuid": "37343bb5-0ef8-4208-adca-6d3c7e723a5d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309974", "to_ids": true, "type": "md5", "uuid": "9d45b751-5004-4115-86ec-6dfba32aac1b", "value": "6889c7905df000b874bfc2d782512877", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309974", "to_ids": true, "type": "sha1", "uuid": "dbb3995a-20b5-401f-9eb6-0dd81bb1b2ef", "value": "b900930b296281cc7de63d0985d60ccf5d33c573", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309974", "to_ids": true, "type": "sha256", "uuid": "8eedfcdc-88c8-4828-a632-cacacba27f0c", "value": "57d24c000bed0720e97986a4584df8db9d250e55b6a372568fba500135446b77", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309438", "to_ids": true, "type": "ssdeep", "uuid": "15b8f751-c2a2-40e8-a04d-a83295448bce", "value": "6144:CwInGC7//4v1Qv1XyfWRRCDweNsVBB+/iDBWWfcsnYrA5TJOVC:tCGC7YvOwfuYXNsVBDqi/VcC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309438", "to_ids": false, "type": "size-in-bytes", "uuid": "0f59233a-396a-4dc2-8af5-e32ceef94d11", "value": "283888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309438", "to_ids": true, "type": "vhash", "uuid": "d785a6f1-f5f6-4f35-a280-10a5b9888a3b", "value": "c37418bb05f81f46103f18fdb396be39" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309439", "to_ids": true, "type": "filename", "uuid": "b40e37aa-cf94-4e06-8755-3e37312547e0", "value": "Azmin Ali sex video.docx" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309439", "to_ids": false, "type": "text", "uuid": "8c0a1b5b-b359-4fb9-8ee0-1897221485f5", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:39/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309976", "uuid": "9bb373a6-87a8-48c8-a4ed-3f3d03c7ed58", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309975", "to_ids": true, "type": "md5", "uuid": "2aad3217-8e09-48bf-8cfd-cbfa9202332a", "value": "7233ad2ba31d98ff5dd47db1b5a9fe7c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309976", "to_ids": true, "type": "sha1", "uuid": "ac194783-d2b2-459a-9a68-f45fd49ca3b1", "value": "df85c05acdd12867cdea979edebbe3d3d3e7792f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309976", "to_ids": true, "type": "sha256", "uuid": "86e24c46-fa19-48f7-af17-b2ac05674dbd", "value": "a96b6cc3baa612fbeece348418959f25b4eee729b82fb63f2d926ced06bed9ed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309460", "to_ids": true, "type": "ssdeep", "uuid": "ec06f74e-f49c-4147-bd94-f45e74d45aec", "value": "3072:8BfHikc5Svv13+vyGR0zwi0CedM2sS53E:8NHkIv1jGGUi0JLsS5U" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309460", "to_ids": false, "type": "size-in-bytes", "uuid": "9a99b949-7f50-491d-ac69-36dcde04efdb", "value": "120071" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309460", "to_ids": true, "type": "vhash", "uuid": "3c6c7a78-070a-4168-b6fa-fca8689353d9", "value": "ba8a8dcf308b74616714221e0d3b3a1e" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309460", "to_ids": true, "type": "filename", "uuid": "b6eb9aaf-69bf-40ad-90cf-5f0f2619f9fa", "value": "a96b6cc3baa612fbeece348418959f25b4eee729b82fb63f2d926ced06bed9ed.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 11/11/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309460", "to_ids": false, "type": "text", "uuid": "42923efd-588f-4a1e-913e-4553e28bf288", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Occamy.CFB\nVT Total