{ "Event": { "analysis": "1", "date": "2022-08-09", "extends_uuid": "", "info": "[Threat Intel] Meta's Quarterly Adversarial Threat Report", "protected": false, "publish_timestamp": "1780039420", "published": true, "threat_level_id": "2", "timestamp": "1780039420", "uuid": "ce9b6cf8-d850-4441-bfe8-02b66a095190", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#8b05c0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"", "relationship_type": "" }, { "colour": "#d5270f", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\"", "relationship_type": "" }, { "colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": "" }, { "colour": "#fb3bcd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Host Information - T1592\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#0bbdc3", "local": false, "name": "misp-galaxy:target-information=\"New Zealand\"", "relationship_type": "" }, { "colour": "#670cf4", "local": false, "name": "misp-galaxy:target-information=\"Pakistan\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#e4d611", "local": false, "name": "misp-galaxy:target-information=\"Ukraine\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#3500ca", "local": false, "name": "rectifyq:detection-rules=\"yara-from-src\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"HAZY TIGER\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:threat-actor=\"Operation C-Major\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"XploitSPY\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:malpedia=\"Dracarys\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#fdcb58", "local": false, "name": "rectifyq:MY-relevancy=\"somewhat-relevant\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1740263690", "to_ids": false, "type": "link", "uuid": "da6ded30-8841-46ab-b071-0002f35b68fb", "value": "https://about.fb.com/wp-content/uploads/2022/08/Quarterly-Adversarial-Threat-Report-Q2-2022.pdf", "Tag": [ { "colour": "#6b003a", "local": false, "name": "workflow:todo=\"create-missing-misp-galaxy-cluster\"", "relationship_type": "" } ] }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1736667167", "to_ids": false, "type": "text", "uuid": "2230d6c4-6db7-4a5c-a894-22fc80268ac0", "value": "Meta's quarterly report on cyber threats." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1736667167", "to_ids": false, "type": "text", "uuid": "a4a8ea76-e01d-44ce-b134-65a214d5f6bc", "value": "Name: Meta's Quarterly Adversarial Threat Report\nAuthor: AlienVault\nAdversary: \nTags: [\"lazaspy\", \"apt\", \"bitter\", \"apt36\", \"dracarys\"]\nTgtd countries: [\"United Kingdom of Great Britain and Northern Ireland\", \"New Zealand\", \"Pakistan\", \"India\", \"Ukraine\", \"Malaysia\"]\nMlwr families: [\"LazaSpy\", \"Dracarys\"]\nAttack_ids: [\"T1123\", \"T1433\", \"T1589\", \"T1592\"]\nIndustries: [\"Journalists\", \"Government\", \"Medical\", \"Education\"]" }, { "category": "Network activity", "comment": "Hosting Dracarys Malware", "deleted": false, "disable_correlation": false, "timestamp": "1740268886", "to_ids": true, "type": "domain", "uuid": "0a4749a2-61a9-4d57-9c88-1b0211afb08e", "value": "signalpro.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Dracarys Malware", "deleted": false, "disable_correlation": false, "timestamp": "1740268907", "to_ids": true, "type": "domain", "uuid": "840dab88-c9b4-42e0-a555-30b0a6126cf2", "value": "signal-premium.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Dracarys Malware", "deleted": false, "disable_correlation": false, "timestamp": "1740268928", "to_ids": true, "type": "domain", "uuid": "7959781a-9e8b-4095-9b62-86f5f2031de1", "value": "signalpremium.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Hosting Dracarys Malware", "deleted": false, "disable_correlation": false, "timestamp": "1740268949", "to_ids": true, "type": "domain", "uuid": "78696800-286a-4426-990f-b78756f3cfae", "value": "telegram-pro.