{ "Event": { "analysis": "2", "date": "2023-08-08", "extends_uuid": "", "info": "[Threat Intel] RedHotel: A Prolific, Chinese State-Sponsored Group Operating at a Global Scale", "protected": false, "publish_timestamp": "1780382523", "published": true, "threat_level_id": "1", "timestamp": "1780382523", "uuid": "cdc792d9-86a4-4f7c-8ac2-e0ab2a37d5cd", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#bf83fd", "local": false, "name": "misp-galaxy:producer=\"Recorded Future\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Earth Lusca\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#10003d", "local": false, "name": "rectifyq:sub-category=\"TA-profile\"", "relationship_type": "" }, { "colour": "#f1dfed", "local": false, "name": "rectifyq:TA-category=\"State-Sponsored\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-original-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Brute Ratel C4\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Cobalt Strike\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"FunnySwitch\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Spyder\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Winnti (Windows)\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Code Signing - T1553.002\"", "relationship_type": "" }, { "colour": "#e72d65", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1574.001\"", "relationship_type": "" }, { "colour": "#a92e1c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"", "relationship_type": "" }, { "colour": "#82eae0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Domains - T1583.001\"", "relationship_type": "" }, { "colour": "#a9f8b1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over C2 Channel - T1041\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#280b0e", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Proxy - T1090.002\"", "relationship_type": "" }, { "colour": "#eadc12", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Match Legitimate Name or Location - T1036.005\"", "relationship_type": "" }, { "colour": "#e08bb2", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"", "relationship_type": "" }, { "colour": "#b76d96", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1547.001\"", "relationship_type": "" }, { "colour": "#705cef", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053.005\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Server - T1584.004\"", "relationship_type": "" }, { "colour": "#5539fe", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1566.001\"", "relationship_type": "" }, { "colour": "#91649a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Virtual Private Server - T1583.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Vulnerability Scanning - T1595.002\"", "relationship_type": "" }, { "colour": "#92e858", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Protocols - T1071.001\"", "relationship_type": "" }, { "colour": "#fe1ef0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Web Shell - T1505.003\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"PlugX\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"ShadowPad\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"reGeorg\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788290", "to_ids": false, "type": "link", "uuid": "71ddc634-7687-4787-be5d-c6b54141d45e", "value": "https://www.recordedfuture.com/research/redhotel-a-prolific-chinese-state-sponsored-group-operating-at-a-global-scale" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788315", "to_ids": false, "type": "link", "uuid": "65e9b3e2-5346-481a-aeeb-35a606fde07f", "value": "https://go.recordedfuture.com/hubfs/reports/cta-2023-0808.pdf" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026435", "to_ids": true, "type": "domain", "uuid": "1b7b706e-73e6-4ad8-82d8-926ae64193af", "value": "dga.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026456", "to_ids": true, "type": "hostname", "uuid": "b6fe69ca-22e9-41b6-b385-f267751cb3ba", "value": "kb.dga.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026477", "to_ids": true, "type": "hostname", "uuid": "ad61f551-6bc2-4e7a-84cb-82919b808e50", "value": "video.dga.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026498", "to_ids": true, "type": "hostname", "uuid": "80208cfe-ba54-4407-b6b3-f9e061a54752", "value": "sc.dga.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026519", "to_ids": true, "type": "hostname", "uuid": "814bb160-8e4a-41a3-b828-2ac6c99bec55", "value": "dgti.dga.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026540", "to_ids": true, "type": "domain", "uuid": "06106438-271a-43a7-9769-6c6ef2440018", "value": "nhqdc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026561", "to_ids": true, "type": "hostname", "uuid": "309632d1-16cd-4871-a6f2-3f4c5a523349", "value": "msdn.microsoft.nhqdc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026582", "to_ids": true, "type": "domain", "uuid": "180cc906-eb0c-4225-b848-026649038b68", "value": "icoreemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026603", "to_ids": true, "type": "hostname", "uuid": "f8efa7de-cae1-4de9-8389-887dc699578c", "value": "demo.icoreemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026624", "to_ids": true, "type": "domain", "uuid": "7b58a559-59f7-4c40-ba74-181615750541", "value": "officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026646", "to_ids": true, "type": "hostname", "uuid": "c81fe722-a0df-4c65-94af-d29b04fff55e", "value": "kiwi.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026667", "to_ids": true, "type": "hostname", "uuid": "60abb9e3-a0b5-4fa2-b024-fb4d96d41d2d", "value": "cdn.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026688", "to_ids": true, "type": "hostname", "uuid": "52521fca-f88b-4624-864f-d5eda0cd1ade", "value": "test.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026709", "to_ids": true, "type": "hostname", "uuid": "1be88cbb-e9fa-4408-9406-22957758ae96", "value": "mail.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026730", "to_ids": true, "type": "hostname", "uuid": "471332d9-e840-4902-89e6-03189cb0272d", "value": "ntpc.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026751", "to_ids": true, "type": "hostname", "uuid": "0fbb5995-6931-4658-971b-bef14103ea8f", "value": "main.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026772", "to_ids": true, "type": "hostname", "uuid": "4968d177-cd59-41ae-bde0-aec6a491243b", "value": "excel.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026793", "to_ids": true, "type": "hostname", "uuid": "4ea32aaf-ebc8-407f-88a3-eb2f4f0f5b56", "value": "remote.officesuport.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026814", "to_ids": true, "type": "domain", "uuid": "473c4655-be50-4d1d-afe8-fbe3cc4b0522", "value": "ismtrsn.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026835", "to_ids": true, "type": "hostname", "uuid": "e785cd61-3cab-4a37-9e68-29020d875c72", "value": "lrm.ismtrsn.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026856", "to_ids": true, "type": "hostname", "uuid": "35236eba-3b85-4288-aad8-e35e2bf18b00", "value": "tgoomh.ismtrsn.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026877", "to_ids": true, "type": "hostname", "uuid": "52c249e0-a146-4157-a205-b51245cb252a", "value": "news.ismtrsn.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026898", "to_ids": true, "type": "hostname", "uuid": "e8ef7a03-e35d-4f15-84cc-c8b724b7b039", "value": "icarln.ismtrsn.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026919", "to_ids": true, "type": "domain", "uuid": "a3f9067e-562f-4303-b77e-66d00bbb4c41", "value": "liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026940", "to_ids": true, "type": "hostname", "uuid": "f042aef8-eb1b-410e-856e-4c038ac761cc", "value": "npgsql.liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026961", "to_ids": true, "type": "hostname", "uuid": "0f1c71d1-7c26-42f2-8156-9f1eb3d7dd32", "value": "public.liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747026983", "to_ids": true, "type": "hostname", "uuid": "a601af5d-532a-4961-8cc4-6dc082f91434", "value": "tech.liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027004", "to_ids": true, "type": "hostname", "uuid": "8891c63a-b1da-45b3-86d1-4f5e801112f7", "value": "main.liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027025", "to_ids": true, "type": "hostname", "uuid": "6eb419c9-4f7f-4386-83eb-03b81a59ceeb", "value": "cctv.liveonlin.