Detection:42/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309978", "uuid": "6c02d449-4696-45df-92ea-3f8f2f4ff9f2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309977", "to_ids": true, "type": "md5", "uuid": "74ed7f1c-c82c-4e78-a4c5-5e53366ce592", "value": "89a81ea2b9ee9dd65d0a82b094099b43", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309977", "to_ids": true, "type": "sha1", "uuid": "ab207c18-d9fa-4c27-afeb-97104c3910a2", "value": "63b62282b6d6fb6ae268e591009d1237aa881476", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309978", "to_ids": true, "type": "sha256", "uuid": "a08e0f79-a6c3-4995-816d-9fd71b688f64", "value": "fb5a15f1d942aef98323dd8e5e490626d2b9333a3c9faefb26b2bfbfb928506b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309502", "to_ids": true, "type": "ssdeep", "uuid": "99830e25-d6be-4f5b-a502-72f31b06642f", "value": "1536:DL4xuaHyvxquw6j8CQbcpSsAO/0FnZQS0uBCtFz73P+NJdDI9sWozacdnrjXe28j:DbaHyAxw8CQbKSsAO/0fQS06NVn3V8h" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309502", "to_ids": false, "type": "size-in-bytes", "uuid": "ad6bceae-671d-4676-b94a-eedc697c414b", "value": "105984" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309502", "to_ids": true, "type": "vhash", "uuid": "d06a1066-2843-4962-9385-501460564ca2", "value": "115056655d15556az467z27z1015z7az1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309503", "to_ids": true, "type": "filename", "uuid": "4d8c83fb-fca8-45f4-a3af-1dc9233a85d9", "value": "fb5a15f1d942aef98323dd8e5e490626d2b9333a3c9faefb26b2bfbfb928506b_unpacked" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 09/11/2021", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309503", "to_ids": false, "type": "text", "uuid": "aef49544-d4be-488d-a02d-36f08a6d2e40", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Occamy.CFB\nVT Total Detection:46/68" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309979", "uuid": "f3d0e31a-5581-4260-b9da-6747c4ed9534", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309979", "to_ids": true, "type": "md5", "uuid": "bfdb7281-5c87-4c09-a787-a8db190bc0a2", "value": "cf94796a07b6082b9e348eef934de97a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309979", "to_ids": true, "type": "sha1", "uuid": "32909d75-3737-4931-acdd-e7fccbc437ac", "value": "959df609f9ccc89f6ab9814fa0f40fb7afa7c61e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309979", "to_ids": true, "type": "sha256", "uuid": "ae1bbbeb-fab3-42cd-adeb-a7adb61f0619", "value": "0f0f51d50dfb4912991537df670c158f8191e81c8280043c19fd6f40b3d78aed", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309524", "to_ids": true, "type": "ssdeep", "uuid": "887f9ae5-4cf4-4bac-af52-bcbcf3a69e30", "value": "3072:YhszUdVrVU1q56JaHUdNy+/EAqr0MDiNcLsFnfO76beMsVIqHyh:YXcJWUd4+Mrr42sNQyh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309524", "to_ids": false, "type": "size-in-bytes", "uuid": "ee75efb7-0446-41b0-adfb-ede1a07572c4", "value": "208568" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309524", "to_ids": true, "type": "vhash", "uuid": "2710adaa-2a0a-4176-834b-435a50960ee6", "value": "125046655d1560e8z58z47z1031z15zf6z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309524", "to_ids": true, "type": "filename", "uuid": "539cb97f-7664-4710-b992-8db504807c69", "value": "0f0f51d50dfb4912991537df670c158f8191e81c8280043c19fd6f40b3d78aed.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309524", "to_ids": false, "type": "text", "uuid": "dfe5d90b-3c83-4d92-aa76-9e232c6a7457", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:46/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309981", "uuid": "fc9b0c3c-3a90-4860-b47d-ff85f058392d", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309981", "to_ids": true, "type": "md5", "uuid": "202857dd-9fc4-4e81-917e-4f7ba1201a26", "value": "f744481a4c4a7c811ffc7dee3b58b1ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309981", "to_ids": true, "type": "sha1", "uuid": "5192179e-50fd-4768-8e04-e0ae0f1a6b7c", "value": "1cf5f9da84214937a164f2269086d4058a74a63a