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Dracarys Malware C2", "deleted": false, "disable_correlation": false, "timestamp": "1740268970", "to_ids": true, "type": "domain", "uuid": "54bf5e5c-315d-4eda-adde-13e90faaa165", "value": "signal-premium-app.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Dracarys Malware C2", "deleted": false, "disable_correlation": false, "timestamp": "1740268992", "to_ids": true, "type": "domain", "uuid": "1843ca42-1b2c-4865-8696-7753f9895be6", "value": "youtubepremiumapp.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Dracarys Malware C2", "deleted": false, "disable_correlation": false, "timestamp": "1740269013", "to_ids": true, "type": "hostname", "uuid": "dc386672-ade4-40d4-a0b6-fa4be4a49a21", "value": "pflix.camdvr.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Dracarys Malware C2", "deleted": false, "disable_correlation": false, "timestamp": "1780039420", "to_ids": true, "type": "ip-dst", "uuid": "2240425c-1167-4627-9a66-880243d874ea", "value": "94.140.114.22", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#20117d", "local": false, "name": "asn:asn=\"43513\"", "relationship_type": "" }, { "colour": "#c5d0f8", "local": false, "name": "asn:as-owner=\"NANO-AS\"", "relationship_type": "" }, { "colour": "#6286a7", "local": false, "name": "asn:as-country=\"LV\"", "relationship_type": "" }, { "colour": "#5f162c", "local": false, "name": "misp-galaxy:country=\"latvia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269055", "to_ids": true, "type": "hostname", "uuid": "b1d7f9c7-d498-49ae-89cd-9d8d1d697868", "value": "weather.play-protect.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269076", "to_ids": true, "type": "hostname", "uuid": "a0492940-495b-4331-80f9-4d403567b408", "value": "gallery.play-protect.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269097", "to_ids": true, "type": "domain", "uuid": "5eead223-c6e3-415f-86a2-6ae5ea8efb84", "value": "sikhsiyasatapp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269119", "to_ids": true, "type": "domain", "uuid": "93483463-31e6-4d04-a3a6-f50b9e9bd910", "value": "telegramapppro.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269140", "to_ids": true, "type": "domain", "uuid": "0f269c3a-3c96-4927-82bf-488a3e2529e0", "value": "play-protect.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269161", "to_ids": true, "type": "hostname", "uuid": "62a4ec37-fbec-40e9-b5ec-75b1cbfe2725", "value": "www.sikhsiyasatapp.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269182", "to_ids": true, "type": "domain", "uuid": "32a1db68-b1fb-4474-8b17-8baee5728258", "value": "briarapppro.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269203", "to_ids": true, "type": "domain", "uuid": "b0c7b80c-0b79-410f-8844-702f59541c0f", "value": "islam-360-plus.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269224", "to_ids": true, "type": "domain", "uuid": "a30ee1c7-88f7-456c-ab88-94f862c23101", "value": "converse-app.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269245", "to_ids": true, "type": "domain", "uuid": "931fd945-e8ba-42c1-b8c1-1ee79b662f2d", "value": "telegram-app.tech", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269266", "to_ids": true, "type": "domain", "uuid": "c8834772-b821-4685-ab63-595dba84e6d3", "value": "appprotonvpn.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269287", "to_ids": true, "type": "domain", "uuid": "b21db309-638d-468f-a436-6ed17d8fd750", "value": "linphone-app.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269309", "to_ids": true, "type": "domain", "uuid": "405e907d-edea-4070-b075-f3d2bc7711e4", "value": "appbriar.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269330", "to_ids": true, "type": "domain", "uuid": "a72d65f0-58a4-41d9-8c67-e24f6e9cdb5c", "value": "gosignal.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be attacker controlled infrastructure", "deleted": false, "disable_correlation": false, "timestamp": "1740269351", "to_ids": true, "type": "hostname", "uuid": "c5c51411-0484-443d-99c1-c28f853f6c29", "value": "app2.appvlc.