{ "Event": { "analysis": "2", "date": "2015-05-21", "extends_uuid": "55e34dbc-1e1c-48f7-b63d-68e857eaa3c0", "info": "[Threat Intel] The Naikon APT and the MsnMM Campaigns", "protected": false, "publish_timestamp": "1780039803", "published": true, "threat_level_id": "1", "timestamp": "1772901975", "uuid": "b9a7be01-7675-4afe-ab8a-4c6abedf7df2", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Laos\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#b03f2c", "local": false, "name": "misp-galaxy:target-information=\"Myanmar\"", "relationship_type": "" }, { "colour": "#fa487c", "local": false, "name": "misp-galaxy:target-information=\"Philippines\"", "relationship_type": "" }, { "colour": "#7dbb86", "local": false, "name": "misp-galaxy:target-information=\"Singapore\"", "relationship_type": "" }, { "colour": "#1b8479", "local": false, "name": "misp-galaxy:target-information=\"Vietnam\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Naikon\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"SslMM\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Sys10\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"WinMM\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"xsPlus\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740366297", "to_ids": false, "type": "link", "uuid": "4e884bdb-1ba1-48c2-b262-1fa7c95974d2", "value": "https://securelist.com/the-naikon-apt-and-the-msnmm-campaigns/70029/" }, { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin No sample in VT\r\nLast check:06/05/2025", "deleted": false, "disable_correlation": false, "timestamp": "1746499569", "to_ids": true, "type": "md5", "uuid": "7571dcfa-bf79-4344-939e-0820c66bad8b", "value": "d0fba5db608ac8f5a3d05a71ceb0eca1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499697", "to_ids": true, "type": "hostname", "uuid": "36a1c785-7cb0-429f-ba05-2f0f82dd769d", "value": "ahzx.eicp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499718", "to_ids": true, "type": "hostname", "uuid": "296bead8-ce2b-45ac-9ca1-1d968285ace5", "value": "bkav.imshop.in", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499739", "to_ids": true, "type": "hostname", "uuid": "bd52f843-b98a-4999-8ccc-50aa99ad6c3e", "value": "googlemm.vicp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499760", "to_ids": true, "type": "hostname", "uuid": "2398710c-2922-4af5-a7cf-1d5c8940d18f", "value": "mncgn.51vip.biz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499781", "to_ids": true, "type": "hostname", "uuid": "e6f84ca4-75e8-45f1-be11-6a3afdfe8e5d", "value": "myanmartech.vicp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499803", "to_ids": true, "type": "hostname", "uuid": "8ea1dbef-ccd7-4ef8-8753-2999dd8871e7", "value": "thailand.vicp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499824", "to_ids": true, "type": "hostname", "uuid": "d72bc164-7f16-4eb9-9a21-410b92575c52", "value": "ubaoyouxiang.gicp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1746499845", "to_ids": true, "type": "hostname", "uuid": "e937c8ba-a99d-4898-8d14-6d06739966ea", "value": "vietnam.gnway.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740366653", "to_ids": false, "type": "link", "uuid": "f0e69c2d-a8e0-4469-8a0c-ab1086ba6f20", "value": "https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07205555/TheNaikonAPT-MsnMM1.pdf" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499866", "uuid": "35a99a2b-4870-4afd-bc47-fd4aefb59326", "Attribute": [ { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499866", "to_ids": true, "type": "md5", "uuid": "b785019e-8365-4e17-ab58-a175343dc5ec", "value": "469ca0c73398903908babcad14300d8d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499117", "to_ids": true, "type": "sha1", "uuid": "a1f8ad8b-f17a-4f56-a1dc-42b0381cbc6b", "value": "c708250cfe4730a2a0e9bf30f168495a791e299a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499117", "to_ids": true, "type": "sha256", "uuid": "2caf300d-2a70-4551-8ab9-79bc836f6826", "value": "efbdb14f38c20c55e32cd98e4b2fdf197709581581d31fac683aabbf361df5f3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499117", "to_ids": true, "type": "ssdeep", "uuid": "3758c749-8f1e-4d4a-9f52-8aa922c87768", "value": "768:Zj7QYHq7wEc179Vaz6Fo0zkCkk5yk15O78ETeXGwrvAcmK4UwXgxsUsvKJ:ZtK01ZHz6kfQEo/RncVsw" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499117", "to_ids": false, "type": "size-in-bytes", "uuid": "d2119b4a-5e4e-497a-b8ff-4a4db2039f87", "value": "90112" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499117", "to_ids": true, "type": "vhash", "uuid": "7089c53a-98d6-4ddb-aba8-72eec8a3de3a", "value": "094046655d151063za01004f1z23z31z18z165zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499117", "to_ids": true, "type": "filename", "uuid": "4c7e2800-ec7d-4de1-9804-1ee3adefdb31", "value": "c708250cfe4730a2a0e9bf30f168495a791e299a.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499117", "to_ids": false, "type": "text", "uuid": "10e600fd-cf3e-4054-98d3-73a8b4afcff1", "value": "SslMM\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.A!dha\nVT Total Detection:61/73\nFirst Submission:2014-02-08T19:43:27.000000+00:00\nLast Submission:2025-03-13T08:17:16.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499887", "uuid": "4ae792fe-70f2-4c46-bd2b-edd2678a250b", "Attribute": [ { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499887", "to_ids": true, "type": "md5", "uuid": "0b73cb5b-e4f3-440d-aea7-a8366d21fb34", "value": "95c4a236faa65b75dbb0076d8248584c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499139", "to_ids": true, "type": "sha1", "uuid": "4736beba-0308-43ae-96e1-ab973d5d9120", "value": "512843611bda5faf0db68c9dc99b1f001a67fd0a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "SslMM", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499139", "to_ids": true, "type": "sha256", "uuid": "9af5144d-8186-402a-b256-dc543a3093e4", "value": "2eb5a95f7dacab71fa863e0b08cfc790fea84fa1dd93cd00453c343eec54e2ee", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499139", "to_ids": true, "type": "ssdeep", "uuid": "bcb441b5-6571-4997-a6ee-9196e4792b9c", "value": "768:9rk6Cyi2GfXHuXGOmm4zEeqFDuZ/632A8crmH5awzqiqMYikYzDL5fJm/+/oSzCd:ijzHcqZSrHwzqNIzq2/PGwu5/a3wso" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499139", "to_ids": false, "type": "size-in-bytes", "uuid": "c86e0788-cf8d-4df8-af6a-4f96e6ab9378", "value": "94208" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499139", "to_ids": true, "type": "vhash", "uuid": "c77d0b45-0c33-4883-9bbc-dc0f63816e9a", "value": "094046655d151093za0100531z23z31z38z165zf7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499139", "to_ids": true, "type": "filename", "uuid": "02e9fe6f-f7cb-4806-8a3e-4aa47cd4c622", "value": "512843611bda5faf0db68c9dc99b1f001a67fd0a.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 03/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499139", "to_ids": false, "type": "text", "uuid": "8336e2ae-79c9-4e7b-b622-abed03ebfbd2", "value": "SslMM\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.A!dha\nVT Total Detection:61/73\nFirst Submission:2013-10-29T11:52:06.000000+00:00\nLast Submission:2025-03-13T08:24:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499908", "uuid": "8aaa52f3-2f83-4138-a705-33b193afae44", "Attribute": [ { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499908", "to_ids": true, "type": "md5", "uuid": "c797464a-65d7-4ce6-be38-f67b3c718333", "value": "c8c81cca4645e71213f2310cec6c277d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499161", "to_ids": true, "type": "sha1", "uuid": "8ecebf71-8376-4c5e-bd38-275ef445b114", "value": "ca6c730a2cf9897e76098bbb875fffc75332a58e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499161", "to_ids": true, "type": "sha256", "uuid": "8b2923bf-c838-4a77-baa5-40dcbcbd5b0e", "value": "194ca0618535226b28096586ed3a978e3b434e6ca7837ab91b59737a5eeaf594", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499160", "to_ids": true, "type": "ssdeep", "uuid": "1c0054ec-d24c-4aeb-be37-e71da4f3fa82", "value": "1536:6HgJsPHDNP4UlkAzb5SXFTEnNSesMHTyvYYfZ3mMUg8/C+sqT0zu:6HgJsTC2PPGv19mF/Xswou" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499160", "to_ids": false, "type": "size-in-bytes", "uuid": "1ca20356-a34d-4d2c-8a9a-f092e5e760d9", "value": "115712" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499160", "to_ids": true, "type": "vhash", "uuid": "f09a0291-f5e8-430b-bc72-87e407cb8af4", "value": "015046655d15107012z1800711z23z3cz581zbbz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499160", "to_ids": true, "type": "filename", "uuid": "1d1907f4-1655-4f2a-a087-5a97b123635e", "value": "Yahoo.