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309981", "to_ids": true, "type": "sha256", "uuid": "1c166c2b-9961-48ff-97a4-5e32d5c242e3", "value": "5d55ed5dce0c55046792ae05efc9c1d5aa48e775588a4c98ab0e323ce0b3955a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309545", "to_ids": true, "type": "ssdeep", "uuid": "23ab6f70-14f1-47b9-b98a-dcdd4882ef96", "value": "6144:J+v1/kyfWRRCDweNsVBB+/iDBWWfcsnYrA5TJOcGC7//4vy40Sao:J+NfuYXNsVBDqi/VHGC7YvF05o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309545", "to_ids": false, "type": "size-in-bytes", "uuid": "269a2ff0-566f-47ea-a552-f3f30a6f2117", "value": "302918" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309545", "to_ids": true, "type": "vhash", "uuid": "444b9825-0c23-4888-ae4f-185341c17467", "value": "95b142908adc49a9d7579bf4b303194b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309545", "to_ids": true, "type": "filename", "uuid": "baf8a75c-2bda-425c-9756-958def91f3f8", "value": "SENARAI JAWATANKUASA MPP 2018-2022_ROS.docx" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309545", "to_ids": false, "type": "text", "uuid": "0732ad61-c3b6-4f90-bb1d-a9a92e1f12ae", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:40/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309983", "uuid": "dcc26652-bb3b-4532-80dc-fd7c3a550ec4", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309982", "to_ids": true, "type": "md5", "uuid": "6e7d8137-1896-443e-828b-a0a19e7dd11a", "value": "ae342bf6b1bd0401a42aae374f961fc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309983", "to_ids": true, "type": "sha1", "uuid": "1de820f6-4547-4b37-ad99-f27d0a3b91f9", "value": "04b25c6f5f421d621e9d5391583654416ffd40e8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309983", "to_ids": true, "type": "sha256", "uuid": "9228c163-16a6-45e3-8c99-16cd4a6d27d6", "value": "ceb6e517caf3ce3b1335399352018953dee50b7ac6e06b436be8f1dccd351602", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309567", "to_ids": true, "type": "ssdeep", "uuid": "09de3c99-7175-4ce9-8e3d-1d4d396a15c6", "value": "3072:i9VW+wJbCy0m75pcOo6G9j19MW+CM9eMRSGJe8p/+OqXG9Ve4o:i9Q9ZTc0G9jzMW+CM9nRSNwq4o" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309567", "to_ids": false, "type": "size-in-bytes", "uuid": "754a09ec-95d9-476a-bed5-9dbc066318a3", "value": "158208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309567", "to_ids": true, "type": "vhash", "uuid": "b67b9c5b-57c0-46fe-996a-cb59c79e4856", "value": "fe43cc098163d8fb4f1b2b088de0949b" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309567", "to_ids": true, "type": "filename", "uuid": "09f8d8a4-6127-42ec-9aa2-53ab1734edc8", "value": "oleObject1.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309567", "to_ids": false, "type": "text", "uuid": "2243ae20-572b-4496-96e6-5c27adcc753b", "value": "Type Descriptio%WINDIR%\\Installer\n\nMicrosoft: TrojanDownloader:Win32/Upatre!ml\nVT Total Detection:33/63" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309984", "uuid": "fb3cdec6-9c51-4c88-bcca-dae498f98f7f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309984", "to_ids": true, "type": "md5", "uuid": "9f6e38eb-0abe-4398-92b7-c7a7ae9be854", "value": "5fe8dcdfe9e3c4e56e004b2eebf50ab3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309984", "to_ids": true, "type": "sha1", "uuid": "81c48437-d837-4b42-b375-7e18dbaad55f", "value": "86bee4ceee8f1def670f51f93797df4fab14f6fb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309984", "to_ids": true, "type": "sha256", "uuid": "0cb6727d-f149-4cf1-a775-6a9770b0d6e5", "value": "bac948d52dbee70174aabca573745028e1ef8f2eef65c46c220a445ee7a9329a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309588", "to_ids": true, "type": "ssdeep", "uuid": "45b241