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269372", "to_ids": true, "type": "domain", "uuid": "bfee9c44-c492-41ad-87a8-ba157f573369", "value": "1drivestorage.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269393", "to_ids": true, "type": "domain", "uuid": "dc01c04f-da4e-487d-a8a4-3d9c312f0c26", "value": "appsupdate.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain used to redirect to other actor-controlled domains", "deleted": false, "disable_correlation": false, "timestamp": "1740269414", "to_ids": true, "type": "domain", "uuid": "bb62018a-c469-46c2-8b00-d4dae5efcf6d", "value": "archiverst.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269436", "to_ids": true, "type": "domain", "uuid": "ca49eba9-111b-4c2f-a1b5-5c7a323c8c57", "value": "filestudios.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269457", "to_ids": true, "type": "domain", "uuid": "05d410f5-3954-49b5-9dee-ea4dee8f9d61", "value": "hatvax.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269478", "to_ids": true, "type": "domain", "uuid": "b20071a0-e85f-47e1-b370-d01700581a34", "value": "medizz.co", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269499", "to_ids": true, "type": "hostname", "uuid": "038794cb-535e-4b75-b7d1-5e87b3f66a43", "value": "play.google.com.whatsapp.playapps.ga", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269520", "to_ids": true, "type": "hostname", "uuid": "8d65949d-6b58-4cc1-99a3-312fc7f4fe80", "value": "ratapi11223344786.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269541", "to_ids": true, "type": "hostname", "uuid": "c7e2c9fb-97c1-4edd-a3ae-7c1882f170d3", "value": "rdeskapi719543132892786.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269562", "to_ids": true, "type": "hostname", "uuid": "0d9a6280-5acc-4acb-9cd3-70fc831cef6c", "value": "rkarsin453287786.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269583", "to_ids": true, "type": "hostname", "uuid": "e1b345ce-3329-4bd6-8eb6-ade5c8642eaf", "value": "secureapplication.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269605", "to_ids": true, "type": "hostname", "uuid": "16d8f2b5-b5e1-4bc3-9d49-538485149ca8", "value": "securechat.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269626", "to_ids": true, "type": "domain", "uuid": "f52509d4-ff2e-49b0-864d-aa25525fca79", "value": "shareflx.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Social card preview site that redirects to actor-controlled domain", "deleted": false, "disable_correlation": false, "timestamp": "1740269647", "to_ids": true, "type": "hostname", "uuid": "b8c587dd-74a9-4441-8384-ab35f6e893c2", "value": "shareflx.createasocialcard.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Social card preview site that redirects to actor-controlled domain", "deleted": false, "disable_correlation": false, "timestamp": "1740269668", "to_ids": true, "type": "hostname", "uuid": "1db31897-7fd1-437e-839b-941a2f21c227", "value": "shareflx.social-card-share.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Social card preview site that redirects to actor-controlled domain", "deleted": false, "disable_correlation": false, "timestamp": "1740269689", "to_ids": true, "type": "hostname", "uuid": "3199381a-17c4-4c79-b747-0963f116d028", "value": "shareflx.socialpreviews.top", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269710", "to_ids": true, "type": "domain", "uuid": "1fac9139-2b14-420a-946a-4fbc173b8f3d", "value": "storeupdates.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269732", "to_ids": true, "type": "hostname", "uuid": "ed0f3c55-86e6-42d1-b0dd-92a6346e25fc", "value": "testandroidopen.azurewebsites.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "C2 for malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269753", "to_ids": true, "type": "domain", "uuid": "df1cdcb8-6314-4da6-a00b-f4546ed56c0c", "value": "theambix.