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499160", "to_ids": false, "type": "text", "uuid": "39d7f96a-270f-4806-a92e-a5f9a5dc8695", "value": "WinMM\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Minjat.A\nVT Total Detection:58/73\nFirst Submission:2013-05-16T12:53:47.000000+00:00\nLast Submission:2025-03-13T08:13:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499929", "uuid": "deda0783-8f77-445f-a888-043290b6e050", "Attribute": [ { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499929", "to_ids": true, "type": "md5", "uuid": "6aa2c804-8982-45bf-aa5c-49b6ad287345", "value": "45a99f60654f22b671aec980687d0f15", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499182", "to_ids": true, "type": "sha1", "uuid": "29fc296a-070c-412b-b92e-9a2807c60c27", "value": "455fdb4b3374cfaba668f7f65f42f80da6c8331a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WinMM", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499182", "to_ids": true, "type": "sha256", "uuid": "f8e16287-15b4-4cbb-94fe-e512858bad1f", "value": "34f3dcf6c1794451fe92afa917deb6e34480c261fde7339212a80e01e66d8425", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499182", "to_ids": true, "type": "ssdeep", "uuid": "2bbd8156-641f-4b37-9303-64eeeb93fa42", "value": "3072:lK3bY9K9UDeWKIJIuBf6MV/agnnsnlhw3+7JQ8RLaQ:Y9UqXgIutx/AhpxaQ" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499182", "to_ids": false, "type": "size-in-bytes", "uuid": "6afa7dac-792b-4f69-8ea5-9f9187f92fe3", "value": "142839" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499182", "to_ids": true, "type": "vhash", "uuid": "4d3f994c-cf2b-4f0b-a81c-578ac69a4fef", "value": "015046655d15107012z1800761z23z2cz591zbbz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499182", "to_ids": true, "type": "filename", "uuid": "617fe118-9030-43a3-9fd4-bcbb30e30bfb", "value": "Yahoo.exe" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499182", "to_ids": false, "type": "text", "uuid": "b03ea01a-74f8-49a7-8038-7fd5b91f4d3a", "value": "WinMM\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Minjat.A\nVT Total Detection:62/72\nFirst Submission:2014-03-07T21:50:24.000000+00:00\nLast Submission:2025-03-13T07:44:17.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499950", "uuid": "5fa08281-d5af-480d-ae34-993296e0bc36", "Attribute": [ { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499950", "to_ids": true, "type": "md5", "uuid": "eb3f3b87-b059-4f6d-bedb-f22da9474bd3", "value": "9883abc829870478ce6f3cfddbcbbaf2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499205", "to_ids": true, "type": "sha1", "uuid": "aed89562-b72b-4dd8-90c7-810aff3978ac", "value": "cafa255005f4c868985b08e31eb23c4a07a5949c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499205", "to_ids": true, "type": "sha256", "uuid": "8646c858-3299-478e-b22e-7ce1d45722e2", "value": "b6482fc37393586dc0864edadd38204a80e4f50da200956b3b74ce8ab16e5b81", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499204", "to_ids": true, "type": "ssdeep", "uuid": "69006e01-6fdf-4ff9-92b4-f00e33235cde", "value": "1536:Ln4VnCIkCAS9GiW8IEDbReZwkAQx0rgqrXrQUAkkP4vNR7Ck5c2:oCIkCAScXI8+0wXKr4vNR7Ck5c2" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499204", "to_ids": false, "type": "size-in-bytes", "uuid": "dc1adee9-b61b-4170-b0d6-1b6388775262", "value": "95744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499204", "to_ids": true, "type": "vhash", "uuid": "fecfcc2a-a4eb-440b-b58f-1181d93bf103", "value": "094046655d151095z100681z13z3cz121zbbz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499204", "to_ids": true, "type": "filename", "uuid": "5ab74bd4-9b30-4cc7-9361-842b13da5727", "value": "cafa255005f4c868985b08e31eb23c4a07a5949c.