d6-0900-41c2-940b-2f03a3c105af", "value": "1536:snxEtjPOtioVjDGUU1qfDlaGGx+cL2QnASGafWpF3NRa2bxMcQvBBx:snxEtjPOtioVjDGUU1qfDlaGGx+cL2QH" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309588", "to_ids": false, "type": "size-in-bytes", "uuid": "dde2e8aa-78c5-40f9-93dc-880a13d2b8f7", "value": "77312" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309588", "to_ids": true, "type": "vhash", "uuid": "686974ab-8c6a-4737-b437-562f156fe929", "value": "a77e1238a9a9d89e39d8c7e012826d39" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309588", "to_ids": true, "type": "filename", "uuid": "f70ee343-ec3e-410f-8760-58d0cc794629", "value": "5fe8dcdfe9e3c4e56e004b2eebf50ab3.NP" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 24/12/2022", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309588", "to_ids": false, "type": "text", "uuid": "b595c579-36f5-4a87-87af-76bd5e9e2c8f", "value": "Type Description: MS Excel Spreadsheet\n\nMicrosoft: Trojan:Script/Wacatac.B!ml\nVT Total Detection:43/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309986", "uuid": "53a419ee-687c-4554-9d4e-89559c0d5c4b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309986", "to_ids": true, "type": "md5", "uuid": "5419f012-2e0e-40b5-adac-a7268271e52b", "value": "3cb38f7574e8ea97db53d3857830fcc4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309986", "to_ids": true, "type": "sha1", "uuid": "fac5b06c-0485-4237-82d2-8b4473103d74", "value": "b56b3ed1cdef4ca754b47ebd3c27b967da36f21e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309986", "to_ids": true, "type": "sha256", "uuid": "9d6aea2e-5576-4d1c-b1fb-377f50aaf027", "value": "4e90ad68383b8ab8d540f87f9cb6bdcb1e71c91e313d2933ed05aed083835fb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309609", "to_ids": true, "type": "ssdeep", "uuid": "4956cf1c-f50f-4af1-8a97-b869827b18e9", "value": "12288:f8/giZhgAmpJzzkIQCZ9pTYFSF0FY+eJeU2YABUaYZEWPW:qZhKpJz4I9C9eJvJrW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309609", "to_ids": false, "type": "size-in-bytes", "uuid": "f738ae84-1c5a-46f6-b37e-5cdc51d10f00", "value": "635348" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309609", "to_ids": true, "type": "vhash", "uuid": "a0b486b9-3bb9-4814-bf47-62164a50e2c0", "value": "64c9ba0a27c9624b25e06114d77f8a60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309609", "to_ids": true, "type": "filename", "uuid": "eafeb9ab-f613-4097-b160-a497158d47c0", "value": "4e90ad68383b8ab8d540f87f9cb6bdcb1e71c91e313d2933ed05aed083835fb9.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309609", "to_ids": false, "type": "text", "uuid": "ee2c5968-3ab9-441a-9aa5-e1e853a2eafc", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:O97M/Donoff!MSR\nVT Total Detection:24/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309988", "uuid": "086639bf-b8cc-4f17-95ec-b033ff61ee6b", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309987", "to_ids": true, "type": "md5", "uuid": "f173ba48-7746-43a8-9846-ce0cb1bd134e", "value": "3ca84fe6cec9bf2e2abac5a8f1e0a8d2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309987", "to_ids": true, "type": "sha1", "uuid": "8b128300-3335-40e9-b0d5-0104649e1a77", "value": "408697bb2bf02cbb95721f017ab1e5e4b136247e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309988", "to_ids": true, "type": "sha256", "uuid": "70978e4f-2878-4d61-8a68-b080395e9fd7", "value": "24bf66592aa12794505d2b970373ef32c8aa6ebb0905552acd3e49744c7e5c8b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309631", "to_ids": true, "type": "ssdeep", "uuid": "295ea4cb-2d2b-49bf-825e-39b75ea15ac7", "value": "12288:f8/giZhgAmpJzzkIQCZ9pTYFSF0FY+eJeU2YABUaYZEWPS:qZhKpJz4I9C9eJvJrS" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309631", "to_ids": false, "type": "size-in-bytes", "uuid": "9377242a-6f4d-4a7b-818e-67d6ada921e7", "value": "635347" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309631", "to_ids": true, "type": "vhash", "uuid": "d2ca609c-b5fc-4d90-bc97-f9acca6e03e0", "value": "64c9ba0a27c9624b25e06114d77f8a60" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309631", "to_ids": true, "type": "filename", "uuid": "0e80cb06-0f81-4341-8758-b41383841baf", "value": "24bf66592aa12794505d2b970373ef32c8aa6ebb0905552acd3e49744c7e5c8b.