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Assessed to be actor-controlled domain hosting malware", "deleted": false, "disable_correlation": false, "timestamp": "1740269774", "to_ids": true, "type": "domain", "uuid": "20c45aef-2b43-4f87-adf9-c0d104f8bab8", "value": "yoursdrive.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740264034", "uuid": "c586f65b-b5e0-4ac4-80b7-c3a93bed09c1", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740264034", "to_ids": false, "type": "comment", "uuid": "9545ecce-eb9a-4710-babb-03f1bb2cbbf9", "value": "Android RAT found on GitHub at https://github.com/XploitWizer/XploitSPY/tree/master/client/app/src/main/java/com/remote/app." }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740264034", "to_ids": true, "type": "yara", "uuid": "fbe6e116-9ffa-4062-958e-c1a034778204", "value": "rule xploitspy_rat {\r\n meta:\r\n source = \"Facebook\"\r\n date = \"2022-08-04\"\r\n description = \"Android RAT found on GitHub at\r\n https://github.com/XploitWizer/XploitSPY/tree/master/client/app/src/main/java/\r\n com/remote/app.\"\r\n strings:\r\n $func0 = \"0xAU\"\r\n $func1 = \"0xCL\"\r\n $func2 = \"0xCO\"\r\n $func3 = \"0xFI\"\r\n $func4 = \"0xGP\"\r\n $func5 = \"0xIN\"\r\n $func6 = \"0xLO\"\r\n $func7 = \"0xMI\"\r\n $func8 = \"0xPM\"\r\n $func9 = \"0xSM\"\r\n $func10 = \"0xWI\"\r\n $func11 = \"0xCB\"\r\n $func12 = \"0xNO\"\r\n $applist0 = \"appName\"\r\n $applist1 = \"packageName\"\r\n $applist2 = \"versionName\"\r\n $applist3 = \"versionCode\"\r\n $notif0 = \"appName\"\r\n $notif1 = \"postTime\"\r\n condition:\r\n QUARTERLY ADVERSARIAL THREAT REPORT 35\r\n 7 of($func * )and(\r\n all of($applist * )\r\n or all of($notif * ))\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740264034", "to_ids": false, "type": "text", "uuid": "8555177d-3d09-440f-840c-fe3c024acadf", "value": "xploitspy_rat" } ] }, { "comment": "", "deleted": false, "description": "An object describing a YARA rule (or a YARA rule name) along with its version.", "meta-category": "misc", "name": "yara", "template_uuid": "b5acf82e-ecca-4868-82fe-9dbdf4d808c3", "template_version": "6", "timestamp": "1740264063", "uuid": "d0f4a819-1aeb-4dcd-9a94-e15465a7d04c", "Attribute": [ { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "comment", "timestamp": "1740264063", "to_ids": false, "type": "comment", "uuid": "e5e23392-f1de-4df0-9191-17113ebd0288", "value": "Custom Android RAT built on top of XploitSPY" }, { "category": "Payload installation", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara", "timestamp": "1740264063", "to_ids": true, "type": "yara", "uuid": "8220aba8-9c8c-493d-acaa-07f20c6ed1b7", "value": "rule lazaspy_android_rat {\r\n meta:\r\n source = \"Facebook\"\r\n date = \"2022-08-04\"\r\n description = \"Custom Android RAT built on top of XploitSPY\"\r\n strings:\r\n $s0 = \"/.System/Ct.csv/\"\r\n $s1 = \"/.System/sm.csv/\"\r\n $s2 = \"logg.txt\"\r\n $s3 = \"ulog.txt\"\r\n $s4 = \"This Feature is currently Unavailable. Comming Soon!\"\r\n $s5 = \"Press Back Again to Exit.\"\r\n $s6 = \"Please Grant Permission to Continue\"\r\n $s7 = \"Try Again something went wrong\"\r\n $s8 = \"Deleting Conversation Please wait\"\r\n $s9 = \"please type something\"\r\n $s10 = \"Message not Sent\"\r\n condition:\r\n 7 of($s * )and xploitspy_rat\r\n}" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "yara-rule-name", "timestamp": "1740264063", "to_ids": false, "type": "text", "uuid": "d52a428c-8992-4000-b62b-240d9ed47790", "value": "lazaspy_android_rat" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269795", "uuid": "8f81a5a0-ae52-4557-bf63-d7eed715bdcc", "Attribute": [ { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269795", "to_ids": true, "type": "md5", "uuid": "0dca0516-4ac2-4436-b5a5-b8b215478894", "value": "a3d18021cd444e8fe23fffc1a6140071", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267892", "to_ids": true, "type": "sha1", "uuid": "a8b7b75f-a156-4763-ba35-34549d54498f", "value": "fb89ce473b638ac83ac195079156c25fe2de5c21", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267892", "to_ids": true, "type": "sha256", "uuid": "54c80e3c-3c95-437f-b3b2-275d1dfccc5d", "value": "67f5f1f45498ed400337ae5589bdcadc97eaa0cc7c1fd03f4ff088517c6d761f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267049", "to_ids": true, "type": "ssdeep", "uuid": "8528a31d-b9c9-41b8-8677-28b7d89ae80f", "value": "1572864:xDr0dUURRRSHrosBVZNY1QAyeBlHR1SZzT5Dqwe:WdUHNVZW3VLSde" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267049", "to_ids": false, "type": "size-in-bytes", "uuid": "5d036878-3e94-4158-9793-f01cc9fdefd9", "value": "66700672" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267049", "to_ids": true, "type": "vhash", "uuid": "56885864-b110-4e47-9b53-36cf9eec7a09", "value": "5c271e902e64cdc8746af1e557192191" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267049", "to_ids": true, "type": "filename", "uuid": "c5480842-7f6f-4756-be39-a4f5b3c48d78", "value": "Signal_Pro Version_65MB.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 23/01/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267049", "to_ids": false, "type": "text", "uuid": "2a3c33fd-c854-4190-be84-cb3a30271d45", "value": "Dracarys\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1747981146", "uuid": "c7999f93-406d-4a0f-b8ea-28ab797878fd", "Attribute": [ { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1747981146", "to_ids": true, "type": "md5", "uuid": "e39d8b03-1a15-4514-b5d2-e79385ab5afe", "value": "07532dea34c87ea2c91d2e035ed5dc87", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1747981146", "to_ids": true, "type": "sha1", "uuid": "7879f246-faa1-49e7-9692-a99370b25bc4", "value": "04ec835ae9240722db8190c093a5b2a7059646b1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1747981146", "to_ids": true, "type": "sha256", "uuid": "e0ff7f40-9132-4800-8ba9-857eeb2a5f92", "value": "220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220082", "local": false, "name": "rectifyq:samples-found-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267070", "to_ids": true, "type": "ssdeep", "uuid": "5ec86cb2-898c-4cec-950f-f5d6156608a5", "value": "196608:A8ULZA2UNZPFyeRlQbQ4Waex2Jg6K3KVSOjQHITUI8KgYeX1EVsf6lCJwtBD/SZP:qqdZPFyeR2b/WWO3K75Uv5JEVsaUwtNu" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267070", "to_ids": false, "type": "size-in-bytes", "uuid": "18e34764-7738-4dd4-9dba-822f1e03576e", "value": "13271058" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267070", "to_ids": true, "type": "vhash", "uuid": "f524d7fc-f720-4f23-af6f-6d4e3bc716aa", "value": "c2c9ed5624cd945ee79b0802264155be" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267070", "to_ids": true, "type": "filename", "uuid": "e9900c30-7863-4b86-b0be-62bef3deef10", "value": "220fcfa47a11e7e3f179a96258a5bb69914c17e8ca7d0fdce44d13f1f3229548.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 16/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267070", "to_ids": false, "type": "text", "uuid": "30ce53f1-238e-4feb-857c-6f8552e39f15", "value": "Dracarys\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:28/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269837", "uuid": "4aeb5bb2-140f-4393-bc82-aff2427397ea", "Attribute": [ { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269837", "to_ids": true, "type": "md5", "uuid": "c0781f49-384e-4833-9dba-d0fba382d5eb", "value": "e20473bea7fe5968f0a032303838b601", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267895", "to_ids": true, "type": "sha1", "uuid": "edb66233-3082-4254-9aab-971ec6eb70b7", "value": "f27dd7bfb2dfeedc1233bbbe326fd6ea0d6904e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267895", "to_ids": true, "type": "sha256", "uuid": "26afed91-e3fa-4ea8-9648-e4d6c710832c", "value": "f59c45ed38702f4b603b4f16c6f5f7dd6b76f8d809a142002236f0fbd63018e2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267091", "to_ids": true, "type": "ssdeep", "uuid": "3344c7b1-ab65-42cd-86f5-3e360ccab8a4", "value": "1572864:0hmCzUL8ule/qUzslunY2dGqaQO8GHxlWZT4GB5DjpxZNqTVeZkih:0AUUL1le/qUYlSpdGq7OXOZxx2T8Zvh" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267091", "to_ids": false, "type": "size-in-bytes", "uuid": "15a4d0e4-515b-418d-8272-ec29349d35ec", "value": "76235050" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267091", "to_ids": true, "type": "vhash", "uuid": "14011274-2fb3-44fd-b324-7657835f9c3c", "value": "ebb6607b946bea6f1da180b4b3b61daa" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267091", "to_ids": true, "type": "filename", "uuid": "8077f810-31f3-476f-babd-64f55422681c", "value": "Signal_Pro_Version.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 09/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267091", "to_ids": false, "type": "text", "uuid": "aef7d44f-d9bc-40e1-8751-cbc90e5d6e73", "value": "Dracarys\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:24/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269858", "uuid": "d2d7e537-61ef-4543-8982-baa1a48638ab", "Attribute": [ { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269858", "to_ids": true, "type": "md5", "uuid": "238e385c-a067-4170-811e-95d790fe97c1", "value": "d9a39c41e9f599766b5527986e807840", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267897", "to_ids": true, "type": "sha1", "uuid": "8479ec14-0abe-44e7-bb6b-fafbe508ca15", "value": "a35653c3d04aaaa76266db6cd253f086872a5d27", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267897", "to_ids": true, "type": "sha256", "uuid": "83439abd-5b7d-4e7e-b851-20ff6ebfa779", "value": "43e3a0b0d5e2f172ff9555897c3d3330f3adc3ac390a52d84cea7045fbae108d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267113", "to_ids": true, "type": "ssdeep", "uuid": "3cb2ad97-54a4-4131-95f4-e8e80ef3dba3", "value": "393216:5q3TVSn9LXMq4Ynog/N8Cko4g04hQOZeibmUEPZgYlX5oLLIR1pmF8yxilXLGg6a:5qJwBXJ/atbnasiAB3wVF9xwLS4vgfxO" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267113", "to_ids": false, "type": "size-in-bytes", "uuid": "28f82b5d-5f4b-48cd-adb2-4ab436d23513", "value": "22996029" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267113", "to_ids": true, "type": "vhash", "uuid": "fffa7ce8-915a-4179-b29c-56fcc11f34dd", "value": "6ac47c4d29efea36024a4d80e91dfe6f" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267113", "to_ids": true, "type": "filename", "uuid": "3ec7e92c-7241-4a20-888f-1924eb764307", "value": "test" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 13/12/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267113", "to_ids": false, "type": "text", "uuid": "c5255e37-92c7-42bc-8d82-7b892febe41b", "value": "Dracarys\r\nType Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Dracarys.B\nVT Total Detection:23/65" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269879", "uuid": "c20d0df1-2dac-4394-af1f-1547c1bf0ecc", "Attribute": [ { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269879", "to_ids": true, "type": "md5", "uuid": "2c07fbab-beac-4bde-8ecc-d6b307d2ccb2", "value": "b06e2f95ecf7012138bee314be9baed9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267898", "to_ids": true, "type": "sha1", "uuid": "acfad710-10d3-4b37-aa70-7ea14d95e6a0", "value": "5c74005785e5a60b8c7b956c6c235c25d32daaf4", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Dracarys", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267898", "to_ids": true, "type": "sha256", "uuid": "69251411-35cf-4676-909d-dc237be463a9", "value": "c71366d68202a60dc14179885bfbb057ddeeb823be8cc4189a4e113dd7b54bb9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267135", "to_ids": true, "type": "ssdeep", "uuid": "32698505-cc6f-4b19-83bb-0d4200752652", "value": "98304:UGvGU7CuA943+in5PwMnMge/cRpRwPQWqChLGnG6lNDRR8zxQcwcm3fMfrbV0st:UGOaCA3NwN/cPCP7LKNlNDUzj90st" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267135", "to_ids": false, "type": "size-in-bytes", "uuid": "3d39924c-52d4-4e6f-adef-6df14f39a955", "value": "5997396" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267135", "to_ids": true, "type": "vhash", "uuid": "5e7cfe37-c9ce-4b73-8f1e-f5f4838a549d", "value": "acea45c793abe96047ca11bcdac7cfc1" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267135", "to_ids": true, "type": "filename", "uuid": "22dd6dd9-83d5-486f-84d1-b4cd79d9a031", "value": "b06e2f95ecf7012138bee314be9baed9.