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027047", "to_ids": true, "type": "domain", "uuid": "e4041d28-0bca-467a-8529-c19b30f71d9f", "value": "alexa-api.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027068", "to_ids": true, "type": "hostname", "uuid": "4d01ade4-d8d4-409a-be0b-dc06bfb8fd0c", "value": "www.alexa-api.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027089", "to_ids": true, "type": "domain", "uuid": "37b3597d-e530-48b0-b125-b7cb7d9fd970", "value": "ngndc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027111", "to_ids": true, "type": "hostname", "uuid": "a8260134-a95f-4967-9a99-d44859e706b5", "value": "air.ngndc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027132", "to_ids": true, "type": "hostname", "uuid": "83798387-0922-46f9-a90e-1a8f3b444087", "value": "spa.ngndc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027153", "to_ids": true, "type": "hostname", "uuid": "0f281c26-4276-424b-815f-b25d0381bc05", "value": "mkn.ngndc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027174", "to_ids": true, "type": "domain", "uuid": "33bdc66e-5302-4805-895b-e4a8b2cf9cc9", "value": "ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027196", "to_ids": true, "type": "hostname", "uuid": "e6c43038-b2db-4c7f-bc08-c6e9e7b6319a", "value": "ts.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027217", "to_ids": true, "type": "hostname", "uuid": "f7bfc44e-7e95-46bb-a4e3-ce2b490a8c50", "value": "ist.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027237", "to_ids": true, "type": "hostname", "uuid": "1bea32dc-3483-48a1-83a1-03bbca1e24fb", "value": "downloads.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027258", "to_ids": true, "type": "hostname", "uuid": "329dbb9b-5efb-4502-949a-62e30a276cd7", "value": "pps.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027279", "to_ids": true, "type": "hostname", "uuid": "552ddf5f-07b6-42fa-8672-cb61f424a1f9", "value": "plt.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027300", "to_ids": true, "type": "hostname", "uuid": "b0b259f9-dda1-422c-8b01-d4b6fe7d3bb5", "value": "tlt.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027322", "to_ids": true, "type": "hostname", "uuid": "87e17a38-3dec-4e2c-97e9-f6380771bf43", "value": "thy.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027343", "to_ids": true, "type": "hostname", "uuid": "8d0967a9-07f3-4a28-8f28-8fe82ff4b1d2", "value": "us.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027364", "to_ids": true, "type": "domain", "uuid": "302cbafb-67b5-4222-800a-cfc2685628e7", "value": "asia-cdn.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027385", "to_ids": true, "type": "hostname", "uuid": "c81729ca-3b73-4471-8e05-c9a2efbbae79", "value": "report.asia-cdn.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027406", "to_ids": true, "type": "domain", "uuid": "930183ab-ce99-4a76-8f4a-588a2c264919", "value": "freehighways.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027427", "to_ids": true, "type": "hostname", "uuid": "e9359d29-c31d-4f5e-ab47-71429b2d1e3e", "value": "map.freehighways.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027448", "to_ids": true, "type": "domain", "uuid": "23614512-cc28-42f8-8ba6-0c6e3ec85a30", "value": "iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027469", "to_ids": true, "type": "hostname", "uuid": "5c10ac5d-3741-4a27-bbc2-88daa8b4bd43", "value": "index.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027490", "to_ids": true, "type": "hostname", "uuid": "18f78866-7d01-4f19-be9b-80630c2db71e", "value": "demo.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027512", "to_ids": true, "type": "hostname", "uuid": "ad3cec45-966e-475c-92c4-c9da64b346e4", "value": "open.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027533", "to_ids": true, "type": "hostname", "uuid": "298df4ad-4730-4c4a-aba2-eb0850454cb0", "value": "api.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027555", "to_ids": true, "type": "hostname", "uuid": "c96b0c9e-5dc3-4b4e-80e7-ed9d27b5b186", "value": "full.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027576", "to_ids": true, "type": "hostname", "uuid": "6ac8eaad-af04-45ee-828e-1406fcb15f97", "value": "bbs.iredemail.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027597", "to_ids": true, "type": "domain", "uuid": "9f56472b-0682-4565-aa5a-6e99238b4cdb", "value": "0nenote.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027618", "to_ids": true, "type": "hostname", "uuid": "8ff56a25-4362-417c-b934-135f4ebb4a1e", "value": "keep.0nenote.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027640", "to_ids": true, "type": "hostname", "uuid": "430bda5a-484c-473a-85dc-071149faef27", "value": "api.asia-cdn.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027661", "to_ids": true, "type": "hostname", "uuid": "2284ee5b-2eaa-415e-a97d-c07a6e4985ad", "value": "speedtest.asia-cdn.asia", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027682", "to_ids": true, "type": "domain", "uuid": "b3ee1636-a2e0-42e1-a369-d9ea1531ad7c", "value": "cyberoams.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027703", "to_ids": true, "type": "hostname", "uuid": "a0ef703d-c63f-4062-85f0-3cc7b11c70a7", "value": "checkip.cyberoams.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027724", "to_ids": true, "type": "hostname", "uuid": "ddffd398-327f-44e1-a88c-dc38a72a7da4", "value": "usa.ekaldhfl.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027745", "to_ids": true, "type": "domain", "uuid": "650e29a2-04ea-4a91-b7aa-06c7c3a29f2e", "value": "mtlklabs.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027766", "to_ids": true, "type": "domain", "uuid": "fcdda249-250c-4a5a-bda9-022f49cc6b3f", "value": "conhostsadas.website", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027787", "to_ids": true, "type": "domain", "uuid": "41c8e84c-6d96-466b-b362-58a30f89278a", "value": "itcom666.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027808", "to_ids": true, "type": "hostname", "uuid": "40f6b074-ef6a-4e8e-8bec-97e395a73e7a", "value": "qbxlwr4nkq.itcom666.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027829", "to_ids": true, "type": "hostname", "uuid": "416e9725-6d3b-4ec0-b2f6-234122e71dd0", "value": "8kmobvy5o.itcom666.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027850", "to_ids": true, "type": "domain", "uuid": "576d163f-87e4-45f8-9861-4da5a1351c6b", "value": "itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027871", "to_ids": true, "type": "hostname", "uuid": "b75ece51-7c89-4444-9fd3-a5c905611324", "value": "bwlgrafana.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027892", "to_ids": true, "type": "hostname", "uuid": "e8f47809-e3d4-4a74-8884-94bc1611db3f", "value": "itsm-uat-app.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027913", "to_ids": true, "type": "hostname", "uuid": "a564f57d-8fda-4470-8514-6611987b4862", "value": "dkxvb0mf.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027934", "to_ids": true, "type": "hostname", "uuid": "d0861b32-7572-4549-8882-3a354ec78264", "value": "nvw3tdetwx.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027955", "to_ids": true, "type": "hostname", "uuid": "9816e07b-8332-4328-b31c-201cc8de54a1", "value": "0j10u9wi.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027976", "to_ids": true, "type": "hostname", "uuid": "d6e4e6a9-bfc9-4d2b-a6dc-b56f495d7259", "value": "yt-sslvpn.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747027998", "to_ids": true, "type": "hostname", "uuid": "90240315-51a4-441d-903e-b7d78e7717ff", "value": "vappvcsa.