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 26/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309631", "to_ids": false, "type": "text", "uuid": "9dcebe03-ace7-4b9f-b478-92e12d68a981", "value": "Type Description: Office Open XML Document\n\nMicrosoft: None\nVT Total Detection:27/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309989", "uuid": "f57a5648-e9c2-4e7c-9964-c2da4fbfda35", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309989", "to_ids": true, "type": "md5", "uuid": "fee91784-65be-4e26-85c3-a26f56eccdc8", "value": "8a133a382499e08811dceadcbe07357e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309989", "to_ids": true, "type": "sha1", "uuid": "60ec464e-4d12-4c87-9fa3-90e1294d4e6e", "value": "319f16f96a01332d6798caaf238908dc12e786ef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309989", "to_ids": true, "type": "sha256", "uuid": "8ecd1e19-8db0-4b28-bfa4-36d9403a7959", "value": "fc7af68ce038b59bcdcee88e46c630036d98aeb6514580ebba0392c37114e57b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309652", "to_ids": true, "type": "ssdeep", "uuid": "6f224299-349c-412c-a2b3-6d0dd3225a38", "value": "3072:BLRLsYlGBh1/sHepQUPyYnLBg+tP+wq+DORw7Wpku:BWcG7xbGUPLvq+Dbsku" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309652", "to_ids": false, "type": "size-in-bytes", "uuid": "c839397c-6c4a-4378-af48-65e587373344", "value": "132096" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309652", "to_ids": true, "type": "vhash", "uuid": "b446d2fa-b3e2-4f6c-8ff1-2f8f96395cd4", "value": "115046655d156058z51nz1ez2" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309652", "to_ids": true, "type": "filename", "uuid": "1dad9d0b-1062-4a9d-bf99-a768b29fe9d6", "value": "iEUSqA3yTPYANV482fOeDu9CPqLtAV" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 02/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309652", "to_ids": false, "type": "text", "uuid": "9753955c-47ac-4fca-a7a6-6488c84f0aab", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Occamy.CFC\nVT Total Detection:54/72" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309991", "uuid": "7ccece6d-941f-45a4-8d84-7ff13d61f135", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309990", "to_ids": true, "type": "md5", "uuid": "00887fc9-c710-4c19-a1d5-ad3ca101d53f", "value": "fe1247780b31bbb9f54a65d3ba17058f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309990", "to_ids": true, "type": "sha1", "uuid": "49155f52-3bfb-4f3c-ab4b-f6b76c3b2553", "value": "7f8f4cfec755c34324d7f4f7a08296a6e09691d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309991", "to_ids": true, "type": "sha256", "uuid": "c7dc91da-b0cb-4b00-9fc3-7edcaf47de2b", "value": "ed86c10fa96755c0958e84efc66963d6cad72181052b315501dfde3fa89faae9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309674", "to_ids": true, "type": "ssdeep", "uuid": "e060da1c-c322-4f88-9c49-32d26add99fc", "value": "192:BoRyYCDvYjp0aXFAr724M+zkEgFuuvf4q:WyYUoByO4svf4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309674", "to_ids": false, "type": "size-in-bytes", "uuid": "bd79e2a6-05b0-4cce-a704-c06d0bba3566", "value": "12288" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309674", "to_ids": true, "type": "vhash", "uuid": "15124f27-d97f-4cef-ad26-0408d8e2f897", "value": "e7012dc653325ba7214771cfd0be56df" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309674", "to_ids": true, "type": "filename", "uuid": "5386eaf5-80da-4e3f-bfda-360802b481f6", "value": "vbaProject.