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499204", "to_ids": false, "type": "text", "uuid": "99f5568f-45d8-4fdf-a5bc-427678eabfbc", "value": "WininetMM/Sakto\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.C!dha\nVT Total Detection:53/73\nFirst Submission:2015-04-02T02:34:42.000000+00:00\nLast Submission:2025-03-13T08:29:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499971", "uuid": "945924db-6784-44f3-82a5-101ba8a196cb", "Attribute": [ { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499971", "to_ids": true, "type": "md5", "uuid": "d824cb4a-3f4c-4052-9452-e8317caf607c", "value": "a5721c5e7f2b49df82595819b5a49c0c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499227", "to_ids": true, "type": "sha1", "uuid": "c478506f-6798-453a-b96b-dc8f5cb12380", "value": "e55bdeebabfe76582d07020fd925847307c7929e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "WininetMM/Sakto", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499227", "to_ids": true, "type": "sha256", "uuid": "645d8d1d-3e71-4e91-8b2d-056b087f92ef", "value": "330c29af248396ba8728e26725f676d1340471df8198dd2b71b23446c79d30fd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499227", "to_ids": true, "type": "ssdeep", "uuid": "eb284507-0c20-4abe-9c2d-0c2ddd576f6e", "value": "1536:iOgfCkkQFMYtgYOQKeBiRehS2JpFnbcrtuok81fMpB5XG:1aCkkkMYOdCTosy1fMpB5XG" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499227", "to_ids": false, "type": "size-in-bytes", "uuid": "a06f737a-a001-4686-843d-e9e43ea473e9", "value": "95744" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499227", "to_ids": true, "type": "vhash", "uuid": "c1f6e9ab-f8be-41fb-95d6-15549cbbd07e", "value": "094046655d151095z100681z13z3cz121zbbz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499227", "to_ids": true, "type": "filename", "uuid": "2a12f1ea-5c05-4da8-8e59-364021c7c0b4", "value": "e55bdeebabfe76582d07020fd925847307c7929e.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499227", "to_ids": false, "type": "text", "uuid": "e5e1b777-2afb-4637-a565-ea6a8a608e3d", "value": "WininetMM/Sakto\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.C!dha\nVT Total Detection:59/73\nFirst Submission:2015-04-06T18:32:12.000000+00:00\nLast Submission:2025-03-13T07:41:43.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746499992", "uuid": "b970a90a-fc72-453e-88fd-27826e7d9f49", "Attribute": [ { "category": "Payload delivery", "comment": "Injectv1/InjectResource", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746499992", "to_ids": true, "type": "md5", "uuid": "4a680b73-0b99-47f5-8e25-fb374de1a122", "value": "5c04904a50f0285851fb7292c13858ec", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Injectv1/InjectResource", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499252", "to_ids": true, "type": "sha1", "uuid": "2e6e31bf-a52d-4c2d-9c58-b0ab14ab0b30", "value": "472443736bba56e9648633913cbc225151c77421", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Injectv1/InjectResource", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499252", "to_ids": true, "type": "sha256", "uuid": "fa0613e0-2d94-42c2-a294-d31ad2810284", "value": "da3a16c34481618b79720660dc69c85fdf41ab935755f9078f55c82335e4243c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499252", "to_ids": true, "type": "ssdeep", "uuid": "b9c8a480-dee6-43d1-87d3-e3e539375973", "value": "3072:Nve/1tTfYKsqKZEEE2AxgklP2Tq4F7pdursmGz3:9e91gAEE2AikA7pgrA" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499252", "to_ids": false, "type": "size-in-bytes", "uuid": "a100a57d-1853-4be7-9e52-6c5cc329bbb3", "value": "155648" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499252", "to_ids": true, "type": "vhash", "uuid": "946edf3e-471b-4727-a126-9e4b81e6a101", "value": "015046655d551az42bz39zcfz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499252", "to_ids": true, "type": "filename", "uuid": "d76261d3-3070-422b-a636-d75ada5642a5", "value": "472443736bba56e9648633913cbc225151c77421.