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028018", "to_ids": true, "type": "hostname", "uuid": "b2e8c748-8d12-45e0-aa55-023c1d531639", "value": "94ceaugp.itcom888.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028040", "to_ids": true, "type": "domain", "uuid": "bcba4564-1ae1-406c-a7a0-df5248a0ccfa", "value": "sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028061", "to_ids": true, "type": "hostname", "uuid": "dfaddbab-8751-4156-9de0-9001d8fa5eb6", "value": "fyalluw0.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028082", "to_ids": true, "type": "hostname", "uuid": "0259a637-dab3-4257-a2ee-161bf6f1fa3b", "value": "sijqlfnbes.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028103", "to_ids": true, "type": "hostname", "uuid": "e3466851-6bb6-4ef6-b128-f1474ba57a71", "value": "jmz8xhxen3.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028124", "to_ids": true, "type": "hostname", "uuid": "4b8b0db3-ad39-4c07-a671-f7ad1dc6d8ac", "value": "2h3cvvhgtf.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028145", "to_ids": true, "type": "hostname", "uuid": "0aab3d05-1782-4871-be89-b45c57d4257b", "value": "3tgdtyfpt9.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028166", "to_ids": true, "type": "hostname", "uuid": "078d380a-559f-4fef-86ad-a59ffef1319b", "value": "n71qtqemam.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028187", "to_ids": true, "type": "hostname", "uuid": "efa9a435-ef8c-4715-b135-1672fe82a567", "value": "711zm77cwq.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028208", "to_ids": true, "type": "hostname", "uuid": "da62e075-e1e8-400d-a021-2eaf12041075", "value": "r77wu4s847.sibersystems.xyz", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028229", "to_ids": true, "type": "domain", "uuid": "1ce9b095-8a2c-4787-abfa-55d912f90496", "value": "caamanitoba.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028250", "to_ids": true, "type": "hostname", "uuid": "f634fe0d-c786-4f78-8057-0f911214ee67", "value": "jw7uvtodx4.caamanitoba.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028271", "to_ids": true, "type": "hostname", "uuid": "743e4e2d-8d20-4fff-8930-158c2027a486", "value": "xdryqrbe.caamanitoba.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028293", "to_ids": true, "type": "hostname", "uuid": "0e42fe16-ce80-499e-a506-4618645000fd", "value": "b1k10pk9.caamanitoba.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028314", "to_ids": true, "type": "hostname", "uuid": "38003078-6e1c-40c0-94c3-98884620ac55", "value": "6hi6m62bzp.caamanitoba.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028335", "to_ids": true, "type": "domain", "uuid": "2656780f-cb9c-4de7-87ce-fcb4f0e91c4c", "value": "livehost.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1747028356", "to_ids": true, "type": "hostname", "uuid": "8cda1b1b-ee0e-42f3-aa28-b66fdd7c056e", "value": "sci.livehost.live", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040159", "to_ids": true, "type": "ip-dst", "uuid": "baf0688d-2dfc-4091-909b-b5d829feddd4", "value": "1.13.82.101", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#781e6a", "local": false, "name": "asn:asn=\"45090\"", "relationship_type": "" }, { "colour": "#7f7f9d", "local": false, "name": "asn:as-owner=\"TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited\"", "relationship_type": "" }, { "colour": "#9256df", "local": false, "name": "asn:as-country=\"CN\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"china\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040160", "to_ids": true, "type": "ip-dst", "uuid": "40a43ef6-291a-47d8-8a8e-635204c4c126", "value": "5.188.33.188", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040162", "to_ids": true, "type": "ip-dst", "uuid": "30951350-f33d-4020-ab74-d79dfac95f52", "value": "5.188.33.254", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040164", "to_ids": true, "type": "ip-dst", "uuid": "7f42351d-6842-4fb6-86d1-90d6cb1951dc", "value": "5.188.34.164", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040165", "to_ids": true, "type": "ip-dst", "uuid": "f5869253-183c-47b9-b481-8fe3539d27fd", "value": "5.188.34.173", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040167", "to_ids": true, "type": "ip-dst", "uuid": "25451c3e-dbf0-474b-b83d-43d4997984b4", "value": "38.54.16.131", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040169", "to_ids": true, "type": "ip-dst", "uuid": "b6c49f01-4778-49a3-9f79-597d5458cc71", "value": "38.54.16.179", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040170", "to_ids": true, "type": "ip-dst", "uuid": "a534cfa2-71ec-4afd-b4f7-29e21a993d5e", "value": "38.60.199.87", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040172", "to_ids": true, "type": "ip-dst", "uuid": "eca0bf1b-843c-4b2f-8bdc-9d800c46b1cb", "value": "38.60.199.208", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#e7643a", "local": false, "name": "asn:asn=\"138915\"", "relationship_type": "" }, { "colour": "#1ec497", "local": false, "name": "asn:as-owner=\"KAOPU-HK Kaopu Cloud HK Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040173", "to_ids": true, "type": "ip-dst", "uuid": "a78d5848-a6a2-4bad-9d23-52cfc0131a5c", "value": "45.76.186.26", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040175", "to_ids": true, "type": "ip-dst", "uuid": "48f18964-f458-4a4b-9813-775339595a36", "value": "45.77.153.197", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040177", "to_ids": true, "type": "ip-dst", "uuid": "4942174f-a21e-43bc-931b-a19b75800fbe", "value": "61.238.103.165", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#8f2ee5", "local": false, "name": "asn:asn=\"10103\"", "relationship_type": "" }, { "colour": "#b6ca27", "local": false, "name": "asn:as-owner=\"HKBN-AS-AP HK Broadband Network Ltd.\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040178", "to_ids": true, "type": "ip-dst", "uuid": "254e6fd1-fd55-4f9b-8c46-7c7689ef3a52", "value": "64.227.132.226", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#c2074e", "local": false, "name": "asn:asn=\"14061\"", "relationship_type": "" }, { "colour": "#d7952a", "local": false, "name": "asn:as-owner=\"DIGITALOCEAN-ASN\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040180", "to_ids": true, "type": "ip-dst", "uuid": "e6461fdb-ad68-4f06-b988-e97eeb5ac805", "value": "92.38.169.222", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#932b43", "local": false, "name": "asn:asn=\"199524\"", "relationship_type": "" }, { "colour": "#568d89", "local": false, "name": "asn:as-owner=\"GCORE\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040182", "to_ids": true, "type": "ip-dst", "uuid": "2514ff61-e613-4881-9408-f8e91cdf8524", "value": "92.38.176.128", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040183", "to_ids": true, "type": "ip-dst", "uuid": "5d13f809-c5c3-4663-b41d-5b9bad537f0e", "value": "92.38.178.40", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040186", "to_ids": true, "type": "ip-dst", "uuid": "c6f609b4-7bbb-4f19-8d76-c81a2207463a", "value": "92.38.178.60", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040188", "to_ids": true, "type": "ip-dst", "uuid": "e8d93cc8-ec63-4f1c-9604-bea5ddc8562c", "value": "92.223.90.133", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040189", "to_ids": true, "type": "ip-dst", "uuid": "fa7e29ad-aefb-42ab-99fd-30ea2994d88a", "value": "95.85.91.50", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#011259", "local": false, "name": "asn:asn=\"202422\"", "relationship_type": "" }, { "colour": "#91ccfe", "local": false, "name": "asn:as-owner=\"GHOST\"", "relationship_type": "" }, { "colour": "#830a90", "local": false, "name": "asn:as-country=\"LU\"", "relationship_type": "" }, { "colour": "#49384d", "local": false, "name": "misp-galaxy:country=\"luxembourg\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780040191", "to_ids": true, "type": "ip-dst", "uuid": "379f2fe6-d552-4d5c-a79f-28f3ba135755", "value": "103.140.239.41", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#eed596", "local": false, "name": "asn:asn=\"139293\"", "relationship_type": "" }, { "colour": "#8b8317", "local": false, "name": "asn:as-owner=\"UFO-AS-AP