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309674", "to_ids": false, "type": "text", "uuid": "16eef2b3-fcfb-49b3-901c-23ab8cafe45b", "value": "Type Description: MS Excel Spreadsheet\n\nMicrosoft: Trojan:O97M/Sadoca.C!ml\nVT Total Detection:37/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309992", "uuid": "3fea5ed3-f766-45cf-8103-637946547ccf", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309992", "to_ids": true, "type": "md5", "uuid": "e06eecce-88d8-4e65-9fe8-88243fe3f5e6", "value": "b427c7253451268ca97de38be04bf59a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309992", "to_ids": true, "type": "sha1", "uuid": "d6b31298-1585-4ee4-9c63-59c6adee2851", "value": "c56415d4da42b8bccf4e2c93333dbb9b7058db9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309992", "to_ids": true, "type": "sha256", "uuid": "4a606acc-5531-417e-bba4-1f9eb86a2754", "value": "d99d308027b57f14cb4a6100ef5460f353e708f93ee442e296b9613017e5e0f7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309695", "to_ids": true, "type": "ssdeep", "uuid": "3f3939d3-e809-47ff-b4d9-12e3fb754e00", "value": "6144:FqmofSDDPjUPnVBOZ0PUDzW2ojbixvdNWlCMue:FFTDaVODp9LWqe" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309695", "to_ids": false, "type": "size-in-bytes", "uuid": "7a52df01-e66b-4be7-93c9-00a224650db5", "value": "221184" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309695", "to_ids": true, "type": "vhash", "uuid": "b76fc7ff-3b24-45b2-8842-9b9ba6a3a156", "value": "125056655d15756018z44jz1iz1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309695", "to_ids": true, "type": "filename", "uuid": "b2bb1f44-d252-4b50-a373-0c2fd7f4ed7a", "value": "d99d308027b57f14cb4a6100ef5460f353e708f93ee442e296b9613017e5e0f7.sample" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309695", "to_ids": false, "type": "text", "uuid": "92d1d478-b485-4b48-b2c2-7a29a3c10c45", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Wacatac.B!ml\nVT Total Detection:45/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309994", "uuid": "6bb4fd81-36a9-4f11-b6f3-fd02e333f114", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309993", "to_ids": true, "type": "md5", "uuid": "994191f9-1bb9-4ae7-8a21-afe2c8bfb52a", "value": "4c89d5d8016581060d9781433cfb0bb5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309994", "to_ids": true, "type": "sha1", "uuid": "340f9cb4-a1b2-410e-a830-1bedec2a1e59", "value": "38b291cab4293906632f948d3ceb43ee10bab12e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309994", "to_ids": true, "type": "sha256", "uuid": "6f3b0a04-17c7-4c1c-a059-c3ac993d8a0d", "value": "d736646093708001e0c1ccd81bc7188f685316858c256e6d81dd69923459a9eb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309716", "to_ids": true, "type": "ssdeep", "uuid": "c6443427-6bec-4b82-9855-134977578a9d", "value": "6144:hPwQaQ+alTVVlc+e/U1G59aJlgyVAgEQoH9HIv15BIjVg27O/hZSKbgS6:GQcuBHTGUVoOAMCRIIV17Opdgt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309716", "to_ids": false, "type": "size-in-bytes", "uuid": "8060b30a-06f6-47ec-8fc1-6c8d727dc88c", "value": "444379" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309716", "to_ids": true, "type": "vhash", "uuid": "8200e19d-05f3-47ed-807e-b3fe708fc120", "value": "5b8d39dde9412f15864b103e12dbe343" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309716", "to_ids": true, "type": "filename", "uuid": "122b9c9b-ebb8-4b38-aabe-00e33f359d36", "value": "d736646093708001e0c1ccd81bc7188f685316858c256e6d81dd69923459a9eb.