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499252", "to_ids": false, "type": "text", "uuid": "6ac80188-8e7b-449a-8a20-9a299de5d6a2", "value": "Injectv1/InjectResource\r\nType Description: Win32 EXE\nMicrosoft: PWS:Win32/Zbot!ml\nVT Total Detection:58/73\nFirst Submission:2013-08-28T05:34:21.000000+00:00\nLast Submission:2025-03-13T08:09:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500013", "uuid": "b8aef033-0353-43e6-af57-8721e53245d6", "Attribute": [ { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500013", "to_ids": true, "type": "md5", "uuid": "e1425667-3a67-4d64-883d-5143e3905c85", "value": "6a82c153bd370250cc2fed89f1bb5c91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499274", "to_ids": true, "type": "sha1", "uuid": "e94f89e4-1a42-4fb0-8d04-626770ffa12d", "value": "9d9a271b6573bfb572c5db7df98f102caf55c307", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499275", "to_ids": true, "type": "sha256", "uuid": "79605f50-6d38-4854-9b80-5990ed0c6d37", "value": "b1737d935877af89a56b64823fda0a4c884a6b9032dbc2c5f49b512c63c19c35", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499274", "to_ids": true, "type": "ssdeep", "uuid": "80b19044-2cf9-4bd9-97c8-c9b83e92c12a", "value": "768:qQwS564BnNe79gCgcKFREKJyyCzzldSbX3JdflWKYx1e6q1xmmGnfIhWi75bpC4H:F5LNN5RTJyyCzQdOeFPmnghs7sT" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499274", "to_ids": false, "type": "size-in-bytes", "uuid": "5911d4b0-d339-44ad-9fe2-a7b89c78545c", "value": "69632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499274", "to_ids": true, "type": "vhash", "uuid": "b2f98a7d-1f9c-410c-8ffc-270f9ace12f9", "value": "064046651d1510a3z82z4702023z21z28z16zd7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499274", "to_ids": true, "type": "filename", "uuid": "83b52d7e-6f8b-4385-a281-0264f085e48a", "value": "9d9a271b6573bfb572c5db7df98f102caf55c307.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499274", "to_ids": false, "type": "text", "uuid": "7721c086-7cc1-41da-a413-e48b252a1977", "value": "Exe_Exchange\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Tiggre!rfn\nVT Total Detection:61/73\nFirst Submission:2012-11-14T03:02:21.000000+00:00\nLast Submission:2025-03-13T07:47:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500034", "uuid": "bfd4b2ba-545f-42fd-9ff8-9c874fefe43b", "Attribute": [ { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500034", "to_ids": true, "type": "md5", "uuid": "6d73e782-f231-45f2-9099-37eec6dc122b", "value": "48fb78e8ba531505e246760c0d02d6b0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499298", "to_ids": true, "type": "sha1", "uuid": "0d465627-1177-44d6-9c51-94e2ee75e7a0", "value": "a41a63ffaabd7eef1912ed99673781bb5b69e6f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Exe_Exchange", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499298", "to_ids": true, "type": "sha256", "uuid": "e3bf1c6a-ba68-45d4-8e32-f0285635d977", "value": "e6f368420f8a97d7bd2c89818c262c53e3b4b0aba2903c3f264b86fc0816f442", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499297", "to_ids": true, "type": "ssdeep", "uuid": "94e1cbaa-f425-4904-8e4c-315f4509a796", "value": "768:q04S560BTNe79gCgcKl1ESJyymzzRdufPTdRf1uG0+GE6Typ16um/XIlKu75bpC4:R5DNNZ17JyymzsRFt+y36Pkxs7sb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499297", "to_ids": false, "type": "size-in-bytes", "uuid": "bd11a674-804c-40d7-a867-1932dc673b75", "value": "69632" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499297", "to_ids": true, "type": "vhash", "uuid": "f289cf09-b4d2-4c83-828e-e8000bf2f37e", "value": "064046651d1510a3z82z4702023z21z28z16zd7z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499297", "to_ids": true, "type": "filename", "uuid": "35e33616-d8d1-4f55-94b5-2d97c3e76981", "value": "a41a63ffaabd7eef1912ed99673781bb5b69e6f1.