UFO Network Limited\"", "relationship_type": "" }, { "colour": "#fbf8fb", "local": false, "name": "asn:as-country=\"HK\"", "relationship_type": "" }, { "colour": "#daa28c", "local": false, "name": "misp-galaxy:country=\"hong kong\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1747520204", "to_ids": true, "type": "ip-dst", "uuid": "c2654e49-4553-4019-9523-798721d44ddb", "value": "103.157.142.95", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382521", "to_ids": true, "type": "ip-dst", "uuid": "e3f14824-6369-4cea-aec9-1f2272cee0da", "value": "108.61.158.179", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2", "deleted": false, "disable_correlation": false, "timestamp": "1780382523", "to_ids": true, "type": "ip-dst", "uuid": "2dc1244d-d7fb-4373-85ba-249d322adf6e", "value": "139.180.193.182", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#133012", "local": false, "name": "asn:asn=\"20473\"", "relationship_type": "" }, { "colour": "#650025", "local": false, "name": "asn:as-owner=\"AS-VULTR\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788811", "to_ids": false, "type": "vulnerability", "uuid": "80dd8f87-26cf-44db-b598-3d3627c4be08", "value": "CVE-2022-24682" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788811", "to_ids": false, "type": "vulnerability", "uuid": "bf41184d-8370-4c87-991f-b2664b28e018", "value": "CVE-2022-27924" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788811", "to_ids": false, "type": "vulnerability", "uuid": "4e890f0f-f001-41a7-b752-5a9354f0a2fb", "value": "CVE-2022-27925" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788811", "to_ids": false, "type": "vulnerability", "uuid": "84749567-62e9-43d5-bd34-a07c75f35022", "value": "CVE-2022-37042" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740788811", "to_ids": false, "type": "vulnerability", "uuid": "66b0c97b-d7eb-42aa-8ba1-2229883c6335", "value": "CVE-2022-30333" } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519630", "uuid": "9fc69365-a29c-4b0d-9b6c-ba50044037ca", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519630", "to_ids": true, "type": "md5", "uuid": "0f2e9e81-63e5-4fba-82f9-547929ccf9a1", "value": "ace5920f0d22842eda2a20076870d463", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025413", "to_ids": true, "type": "sha1", "uuid": "b726bd07-164c-4dfc-9db4-d458d3bdd6d3", "value": "90cc4538742c279b3f1ea653e154e36e43f9ccfa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025413", "to_ids": true, "type": "sha256", "uuid": "76bdded5-9f7d-43a6-9d20-20928645e341", "value": "5cba27d29c89caf0c8a8d28b42a8f977f86c92c803d1e2c7386d60c0d8641285", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025413", "to_ids": true, "type": "ssdeep", "uuid": "973325d5-b1b8-422b-b3e5-3c812b62da79", "value": "12288:xk0RuAeeqJ+y8Kcs455mxUqIQ1EEta2nFyjAHb06FGldR80Z1FDNUDvvsc80AOcK:xzTL55rEtadSpGnRb17UDv39pc6XtH5v" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025413", "to_ids": false, "type": "size-in-bytes", "uuid": "8a392de1-5aa5-4b01-a371-8f00a8c640c0", "value": "722944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025413", "to_ids": true, "type": "vhash", "uuid": "65813934-422f-4276-a5a7-6121ff3487e5", "value": "075056655d15656az48nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025413", "to_ids": true, "type": "filename", "uuid": "cdd907d1-4ecb-4f55-aaf1-feec1e826a98", "value": "5cba27d29c89caf0c8a8d28b42a8f977f86c92c803d1e2c7386d60c0d8641285.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025413", "to_ids": false, "type": "text", "uuid": "641953af-453c-4d37-b396-24e1b5ceb457", "value": "Cobalt Strike Loaders\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:56/72\nFirst Submission:2022-07-14T06:48:30.000000+00:00\nLast Submission:2023-08-10T07:28:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519653", "uuid": "e402d02f-c8cd-4e2a-b484-8a47ab339461", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519653", "to_ids": true, "type": "md5", "uuid": "ebe24935-2220-445e-9b40-cd9b538bbcf0", "value": "92df8c81d6a4295dc6a4300f081f88c9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025435", "to_ids": true, "type": "sha1", "uuid": "36e99a67-e63c-4e4b-859f-d46124f780f5", "value": "6026eb9f7b3b1d7f667051afb77f13f0584c36fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025435", "to_ids": true, "type": "sha256", "uuid": "18da12d3-93b8-41b1-ae97-ca3bdee33cf7", "value": "48e81b1c5cc0005cc58b99cefe1b6087c841e952bb06db5a5a6441e92e40bed6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025434", "to_ids": true, "type": "ssdeep", "uuid": "c5715ebb-8168-4536-9ede-aec56fa6b095", "value": "12288:lkzRuAeaqJ+y8Kcs455mxUqIQ1EEta2nFyjAHb06FGldR80Z1FDNUDvvsc80AOcg:lsTL55rEtadSpGnRb17UDv39pc6XtH5n" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025434", "to_ids": false, "type": "size-in-bytes", "uuid": "5f6ec2cf-9cc4-4abe-9d65-ee4dabf4a291", "value": "722944" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025434", "to_ids": true, "type": "vhash", "uuid": "1b814991-34ae-43fc-81dc-19aedce342e1", "value": "075056655d15656az48nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025434", "to_ids": true, "type": "filename", "uuid": "82bb4ab0-302e-4609-8d75-4422a8c6e306", "value": "48e81b1c5cc0005cc58b99cefe1b6087c841e952bb06db5a5a6441e92e40bed6.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 18/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025434", "to_ids": false, "type": "text", "uuid": "a0c7b9ff-990e-467d-aea2-93f78a828bf8", "value": "Cobalt Strike Loaders\r\nType Description: Win32 EXE\nMicrosoft: VirTool:Win32/CobaltStrike.I\nVT Total Detection:58/72\nFirst Submission:2022-07-14T06:54:01.000000+00:00\nLast Submission:2023-08-10T07:27:42.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519674", "uuid": "5fa5954e-7b10-43ab-831b-d78cf622a36b", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519674", "to_ids": true, "type": "md5", "uuid": "534ab70b-d369-459c-a1b3-47954960b14d", "value": "058434852bb8e877069d27f452442167", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025456", "to_ids": true, "type": "sha1", "uuid": "5bcfb18b-93fd-465a-8828-430073656005", "value": "026d81090c857d894aaa18225ec4a99e419da651", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025456", "to_ids": true, "type": "sha256", "uuid": "72906528-505f-4958-9acd-75edb8d13eec", "value": "25da610be6acecfd71bbe3a4e88c09f31ad07bdd252eb30feeef9debd9667c51", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025455", "to_ids": true, "type": "ssdeep", "uuid": "1fa9329d-dfc0-4fc5-a7d6-bbe9196b2bf7", "value": "1536:carhs4oc7yABoxjo5p+Ocyk7P0Okmu4dJsWxcdbbZFUZAUZpw/:ndy8oxjS+Ocyk7sMzCbVFUZAULW" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025455", "to_ids": false, "type": "size-in-bytes", "uuid": "154b458f-7272-43d3-8848-20b18fbf24f2", "value": "78336" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025455", "to_ids": true, "type": "vhash", "uuid": "f24eff53-c640-49de-8b26-6404c44787fc", "value": "174056655d15156az463z3xz1c" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025455", "to_ids": true, "type": "filename", "uuid": "eca8d81c-288b-4bc5-b22d-459b5100ac53", "value": "VFTRACE.dll" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 07/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025455", "to_ids": false, "type": "text", "uuid": "1b6b786e-3a94-42ed-8bad-fa09159addc7", "value": "Cobalt Strike Loaders\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/HyperBro.GXZ!MTB\nVT Total Detection:54/72\nFirst Submission:2022-07-14T06:05:32.000000+00:00\nLast Submission:2023-05-16T04:46:54.