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 09/10/2024", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267135", "to_ids": false, "type": "text", "uuid": "2a1246f9-c07c-4ac4-b3d4-30bc495e3188", "value": "Dracarys\r\nType Description: Android\n\nMicrosoft: None\nVT Total Detection:29/67" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269900", "uuid": "eec1cfde-782a-40ac-b7c0-f78d2691f172", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269900", "to_ids": true, "type": "md5", "uuid": "f0606018-f873-4dca-bc27-435876dea39b", "value": "32441cfa9b030b126e224f5ab483a996", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267899", "to_ids": true, "type": "sha1", "uuid": "c6940208-b8a2-4a31-a360-44a4abd1c197", "value": "df9651a0c1d0909444f1efd51b89454d465b3f9f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267900", "to_ids": true, "type": "sha256", "uuid": "55290559-5374-4889-8a11-e6e653b6667b", "value": "5d885fd9b896c8d59dbdc6b3ae4068662544f401d98a7eba757b329714d87c45", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267156", "to_ids": true, "type": "ssdeep", "uuid": "036c7731-a478-4e9d-a6ec-733a4a7ec8fb", "value": "98304:dI/sSursDxXRMBj1VY5IivKPKW8WYfrDje+KK1:W/gsXGjbYuiSPKbaK1" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267156", "to_ids": false, "type": "size-in-bytes", "uuid": "fdbad93e-db5e-4518-aa34-125716742247", "value": "3588973" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267156", "to_ids": true, "type": "vhash", "uuid": "cebb9206-ba9f-408e-9b79-5c4c9b71f3ea", "value": "6937b5a2afd1b54f4d03d29bf43e27d7" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267156", "to_ids": true, "type": "filename", "uuid": "348624fe-947c-48fe-aa09-42c733e1bf7e", "value": "Def Civ Mutual Transfer App.apk" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267156", "to_ids": false, "type": "text", "uuid": "a1e534eb-b8c4-402d-a9ee-c6a25d1a08c7", "value": "Type Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Ahmyth.D\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269922", "uuid": "436cd780-8e6e-46c2-b031-d963c83a3b6f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269922", "to_ids": true, "type": "md5", "uuid": "c3a18e72-eab4-4e78-ad2f-55a789a26748", "value": "7e3f35774fa1fb5f0cae869b251dbfc6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267901", "to_ids": true, "type": "sha1", "uuid": "39c76c11-cc06-4f0e-b76d-ba68287c86e2", "value": "da55c1d26defaf54a1d78e7010ba82c25d528ad2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267901", "to_ids": true, "type": "sha256", "uuid": "35882e71-5540-4e88-b30f-62e8abdd30e8", "value": "b3510e0a8775d9ab5c8409510041dc1e7da47923d5bf3e8f0848a4a3970ffca7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267177", "to_ids": true, "type": "ssdeep", "uuid": "d794f4e3-1d63-4337-afb7-ce007f49f1d9", "value": "98304:1rQMEbIJIUn9ThRS9N1Zw5IiHKPKWlYfrn3X:1dayLn9ThU9NDwuiqPKjX" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267177", "to_ids": false, "type": "size-in-bytes", "uuid": "87e8aab9-4c8b-432e-aab9-ae64376008e9", "value": "3487094" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267177", "to_ids": true, "type": "vhash", "uuid": "02dcf757-2535-41c5-9910-e8e9144b3a9f", "value": "505bd5a312c0746e63708e70b8439db4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267177", "to_ids": true, "type": "filename", "uuid": "3a6d6ef2-115b-4076-bc26-e38302e7ff1e", "value": "b3510e0a8775d9ab5c8409510041dc1e7da47923d5bf3e8f0848a4a3970ffca7.