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499297", "to_ids": false, "type": "text", "uuid": "db25f6f3-f012-4ba8-8a7f-7b61abe9199a", "value": "Exe_Exchange\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Urausy!rfn\nVT Total Detection:56/73\nFirst Submission:2013-10-19T01:13:07.000000+00:00\nLast Submission:2025-03-13T08:20:47.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500055", "uuid": "692ca90f-c16d-42ce-9cf3-4dc941c86646", "Attribute": [ { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500055", "to_ids": true, "type": "md5", "uuid": "c14b7ade-507d-40aa-b6c3-cc7790e5898b", "value": "c58df5892700ac3f467524f86bf325c0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499319", "to_ids": true, "type": "sha1", "uuid": "be6fecff-7fa8-4ef1-85e8-31fbcddcc0db", "value": "9a65543de2b00a4801b6af8d41549d28fa572142", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499319", "to_ids": true, "type": "sha256", "uuid": "3af8788d-2389-4db5-9b8d-8d0f4ee4a937", "value": "801a2d0e09076f42d93692efca7b67028f17604ae9330c186dad8c21d2ec1d0d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499319", "to_ids": true, "type": "ssdeep", "uuid": "25f8ee41-cf5e-4468-85ed-28cdb28842a2", "value": "3072:B4E22kKoeda2oTlZd2zFTHPrvEFStCaXTjgRQ5nfm:B4E22kFRbEVrRXTjxm" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499319", "to_ids": false, "type": "size-in-bytes", "uuid": "8e06a143-5f9c-4294-a8fc-9843dd76af98", "value": "119296" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499319", "to_ids": true, "type": "vhash", "uuid": "341c4e45-e2fa-445f-8eea-4509ad6eaeed", "value": "015046655d155088z6c1z23z39z11z21zb1z37z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499319", "to_ids": true, "type": "filename", "uuid": "d0f9378f-40bc-4abc-9def-c316a30ff181", "value": "9a65543de2b00a4801b6af8d41549d28fa572142.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 16/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499319", "to_ids": false, "type": "text", "uuid": "197756c1-859f-493e-952d-bebab186c62e", "value": "Sys10\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.B!dha\nVT Total Detection:60/73\nFirst Submission:2013-03-07T04:39:34.000000+00:00\nLast Submission:2025-03-13T07:50:55.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500076", "uuid": "b65c870f-6fa8-4330-88f3-9e111587cfbe", "Attribute": [ { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500076", "to_ids": true, "type": "md5", "uuid": "879921d8-4151-423d-a90f-80837e2f0ba1", "value": "33d388c6e841ede3920f79516b5da032", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499341", "to_ids": true, "type": "sha1", "uuid": "1e232a03-8ef4-4af4-96f2-a03346e6be57", "value": "8edd72a48edf5992979d29bcfd1d809e7f43fc6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Sys10", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499341", "to_ids": true, "type": "sha256", "uuid": "bca3d88f-9397-4d6d-a7ce-3815b9cc1150", "value": "afe3dd68bded405ca63ed83c711f0b3c4f5718706afc0beec60114fc80491e6a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499340", "to_ids": true, "type": "ssdeep", "uuid": "886158f3-bdd8-4952-9c03-73dbc2711ad9", "value": "3072:YHZR+u8T26T7nGgRIve1tEUyN7cx7DNH4EUAbdQo2p:+XZ8yWGgRIxCHdUcd" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499340", "to_ids": false, "type": "size-in-bytes", "uuid": "cd997fe4-2d34-429a-b7cf-72a69ebb0afb", "value": "114688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499340", "to_ids": true, "type": "vhash", "uuid": "5d8f581e-c749-4873-8835-72cd28cab202", "value": "015036651d1088z5a1z23z39z11z21zb1z37z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499340", "to_ids": true, "type": "filename", "uuid": "f1443b87-5bb7-42fb-8981-6d7ab6f42d07", "value": "8edd72a48edf5992979d29bcfd1d809e7f43fc6e.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499340", "to_ids": false, "type": "text", "uuid": "0f308afd-195e-4432-afca-7cf970f54b6d", "value": "Sys10\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Sacto.B!dha\nVT Total Detection:55/73\nFirst Submission:2013-05-05T17:30:25.000000+00:00\nLast Submission:2025-03-13T08:10:26.