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519695", "uuid": "1893f6ab-262a-40a8-b1bd-369cab40b691", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519695", "to_ids": true, "type": "md5", "uuid": "e18fd4d7-4872-43ce-8bd9-c083f5688482", "value": "be2b0c387642fe7e8475f5f5f0c6b90a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025477", "to_ids": true, "type": "sha1", "uuid": "b92f0568-de6a-4750-b1b1-23c3e5bc64fb", "value": "f9c316719ce036d7f6b3d8ea6d199b07c659bfc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025477", "to_ids": true, "type": "sha256", "uuid": "74506e29-62aa-490b-ac3c-9c9c0478f3d6", "value": "233bb85dbeba69231533408501697695a66b7790e751925231d64bddf80bbf91", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025477", "to_ids": true, "type": "ssdeep", "uuid": "9346fab9-2b22-4f2e-9bbf-a350556939a3", "value": "6144:EqJ+y8Kcs4552FxUqIQ1ExCta2nFVojAHb06FG8CCCLPdjd:EqJ+y8Kcs455mxUqIQ1EEta2nFyjAHb8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025477", "to_ids": false, "type": "size-in-bytes", "uuid": "cd08384d-27ec-4141-bbb2-7b9a9d1682e8", "value": "210953" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025477", "to_ids": true, "type": "filename", "uuid": "09f04c91-613a-4163-8266-980eb07899fd", "value": "bin.config" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 01/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025477", "to_ids": false, "type": "text", "uuid": "50d2d073-7339-4c13-8ebd-7a659924792e", "value": "Cobalt Strike Loaders\r\nType Description: unknown\nMicrosoft: None\nVT Total Detection:27/61\nFirst Submission:2022-07-14T06:07:27.000000+00:00\nLast Submission:2023-08-28T13:12:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519716", "uuid": "7593d8ec-8258-43c7-b543-0086d1bd93ad", "Attribute": [ { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519716", "to_ids": true, "type": "md5", "uuid": "0f848d4f-5706-4cda-8d07-915542af8f83", "value": "dee0afd9ea819cc1991c5c1aa921ed46", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025498", "to_ids": true, "type": "sha1", "uuid": "bcb318c0-a15b-4792-a5b6-4a9ce63f5689", "value": "d166137291fabe4f55b2c5bc16b8a9267e0c5ec1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Cobalt Strike Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025498", "to_ids": true, "type": "sha256", "uuid": "2042515c-af94-4282-b88c-d680be5ab2b2", "value": "aeceaa7a806468766923a00e8c4eb48349f10d069464b53674eeb150e0a59123", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025498", "to_ids": true, "type": "ssdeep", "uuid": "d4c44042-4385-4453-8142-bdfd3bbf90a2", "value": "12288:tlvS03RqFoNoiwwCnWdWQIlznXppchrKHP0Emn+iHjTMPDzIR5dtdEKP171VxTHv:tRS03RqFZFydFBNt" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025498", "to_ids": false, "type": "size-in-bytes", "uuid": "1ad5ed70-496c-42ac-b239-1eaf53ac2e9c", "value": "520704" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025498", "to_ids": true, "type": "vhash", "uuid": "ee682eeb-978a-467a-b996-b8b3c2c9d14b", "value": "055076655d655515555az5-z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025498", "to_ids": true, "type": "filename", "uuid": "07e0c7ea-3024-4411-bbcd-0efe947a8201", "value": "aeceaa7a806468766923a00e8c4eb48349f10d069464b53674eeb150e0a59123.sample" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025498", "to_ids": false, "type": "text", "uuid": "cfef514a-5f12-47ad-891c-962b14210b1a", "value": "Cobalt Strike Loaders\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win64/CobaltStrike.AU!MTB\nVT Total Detection:50/72\nFirst Submission:2023-02-24T13:25:40.000000+00:00\nLast Submission:2023-08-17T09:50:59.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519737", "uuid": "602f7c66-2cd3-4b1e-a830-d2e9f52bdc38", "Attribute": [ { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519737", "to_ids": true, "type": "md5", "uuid": "f1e354bc-3c2c-4351-ad3e-52af7ff3a27c", "value": "dba8d19b089a28e66fc63879eca6b9fa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025520", "to_ids": true, "type": "sha1", "uuid": "664b8cf3-396f-4661-98db-2fe845fda20f", "value": "4f7ab9fad76f1f852c7fd550e8b666ff1d0b0e18", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025520", "to_ids": true, "type": "sha256", "uuid": "fdd7b015-58ee-4d1c-ac18-17b3274747a9", "value": "6e3c3045bb9d0db4817ad0441ee3c95b8fe3e087388d1ceefb9ebbd2608aef16", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025519", "to_ids": true, "type": "ssdeep", "uuid": "46af9062-f3f4-4c1e-9c2e-f3a1532bd0aa", "value": "192:h8H2bMDwMPUQh81INbYuHS+e3Q5HfFDqZLm:aLHDh81INbJs37Z" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025519", "to_ids": false, "type": "size-in-bytes", "uuid": "26d75839-a088-467e-bf7c-354ff28dac92", "value": "14848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025519", "to_ids": true, "type": "vhash", "uuid": "61157b84-af86-4fdd-8d12-27d4bc470fb1", "value": "014066651d1515551az12!z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025519", "to_ids": true, "type": "filename", "uuid": "2fcb5d25-6de4-4524-8fd3-0b6e476b11ef", "value": "6e3c3045bb9d0db4817ad0441ee3c95b8fe3e087388d1ceefb9ebbd2608aef16.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025519", "to_ids": false, "type": "text", "uuid": "b292ea69-1de5-47a5-a26a-4382eb881f4d", "value": "Brute Ratel Loaders\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:52/72\nFirst Submission:2022-11-07T06:37:28.000000+00:00\nLast Submission:2023-08-10T07:28:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981614", "uuid": "556bf310-a4a6-4c11-909b-ae6a200916fa", "Attribute": [ { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981614", "to_ids": true, "type": "md5", "uuid": "b79271f1-7b45-4735-a8be-811f6d3f12bd", "value": "96592a5efefcdf7d3b2ea50013ebbbe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025542", "to_ids": true, "type": "sha1", "uuid": "8e6a090e-5d30-46a0-96ab-25d8f3eeda79", "value": "8609f7ee417c9666a6a10bb92f8dfb8b8998607b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025542", "to_ids": true, "type": "sha256", "uuid": "7a03e340-3777-43f7-8ac4-d1ebd1f4c51c", "value": "6f31a4656afb8d9245b5b2f5a634ddfbdb9db3ca565d2c52aee68554ede068d1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025542", "to_ids": true, "type": "ssdeep", "uuid": "1c2c2c15-4781-4e16-aff8-a5987ae34639", "value": "3072:8UEoalSWeZyZgB1pVk2jsen0H8K4NX36LRmpS:8UuSWepbprDn4833Yx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025542", "to_ids": false, "type": "size-in-bytes", "uuid": "a87d4ec4-fb28-47bd-9ec5-e69d1e4cb5ad", "value": "140200" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025542", "to_ids": true, "type": "vhash", "uuid": "df9ac404-599d-4a6c-952c-9de74d89c114", "value": "11503e0f7d1bz3?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025542", "to_ids": true, "type": "filename", "uuid": "dec8f57d-3e6e-4c1b-a7e2-77cd046f1430", "value": "6f31a4656afb8d9245b5b2f5a634ddfbdb9db3ca565d2c52aee68554ede068d1._" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025542", "to_ids": false, "type": "text", "uuid": "1e97baca-fd74-4dbb-a1f0-3a9560670328", "value": "Brute Ratel Loaders\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:38/72\nFirst Submission:2022-11-07T06:41:55.000000+00:00\nLast Submission:2023-08-19T09:33:03.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519780", "uuid": "1efc02f2-ea9c-4ad9-b2d5-fc41277480b2", "Attribute": [ { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519780", "to_ids": true, "type": "md5", "uuid": "8fe0d768-ca55-4464-8ccc-8701e8f4d8a1", "value": "b8e19521173e895cfc89a7d659eeed96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025564", "to_ids": true, "type": "sha1", "uuid": "427fd93e-15b6-4e69-b8cf-d99dc3f38895", "value": "f215252628320c626594fd14bc8eea3ab6591333", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Brute Ratel Loaders", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025564", "to_ids": true, "type": "sha256", "uuid": "8eeb1926-cd7e-4e7b-b01f-42d8571b8c39", "value": "c00991cfeafc055447d7553a14be2303e105b6a97ab35ecf820b9dbd42826f9d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025563", "to_ids": true, "type": "ssdeep", "uuid": "285a8382-752f-40d9-a37a-823ba135fa89", "value": "6144:MfuJMXt80sNKY5kUAFrAswq+Y75wXJlASiUR2HKpLPmz4HqAQvwcxyMULkrikOJo:NN3UFBr7eQ9USKRmTTqvhJFC" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025563", "to_ids": false, "type": "size-in-bytes", "uuid": "7e554b0c-8013-4342-9294-9ff684dc5a01", "value": "347357" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025563", "to_ids": true, "type": "filename", "uuid": "59448ea9-7d4d-40b3-9dd3-8e428c5465f5", "value": "c00991cfeafc055447d7553a14be2303e105b6a97ab35ecf820b9dbd42826f9d.