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267177", "to_ids": false, "type": "text", "uuid": "58c9376b-bb9d-4332-9a38-cbc00a595a21", "value": "Type Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Ahmyth.D\nVT Total Detection:34/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269943", "uuid": "91b2ab8d-d056-4114-8518-8289c831644f", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269943", "to_ids": true, "type": "md5", "uuid": "38137dfc-ebe0-43ee-8a44-599f0a854a3d", "value": "16fd5e6f5bf31ae5a3275f25d3aa2fd1", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267902", "to_ids": true, "type": "sha1", "uuid": "ddc7450d-147b-4105-954b-825a5084b135", "value": "f499d8cd043b1138057bab2ff28e1022468071f0", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267902", "to_ids": true, "type": "sha256", "uuid": "6c3227ae-7a44-4dec-b4b8-b5a6c64a216c", "value": "7999f5af42e6a825db56aa800a6b957c19d609225cc339f12cf85dde06af3b74", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267199", "to_ids": true, "type": "ssdeep", "uuid": "3ba023e7-ddf0-4946-becf-cb451f3f41f9", "value": "98304:2hdfVKwZq47eu3SlxoiLIaRDTYfrydKtqDuW54VP:sfkwZ97epoikwRK4Duk45" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267199", "to_ids": false, "type": "size-in-bytes", "uuid": "3028da95-1e42-4a55-8e99-de5b3c36a4ea", "value": "3548521" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267199", "to_ids": true, "type": "vhash", "uuid": "3d1a83e7-13a9-4925-9274-be30490764ad", "value": "505bd5a312c0746e63708e70b8439db4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267199", "to_ids": true, "type": "filename", "uuid": "6388c08e-3898-4c61-b4e0-3a3c905160e0", "value": "342506793" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267199", "to_ids": false, "type": "text", "uuid": "1df262b8-c494-404e-8244-c9c271a5f04b", "value": "Type Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Ahmyth.D\nVT Total Detection:30/64" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1740269964", "uuid": "15d8be9f-b341-48de-b7d9-833a796325b2", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1740269964", "to_ids": true, "type": "md5", "uuid": "409c0e67-6895-420e-be17-c81e16896615", "value": "0463b92f1f719fb7aa1ed6cc4e27162c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1740267904", "to_ids": true, "type": "sha1", "uuid": "2572ad4d-074e-4f38-b15a-c2f94d25677a", "value": "b32ce3b6c18907fa86270bfb12d2244c3944d168", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1740267904", "to_ids": true, "type": "sha256", "uuid": "278a4868-d04a-4220-b698-d9cc5364040f", "value": "5d9027c76306efd5fb57f42dbbaa26f976657a523c32d8fd3fa628ee1417d0aa", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1740267220", "to_ids": true, "type": "ssdeep", "uuid": "bd513531-a1b2-4b5b-95ba-4aafc6a6d1cc", "value": "98304:bBqp3zSp+cfQFtQ1l+5IiMKPKWzYfrfEI:bBi3O0cfKKn+uijPKeI" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1740267220", "to_ids": false, "type": "size-in-bytes", "uuid": "f6f22898-b9fe-4abd-88e3-7c9ca82ded20", "value": "3513542" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1740267220", "to_ids": true, "type": "vhash", "uuid": "55056388-580d-4f4a-bd70-8698ea6082e1", "value": "505bd5a312c0746e63708e70b8439db4" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1740267220", "to_ids": true, "type": "filename", "uuid": "9595ae29-190e-4260-967e-dca7a7bbe29d", "value": "5d9027c76306efd5fb57f42dbbaa26f976657a523c32d8fd3fa628ee1417d0aa.bin" }, { "category": "Other", "comment": "Checked: 23/02/2025\nLast-scan\t: 08/08/2023", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1740267220", "to_ids": false, "type": "text", "uuid": "6bff615f-9f02-41de-a5bd-9a112ada3a4c", "value": "Type Description: Android\n\nMicrosoft: TrojanSpy:AndroidOS/Ahmyth.D\nVT Total Detection:33/64" } ] } ] } }