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309716", "to_ids": false, "type": "text", "uuid": "b986ec52-ff5f-49c1-bcdd-9c1423c2c928", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:35/66" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309995", "uuid": "60cce15d-3d37-44f6-bc0f-9c4b29894acb", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309995", "to_ids": true, "type": "md5", "uuid": "cc21cacb-54dd-486d-a567-75599bb5d8de", "value": "d81db8c4485f79b4b85226cab4f5b8f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309995", "to_ids": true, "type": "sha1", "uuid": "985e59aa-3255-478f-97b7-11aca0621481", "value": "ada57b7133df9d16a8f448307321365412695bb3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309995", "to_ids": true, "type": "sha256", "uuid": "ead9c648-cf75-4b79-99cb-590dcfcecfe7", "value": "fb99103259c36e2bc4900977a343a6d24f3d0ecd67cdbd19cd6314164bf09565", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309758", "to_ids": true, "type": "ssdeep", "uuid": "db2b441f-4e4f-42cb-b95f-c74b73c7ad41", "value": "3072:n0cBO+++d2jF+5jN8900+tK0kwrzKlwBT4vJyFbLFyJ5BdU/lH5EK+GNR2I8:LO+++YC5P0+WR0Q30/lZEKbNR2I8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309758", "to_ids": false, "type": "size-in-bytes", "uuid": "ff93a65c-48de-439a-b800-2bd9fb82dae8", "value": "174592" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309758", "to_ids": true, "type": "vhash", "uuid": "dd6d7919-b8b5-41b8-af5b-d760e808658e", "value": "115056655d15756018z46?z1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740309758", "to_ids": true, "type": "filename", "uuid": "2a54d169-837b-4a8b-9438-c5860fcabc5b", "value": "fb99103259c36e2bc4900977a343a6d24f3d0ecd67cdbd19cd6314164bf09565.dll" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 25/09/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309758", "to_ids": false, "type": "text", "uuid": "6b38604d-857b-4549-86a5-f7c6c519c652", "value": "Type Description: Win32 DLL\n\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:46/73" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740309997", "uuid": "ad9b5b00-5f7a-4497-966d-228c254dc9a5", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740309996", "to_ids": true, "type": "md5", "uuid": "f9f2476d-3d53-40c6-a913-bd7c430979fa", "value": "a559e60a8ab5ba8e585aea0589301175", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740309997", "to_ids": true, "type": "sha1", "uuid": "8deb9489-3aeb-44a7-8fc5-f3ea0fc7df93", "value": "883ba978f550ae372855fcb0adc5bcaf7479e800", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740309997", "to_ids": true, "type": "sha256", "uuid": "980991d2-bcba-4a0a-9e5b-337a48974b2b", "value": "f0991f8716e5df23350b6d5505bb71c072ba3b9e71803e235ffa428a53addb1a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740309780", "to_ids": true, "type": "ssdeep", "uuid": "b9953c1a-4598-4e12-99b1-a5d877250b35", "value": "3072:XqqJP6rQYUeyD8OS2Kem/9m5y+I5sOn96ZU8wJo/uk6ziv13dvb:XDJcfU/Dgo57n7Ua/2ziv1Nz" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740309780", "to_ids": false, "type": "size-in-bytes", "uuid": "e3d019f0-3e0d-4c27-9eb4-6fe4077f602b", "value": "162953" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740309780", "to_ids": true, "type": "vhash", "uuid": "03ab4cca-8c62-4198-8ad2-2eaf49591e8e", "value": "64010057c476b5e99dcb035ff275a760" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/02/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740309780", "to_ids": false, "type": "text", "uuid": "860b9ae6-e822-4449-8b7a-deb513d6ef3a", "value": "Type Description: Office Open XML Document\n\nMicrosoft: Trojan:Win32/Occamy.CFC\nVT Total Detection:47/72" } ] } ] } }