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 18/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025563", "to_ids": false, "type": "text", "uuid": "7cafd17e-f057-442a-9ee1-440918ba869f", "value": "Brute Ratel Loaders\r\nType Description: DOS EXE\nMicrosoft: None\nVT Total Detection:1/61\nFirst Submission:2022-11-07T06:41:54.000000+00:00\nLast Submission:2023-08-28T14:20:20.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519801", "uuid": "c3bfa107-3e3e-43bc-8fb9-0d4212d1662d", "Attribute": [ { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519801", "to_ids": true, "type": "md5", "uuid": "1ffb8a02-17b3-49a0-ab2b-1a5fbf546dcc", "value": "40e70122ed4664b120df3a34a4d83a0e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025585", "to_ids": true, "type": "sha1", "uuid": "a767abb9-e019-4e42-959b-d849efb4c710", "value": "4943c0d6c06bdbbc9909033714fab40894c22643", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025585", "to_ids": true, "type": "sha256", "uuid": "69eccd62-3e0d-402f-bc5d-195989af96ff", "value": "5861584bb7fa46373c1b1f83b1e066a3d82e9c10ce87539ee1633ef0f567e743", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025585", "to_ids": true, "type": "ssdeep", "uuid": "da949553-3f8b-4e39-89f5-1923610c666b", "value": "384:2jFYRGxG0YWaycrMORgnQ9MXTShjqDSk8YKoA4LnpkTcc2ohNA0IDV:2iRGgLLyctkCoAyDc2EA0IDV" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025585", "to_ids": false, "type": "size-in-bytes", "uuid": "832e6e2d-68c4-4edf-9dbf-e781002c5ec3", "value": "24512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025585", "to_ids": true, "type": "vhash", "uuid": "9d6608fb-ff4c-491d-8413-2ae22f1766db", "value": "f4bdcee8548613727934d703e439f0cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025585", "to_ids": true, "type": "filename", "uuid": "24a75b6d-3301-4625-bacb-c94ca485bbc6", "value": "libxselinux.so" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 19/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025585", "to_ids": false, "type": "text", "uuid": "5faab0ad-4e3b-4e51-b124-3cae914cba4c", "value": "Winnti\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Winnti.B!dha\nVT Total Detection:39/64\nFirst Submission:2023-03-21T03:39:15.000000+00:00\nLast Submission:2023-04-09T19:29:56.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519823", "uuid": "3f7959d7-ea90-4643-a287-7e41fb42173c", "Attribute": [ { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519823", "to_ids": true, "type": "md5", "uuid": "e6895dd3-da00-441f-9969-9cfd94310e2e", "value": "aedd22b7dbca057f7a2be3cd977ac9d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025606", "to_ids": true, "type": "sha1", "uuid": "9a0fca5c-7280-47fc-be09-9e4deec20ee5", "value": "904d48211a48505c92ee9b04e5a6dd6dd2e6441b", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025606", "to_ids": true, "type": "sha256", "uuid": "1cbf8cab-c70e-4c22-a2f5-871744e77e89", "value": "69ff2f88c1f9007b80d591e9655cc61eaa4709ccd8b3aa6ec15e3aa46b9098bd", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025606", "to_ids": true, "type": "ssdeep", "uuid": "0a6a857e-ef56-4ff6-afa6-208dcd082a2a", "value": "6144:aFLT4ht/XCE0oEGKyGGNuxSKTHzDIpiVtYAbZjV57hGtbGHWlabfpzMVbb:aFQht/ytoDFGGNdCz0CRI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025606", "to_ids": false, "type": "size-in-bytes", "uuid": "efbf1db6-f71e-47f0-a61b-182161addc30", "value": "416888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025606", "to_ids": true, "type": "vhash", "uuid": "7a7759c5-e253-4147-bd2b-23757faa8338", "value": "1fc09988419535b73eaf9b633e772f7f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025606", "to_ids": true, "type": "filename", "uuid": "0ea876d2-f933-467a-8125-2af18c4e2b69", "value": "69ff2f88c1f9007b80d591e9655cc61eaa4709ccd8b3aa6ec15e3aa46b9098bd.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025606", "to_ids": false, "type": "text", "uuid": "c25325f7-6d57-4f00-bc1a-7f5ebb527bf4", "value": "Winnti\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Winnti.A!dha\nVT Total Detection:37/64\nFirst Submission:2023-03-21T03:35:55.000000+00:00\nLast Submission:2023-08-10T07:27:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981614", "uuid": "aef76c71-d428-4154-ac59-f04fef3e3c91", "Attribute": [ { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981614", "to_ids": true, "type": "md5", "uuid": "98a80de4-40e2-48fd-811c-2f6649179f48", "value": "5159a5ac6429af8828f3d6988847b1d8", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025627", "to_ids": true, "type": "sha1", "uuid": "5d42f686-d9b7-4729-95de-ecee6f072942", "value": "4da2d3b9dd9126b21d616c0991df2b33a333b9de", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025627", "to_ids": true, "type": "sha256", "uuid": "ff478d5b-002d-4745-8e46-9b71dbde47ee", "value": "2f1321c6cf0bc3cf955e86692bfc4ba836f5580c8b1469ce35aa250c97f0076e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025627", "to_ids": true, "type": "ssdeep", "uuid": "605e9126-abf3-460c-a663-138be6268da5", "value": "6144:aFLT4ht/XCE0oEGKyGGNuxSKTHzDIpiVtYAbZjV57hGtbGHWlabfpzMVbb:aFQht/ytoDFGGNdCz0CRI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025627", "to_ids": false, "type": "size-in-bytes", "uuid": "b339534f-c03b-4c98-af4f-fb7417db79cb", "value": "416888" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025627", "to_ids": true, "type": "vhash", "uuid": "61833b8f-9295-4741-848b-fb950b4471fd", "value": "1fc09988419535b73eaf9b633e772f7f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025627", "to_ids": true, "type": "filename", "uuid": "b637228c-9011-4533-a206-a245ba4341ba", "value": "2f1321c6cf0bc3cf955e86692bfc4ba836f5580c8b1469ce35aa250c97f0076e.elf" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025627", "to_ids": false, "type": "text", "uuid": "4ddfadec-b72a-4d64-8fc2-40dc2c2fd451", "value": "Winnti\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Winnti.A!dha\nVT Total Detection:44/64\nFirst Submission:2022-03-30T02:40:03.000000+00:00\nLast Submission:2023-08-10T07:28:05.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519867", "uuid": "e14149d8-5cf7-4759-9100-97c23b2abb0d", "Attribute": [ { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519867", "to_ids": true, "type": "md5", "uuid": "3f0043bf-2e5a-411a-986c-c735aa169108", "value": "7285328db539c10c4e6e0bc4d02871ac", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025649", "to_ids": true, "type": "sha1", "uuid": "87ef944f-3911-49b0-86b3-404d836ec752", "value": "faa3b0879183b5959efcc51a389b7920172f910e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Winnti", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025649", "to_ids": true, "type": "sha256", "uuid": "11252aeb-23df-431c-92de-85d751789749", "value": "f1dcf623a8f8f4b26fe54fb17c8597d6cc3f7066789daf47a5f1179bd7f7001a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025648", "to_ids": true, "type": "ssdeep", "uuid": "619b67b4-118c-48a7-8a89-042af30ac787", "value": "384:2jFYRGxG0YWaycrMORgnQ9MXTShjqDSk8YKoA4LnpkTcc2ohNA0Y:2iRGgLLyctkCoAyDc2EA0Y" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025648", "to_ids": false, "type": "size-in-bytes", "uuid": "25e41369-d2e7-4d80-b418-964744d2e5f4", "value": "24512" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025648", "to_ids": true, "type": "vhash", "uuid": "c2684014-9bd3-4b2f-a549-f3b86804b298", "value": "f4bdcee8548613727934d703e439f0cb" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025648", "to_ids": true, "type": "filename", "uuid": "f4ae082b-c71a-4e8c-9a5a-989e9b723712", "value": "libxselinux.so" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 