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500098", "uuid": "c1cd6df4-b19f-4f61-8435-edbf3b2b16b0", "Attribute": [ { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500098", "to_ids": true, "type": "md5", "uuid": "884d5b1c-02e2-400c-9820-b577155291ff", "value": "d86106faaa398b8d83437176bf5e39c4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499362", "to_ids": true, "type": "sha1", "uuid": "15f8b0cd-117b-4ba3-beba-ff65709225a3", "value": "5d3ba7d0ce20c07e6cf6b272a3a8d8f05f29c27c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499362", "to_ids": true, "type": "sha256", "uuid": "057c6ba5-1e46-406c-a72f-3ab7134bb1c0", "value": "33ed25eb18058a7f21958941c44d8e31db517fe281ec46e391d2b2ffafb7f1e3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499362", "to_ids": true, "type": "ssdeep", "uuid": "3c726130-0b1b-4a81-b45c-30dbc8954493", "value": "3072:ZEJktGsOm+rKjweRGrZE0dzvr2HEWMGS5dRbwItzSBWQG+NhGor5dJ:um+xZEAAEWMGSlbwhBtX7H" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499362", "to_ids": false, "type": "size-in-bytes", "uuid": "6283806f-7194-4770-8522-aa5df3abb0fa", "value": "281624" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499362", "to_ids": true, "type": "vhash", "uuid": "15ab60ec-270d-475a-a16a-6b1279a0cdc3", "value": "025046651d155az3chz2lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499362", "to_ids": true, "type": "filename", "uuid": "43af8a3e-ca6c-44e5-bbdc-0a7ad0368762", "value": "5d3ba7d0ce20c07e6cf6b272a3a8d8f05f29c27c.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 14/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499362", "to_ids": false, "type": "text", "uuid": "b9cd9c41-6c75-422a-8ce1-8119759b39db", "value": "xsPlus (nokian) and plugin\r\nType Description: Win32 EXE\nMicrosoft: TrojanDownloader:Win32/Cordmix.A\nVT Total Detection:57/73\nFirst Submission:2012-09-12T05:12:23.000000+00:00\nLast Submission:2025-03-13T08:29:09.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1746500119", "uuid": "5aea3906-f3c0-41b4-9123-4f2a595afb11", "Attribute": [ { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1746500119", "to_ids": true, "type": "md5", "uuid": "ad2fe915-16dd-4cb8-a79e-531dc36bb347", "value": "041436594c1ce9e99c569fb7402fe0c7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1746499386", "to_ids": true, "type": "sha1", "uuid": "a9ea4c58-6b79-4fe3-85aa-13fedadeee41", "value": "dbae71c68407a50e6981d5929634e3e6044066ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "xsPlus (nokian) and plugin", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1746499386", "to_ids": true, "type": "sha256", "uuid": "eccddc20-44dc-458c-9404-c52d19e2bf98", "value": "bff06d770eec594c363a217effbe2ea4e8a618b7ef95da1100e5aef9c847403f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1746499385", "to_ids": true, "type": "ssdeep", "uuid": "7dcbf543-8094-4a77-bb84-d193fef3d00a", "value": "6144:eXXXylZSbVh0xkjhR8umYrAbolOHRI41:Sili0mnvmYrAwWI4" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1746499385", "to_ids": false, "type": "size-in-bytes", "uuid": "8b4195b3-8b4d-4be5-b9fc-d2d9fc5d928d", "value": "293215" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1746499385", "to_ids": true, "type": "vhash", "uuid": "1602db23-236c-4d69-b716-88c7292f282a", "value": "025046651d155az3chz2lz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1746499385", "to_ids": true, "type": "filename", "uuid": "ea1448e9-f23c-44f4-b31d-57c516002c55", "value": "dbae71c68407a50e6981d5929634e3e6044066ff.codex" }, { "category": "Other", "comment": "Checked: 06/05/2025\nLast-scan\t: 13/03/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1746499385", "to_ids": false, "type": "text", "uuid": "829451ec-c33c-43e6-b7ec-1040d54adf9a", "value": "xsPlus (nokian) and plugin\r\nType Description: Win32 EXE\nMicrosoft: Backdoor:Win32/Frintorc\nVT Total Detection:57/73\nFirst Submission:2013-10-27T07:59:34.000000+00:00\nLast Submission:2025-03-13T07:52:54.000000+00:00" } ] } ] } }