20/12/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025648", "to_ids": false, "type": "text", "uuid": "3c789500-24d9-4457-9db5-4c9b7d0a56e9", "value": "Winnti\r\nType Description: ELF\nMicrosoft: Backdoor:Linux/Winnti.B!dha\nVT Total Detection:37/64\nFirst Submission:2022-03-30T04:56:04.000000+00:00\nLast Submission:2022-03-30T04:56:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519889", "uuid": "0bf3168c-fe5e-4e97-953e-2e0c93d5ffc2", "Attribute": [ { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519889", "to_ids": true, "type": "md5", "uuid": "e4d20837-3028-49ea-9f76-44cd19bf686e", "value": "f060c97e3b818cc0676356ee53660343", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025670", "to_ids": true, "type": "sha1", "uuid": "8b3fc144-b1b2-4e73-9906-85e695e8bec8", "value": "09f5f2714274c39a36bb03b351a43c25e746ad3c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025670", "to_ids": true, "type": "sha256", "uuid": "fa36d4f4-164b-4abb-9845-dca58c88fa78", "value": "7a61708f391a667c8bb91fcfd7392a328986059563d972960f8237a69e375d50", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025669", "to_ids": true, "type": "ssdeep", "uuid": "7aa14923-f3fe-4796-9476-519f1602ec69", "value": "24576:AAUChNdZizgNxsiGJJ+rtI2bq6zkBqO64zK4lfxmTuJSJhl:AAUChNdZizgXYKI2UBbcc6" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025669", "to_ids": false, "type": "size-in-bytes", "uuid": "c114c1e8-6659-418b-9945-39ce60a350cf", "value": "1144832" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025669", "to_ids": true, "type": "vhash", "uuid": "c38524e3-1b75-4a9b-ba50-a4ea7c09ca98", "value": "016076655d155515755az58z404tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025669", "to_ids": true, "type": "filename", "uuid": "e05f67b1-f0d4-471f-b48f-3172e456c682", "value": "f060c97e3b818cc0676356ee53660343.virus" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 18/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025669", "to_ids": false, "type": "text", "uuid": "1131d782-bf53-4c0a-a5c9-f53120acb809", "value": "Spyder\r\nType Description: Win32 EXE\nMicrosoft: TrojanDropper:Win64/Malgent!MSR\nVT Total Detection:56/72\nFirst Submission:2021-10-26T20:47:41.000000+00:00\nLast Submission:2021-10-26T20:47:41.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519910", "uuid": "095e4069-1745-4212-b046-b81b2129e51f", "Attribute": [ { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519910", "to_ids": true, "type": "md5", "uuid": "558431ff-3167-4835-96d6-b1e78e8b0eeb", "value": "994c90735df4be2eeb526c8fa5631a8a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025691", "to_ids": true, "type": "sha1", "uuid": "0265903a-49c0-4670-9540-a459977b25f1", "value": "ca974f2a2d7bfb46c9ead29762d12c4dff695ee1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025691", "to_ids": true, "type": "sha256", "uuid": "a5e53363-3bc1-4a84-b8bf-fce3eff2bf90", "value": "5d3a6f5bd0a72ee653c6bdad68275df730b836d6f9325ee57ec7d32997d5dcef", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025691", "to_ids": true, "type": "ssdeep", "uuid": "aa682d5a-1e4d-468c-8f4b-f14bbe7f9c47", "value": "6144:bF+dwVNwA2WtO/ay1JePnm6wqHoW2+Q/ABSvJ+rCMrUlWkbzbtPq05dwQq+L2gb:+4jbtgagMm6w+oWJbUvJmRU82JZ1b" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025691", "to_ids": false, "type": "size-in-bytes", "uuid": "a9d54ad3-74d7-43cb-944b-e18f39b09845", "value": "379192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025691", "to_ids": true, "type": "vhash", "uuid": "8e18b32b-c4ff-47d3-9780-22c81449bfaf", "value": "13503e0f7d1bz3?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025691", "to_ids": true, "type": "filename", "uuid": "4cef4d76-3e37-4db5-9db6-ce32ba5d0688", "value": "5d3a6f5bd0a72ee653c6bdad68275df730b836d6f9325ee57ec7d32997d5dcef.bin.sample" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 22/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025691", "to_ids": false, "type": "text", "uuid": "518f0059-d2c5-49e5-ad03-3070edd562e6", "value": "Spyder\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Mamson.A!ac\nVT Total Detection:48/72\nFirst Submission:2021-10-26T20:50:07.000000+00:00\nLast Submission:2023-08-10T10:47:52.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519931", "uuid": "a2abd003-da08-45e0-9cb6-1fbbd8c9103d", "Attribute": [ { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519931", "to_ids": true, "type": "md5", "uuid": "9d7aaef4-2822-4f0b-8f97-a632fbfee948", "value": "9555ecef1396db7d27a819712588e098", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025712", "to_ids": true, "type": "sha1", "uuid": "734d01f8-53b3-44cd-b936-3e1021abd1a2", "value": "3f749e545561104c43af9faa68ea9495aa9cbfaf", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025712", "to_ids": true, "type": "sha256", "uuid": "3cf15f19-c0e0-4731-ac60-635d69b7dba6", "value": "1ded9878f8680e1d91354cbb5ad8a6960efd6ddca2da157eb4c1ef0f0430fd5f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025712", "to_ids": true, "type": "ssdeep", "uuid": "8cf7685d-3b95-4ae8-8e9e-ebdde69458d7", "value": "24576:HAfChNdZizgNxsiGJJ+rtI2bq6zkBqO64zCUr/YZhnj8:HAfChNdZizgXYKI2UByU" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025712", "to_ids": false, "type": "size-in-bytes", "uuid": "022af074-0a8d-464e-82f6-f4281fd24e28", "value": "1547264" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025712", "to_ids": true, "type": "vhash", "uuid": "e9a304fb-b5f1-49af-96a2-d2a205507f84", "value": "016076655d155515655az58z404tz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025712", "to_ids": true, "type": "filename", "uuid": "d29c4a56-9e69-470e-beab-b65255529f5a", "value": "1ded9878f8680e1d91354cbb5ad8a6960efd6ddca2da157eb4c1ef0f0430fd5f.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 10/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025712", "to_ids": false, "type": "text", "uuid": "d8d6ccd9-f8f5-4af0-b7eb-3b49679d9dc2", "value": "Spyder\r\nType Description: Win32 EXE\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:57/72\nFirst Submission:2021-10-26T13:03:31.000000+00:00\nLast Submission:2023-08-10T07:27:50.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519953", "uuid": "15aeecc4-0259-41dc-b4fd-9f11f34ed771", "Attribute": [ { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519953", "to_ids": true, "type": "md5", "uuid": "e272bfb7-5817-4018-a91f-f9f083dd56b1", "value": "0590768d6120036f1d0c7a0e434e0b07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025733", "to_ids": true, "type": "sha1", "uuid": "2e484253-71e7-4d3b-a457-581ba69d452a", "value": "04409eee2624521b4389218780a7f2a26f8885f1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025734", "to_ids": true, "type": "sha256", "uuid": "f4f60d43-d02a-48f7-b96f-319658b8c26c", "value": "e053ca5888fb0d5099efed76e68a1af0020aaaa34ca610e7a1ac0ae9ffe36f6e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025733", "to_ids": true, "type": "ssdeep", "uuid": "569aadc8-1d11-4a43-adc4-e2050d7d4c00", "value": "12288:6LU30I8zQ45BdaHok/L0/AcoU0smX1O+wiPYj6ipDmG8+/TVKvcJjS/m:WUr/YZhnj8" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025733", "to_ids": false, "type": "size-in-bytes", "uuid": "0e858b9d-e800-4fb8-8246-b7b3124ade84", "value": "781824" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025733", "to_ids": true, "type": "vhash", "uuid": "fc018e92-09ce-4bef-9c26-fbb6b61539f7", "value": "175076655d651515555az49?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025733", "to_ids": true, "type": "filename", "uuid": "73a9e7b5-444c-4e00-8ec4-4e3e5a30b841", "value": "e053ca5888fb0d5099efed76e68a1af0020aaaa34ca610e7a1ac0ae9ffe36f6e.bin.sample" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 20/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025733", "to_ids": false, "type": "text", "uuid": "7c33bb0e-08ef-432b-9a5e-938ab1b4dc8f", "value": "Spyder\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:52/72\nFirst Submission:2021-10-26T13:05:46.000000+00:00\nLast Submission:2024-02-15T05:36:35.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519974", "uuid": "78be8089-e63b-4f42-bb20-9d580f764065", "Attribute": [ { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519974", "to_ids": true, "type": "md5", "uuid": "8c9bca8c-48cf-4505-b3c6-9e2ad31988d9", "value": "08b38b91b9ff6378028a1c7a97105890", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025755", "to_ids": true, "type": "sha1", "uuid": "1bf9bd03-0295-4394-a188-522d71d9edcd", "value": "089e301c9655b439bc22124f8c451845b02b2acb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Spyder", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025755", "to_ids": true, "type": "sha256", "uuid": "1573d918-0d83-4e60-abc9-e4de7f344341", "value": "24d4089f74672bc00c897a74664287fe14d63a9b78a8fe2bdbbf9b870b40d85c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025754", "to_ids": true, "type": "ssdeep", "uuid": "94142c62-39c1-422c-82b7-4e406fb72482", "value": "12288:6mU3W8zQ45BdaHok/L0/AcoU0smX1O+wiPYj6ipDmG8+/TVKvcJjS/mKb:rUm/YZhnj8lb" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025754", "to_ids": false, "type": "size-in-bytes", "uuid": "348a84fd-61b1-4492-a37d-23224519c38c", "value": "793400" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025754", "to_ids": true, "type": "vhash", "uuid": "9ebaba8a-88c0-45cd-8bcb-32edde6dff48", "value": "175076655d651515555az49?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025754", "to_ids": true, "type": "filename", "uuid": "175e3421-0b06-47c1-b6f2-5501dbc84bd1", "value": "24d4089f74672bc00c897a74664287fe14d63a9b78a8fe2bdbbf9b870b40d85c.bin.sample" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 25/04/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025754", "to_ids": false, "type": "text", "uuid": "92689108-03b2-45a0-9e19-b537b7f86a14", "value": "Spyder\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:52/72\nFirst Submission:2021-10-27T01:18:06.000000+00:00\nLast Submission:2024-02-15T05:35:29.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747519996", "uuid": "b4f2bfd7-c64f-4ba6-9cd6-ab75aca730cb", "Attribute": [ { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747519996", "to_ids": true, "type": "md5", "uuid": "93c0c87e-9a49-4674-bf0a-09d25c14e94c", "value": "df9c5a67a15ea55df84517acbf26da4d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025776", "to_ids": true, "type": "sha1", "uuid": "22c927bf-4ff3-44ca-bbe7-72a8f3279ccc", "value": "f5859afb2fe252dc0d818d0e2aa44379afdcc206", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025776", "to_ids": true, "type": "sha256", "uuid": "707276bc-192a-48e8-8fa0-274d6406694c", "value": "7056e9b69cc2fbc79ba7a492906bcc84dabc6ea95383dff3844dfde5278d9c7a", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025776", "to_ids": true, "type": "ssdeep", "uuid": "3d11c294-b0a2-4bcc-9751-93c207bc02dd", "value": "6144:hRoG48K+HShxeZVGvcS+hHYQiVjkjGyHoHMXIkXEr7sE:HpK+HaEI84QiVjcE" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025776", "to_ids": false, "type": "size-in-bytes", "uuid": "4ecd768f-5be5-474e-8729-a3b9af55f0a4", "value": "328192" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025776", "to_ids": true, "type": "vhash", "uuid": "11b38e44-663a-45c2-a4eb-12ba516d4469", "value": "135076655d755515155038z42?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025776", "to_ids": true, "type": "filename", "uuid": "1a35af43-6908-4c1b-a790-97b6a97ee79f", "value": "7056e9b69cc2fbc79ba7a492906bcc84dabc6ea95383dff3844dfde5278d9c7a.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 03/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025776", "to_ids": false, "type": "text", "uuid": "ae0ae7d1-704e-40d2-99ee-fab8dad566a8", "value": "FunnySwitch\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win64/Malgent!MSR\nVT Total Detection:51/72\nFirst Submission:2021-11-22T15:38:10.000000+00:00\nLast Submission:2023-08-10T07:27:44.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747520017", "uuid": "b52904ec-e62a-4eb7-bb9c-64996295fc5a", "Attribute": [ { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747520017", "to_ids": true, "type": "md5", "uuid": "17577dfe-3671-4a9e-90c7-10b3c6ebcbd2", "value": "129fcd2f76fa8c7e142abda7f39d9941", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025797", "to_ids": true, "type": "sha1", "uuid": "851852da-46f2-4973-bac3-fe3d29f1d0ee", "value": "ca7d3a51aa261408f08c3ddd74528ba22675c846", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025797", "to_ids": true, "type": "sha256", "uuid": "a2a061d1-44d1-4f46-91fb-545e2a15cd9e", "value": "ede0c1f0d6c3d982f63abbdd5f10648948a44e5fa0d948a89244a06abaf2ecfe", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025797", "to_ids": true, "type": "ssdeep", "uuid": "00a3c2d5-ca0f-4805-8564-8494744f701a", "value": "6144:7301GE0eky0gGJY+hCZSJs0MtrpGsxRqCT7rPk1S1cQS7FrrV5gnLeZ2yjppMIuO:73Tek1f8Zas0MtrpJTq2XYghQF/X2mL" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025797", "to_ids": false, "type": "size-in-bytes", "uuid": "1175201e-c6c1-46a0-b387-62fe0cdec5c6", "value": "434688" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025797", "to_ids": true, "type": "vhash", "uuid": "e42740a5-b971-4dfa-b6d3-36cf672a18b3", "value": "145076655d755515155038z4c?z3" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025797", "to_ids": true, "type": "filename", "uuid": "dd11b31b-762a-43af-9ee2-c4820ccfb23f", "value": "ede0c1f0d6c3d982f63abbdd5f10648948a44e5fa0d948a89244a06abaf2ecfe.bin" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 08/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025797", "to_ids": false, "type": "text", "uuid": "b72508ff-9a1f-4665-84be-43b364e55289", "value": "FunnySwitch\r\nType Description: Win32 DLL\nMicrosoft: Trojan:Win32/Casdet!rfn\nVT Total Detection:52/72\nFirst Submission:2021-10-11T12:12:32.000000+00:00\nLast Submission:2023-08-10T07:28:00.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747520039", "uuid": "1cde765c-293c-4ca1-9fdf-8ea09b725271", "Attribute": [ { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747520039", "to_ids": true, "type": "md5", "uuid": "15ea77b6-5100-42d6-a059-9ec882754c6c", "value": "f22a181e78aec56fed11ab5d6197f126", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747025818", "to_ids": true, "type": "sha1", "uuid": "9b6d0c5f-c3dc-4013-939d-ca7e7d9ba12d", "value": "16d78d9ab26745bf4df8fde265e64d44eb771fe3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "FunnySwitch", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747025818", "to_ids": true, "type": "sha256", "uuid": "87541776-f79e-4c54-95d7-92087c14a5de", "value": "9eb0124d822d6b0fab6572b2a4445546e8029ad6bd490725015d49755b5845a4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1747025818", "to_ids": true, "type": "ssdeep", "uuid": "9a0bae43-06a6-4d35-b1fa-995cbf97f490", "value": "6144:MXGWLew4bLzVAUmCN4PqarzeAGCPU6gWvqF:miLJAUmCN4PqarzeAGCPU6gWvqF" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1747025818", "to_ids": false, "type": "size-in-bytes", "uuid": "62057fef-eb9d-4087-9879-208afb20a86a", "value": "221696" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1747025818", "to_ids": true, "type": "vhash", "uuid": "ef1383fc-ce05-4ce5-97ca-37eb32a8f52e", "value": "3250366515118089844c00c0" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1747025818", "to_ids": true, "type": "filename", "uuid": "42336acc-d3ff-44f6-ba0d-0517ffe3429f", "value": "Funny.dll" }, { "category": "Other", "comment": "Checked: 12/05/2025\nLast-scan\t: 05/05/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1747025818", "to_ids": false, "type": "text", "uuid": "542cf674-1de2-43bb-ab01-cc7be0c65d63", "value": "FunnySwitch\r\nType Description: Win32 DLL\nMicrosoft: Trojan:MSIL/Malgent!MSR\nVT Total Detection:41/72\nFirst Submission:2021-12-11T04:51:26.000000+00:00\nLast Submission:2023-08-10T07:27:35.000000+00:00" } ] } ] } }