{ "Event": { "analysis": "1", "date": "2025-07-30", "extends_uuid": "", "info": "[Threat Intel] Targeted attacks leverage accounts on popular online platforms as C2 servers", "protected": false, "publish_timestamp": "1780041197", "published": true, "threat_level_id": "3", "timestamp": "1772902056", "uuid": "d7a12e7c-a9b2-4d1b-98d0-f1ceb6479de8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#1ebce4", "local": false, "name": "misp-galaxy:producer=\"Kaspersky\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#256f6a", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"DLL - T1574.001\"", "relationship_type": "" }, { "colour": "#efb098", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Social Media Accounts - T1585.001\"", "relationship_type": "" }, { "colour": "#15cd0b", "local": false, "name": "misp-galaxy:target-information=\"Russia\"", "relationship_type": "" }, { "colour": "#52d590", "local": false, "name": "misp-galaxy:target-information=\"China\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#1c5aae", "local": false, "name": "misp-galaxy:target-information=\"Peru\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:online-service=\"3b16bb5a-eb4f-4603-a909-bebc5df4a46d\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754011032", "to_ids": false, "type": "link", "uuid": "3f4a296f-7383-485a-be89-a5da23ba48a4", "value": "https://securelist.com/cobalt-strike-attacks-using-quora-github-social-media/117085/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1754011032", "to_ids": false, "type": "text", "uuid": "fef7e0d1-d0d2-4926-a68b-84dcea829ef1", "value": "A sophisticated cyberattack campaign targeted the Russian IT industry and other entities globally in late 2024. The attackers used social media profiles and popular websites to deliver payload information, bypassing detection methods. They employed spear phishing emails with malicious RAR archives, exploiting DLL hijacking techniques to deploy Cobalt Strike Beacon. The campaign used profiles on GitHub, Microsoft Learn Challenge, Quora, and Russian social networks to conceal activities. The attacks primarily focused on Russian companies but also affected organizations in China, Japan, Malaysia, and Peru. The complexity of the methods used highlights the evolving tactics of threat actors in concealing well-known tools and emphasizes the need for robust cybersecurity measures." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1754011032", "to_ids": false, "type": "text", "uuid": "ec4132c1-2dd1-4500-8200-fc4e1efeb5bf", "value": "Name: Targeted attacks leverage accounts on popular online platforms as C2 servers\nAuthor: AlienVault\nAdversary: \nTags: [\"cobalt strike beacon\", \"cobalt strike\", \"api obfuscation\", \"shellcode\", \"c2 communication\", \"spear phishing\", \"targeted attacks\", \"dll hijacking\", \"social media\"]\nTgtd countries: [\"Russian Federation\", \"China\", \"Japan\", \"Malaysia\", \"Peru\"]\nMlwr families: [\"Cobalt Strike Beacon\"]\nAttack_ids: [\"T1574.001\", \"T1585.001\"]\nIndustries: [\"Technology\", \"Energy\"]" }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380562", "to_ids": true, "type": "md5", "uuid": "e3cbe34d-e4a9-4718-abb9-d989cd8cb7fd", "value": "02876af791d3593f2729b1fe4f058200", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380563", "to_ids": true, "type": "md5", "uuid": "e5d801fb-1c73-4c5c-a21a-e3ebc7c29ca7", "value": "08fb7bd0bb1785b67166590ad7f99fd2", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380564", "to_ids": true, "type": "md5", "uuid": "f4762d13-2dbc-4496-b989-8f818665235e", "value": "15e590e8e6e9e92a18462ef5dfb94298", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380564", "to_ids": true, "type": "md5", "uuid": "1ae490c8-ef60-4a7a-9386-24dfe55b16c3", "value": "2662d1ae8cf86b0d64e73280df8c19b3", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380565", "to_ids": true, "type": "md5", "uuid": "983f6678-70b5-49bc-be45-b5106140bc9e", "value": "2ff63cacf26adc536cd177017ea7a369", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LNK No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380566", "to_ids": true, "type": "md5", "uuid": "b9b86edf-3d73-44aa-96fd-42a3ffe2814b", "value": "30d11958bfd72fb63751e8f8113a9b04", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380567", "to_ids": true, "type": "md5", "uuid": "23c55f68-f65e-451a-8890-231d9f9162ba", "value": "66b6e4d3b6d1c30741f2167f908ab60d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380568", "to_ids": true, "type": "md5", "uuid": "8354b4e6-f853-47b8-ac6f-eae13c53cfc4", "value": "793453624aba82c8e980ca168c60837d", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "LNK No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380569", "to_ids": true, "type": "md5", "uuid": "fdc1c4d9-39e4-4d46-82b3-75199612e6d7", "value": "92481228c18c336233d242da5f73e2d5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380570", "to_ids": true, "type": "md5", "uuid": "fd048f09-dcff-41d1-8229-3d2a1dd524e1", "value": "a02c80ad2bf4bffbed9a77e9b02410ff", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380571", "to_ids": true, "type": "md5", "uuid": "61f45f39-fe02-442b-80ad-56f0abd9cec3", "value": "add6b9a83453db9e8d4e82f5ee46d16c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380572", "to_ids": true, "type": "md5", "uuid": "9212d9af-7c8f-4c58-9a16-4fa8c64ba6ba", "value": "b2e24e061d0b5be96ba76233938322e7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "No sample in VT\r\nLast check:05/08/2025", "deleted": false, "disable_correlation": false, "timestamp": "1754380573", "to_ids": true, "type": "md5", "uuid": "165d985d-643d-46d3-a731-d4c9a2878f37", "value": "f9e20eb3113901d780d2a973ff539ace", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397363", "to_ids": true, "type": "url", "uuid": "c5fb98a2-9f02-4d2c-996c-74b25a40984d", "value": "http://moeodincovo.com/divide/mail/SUVVJRQO8QRC", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397384", "to_ids": true, "type": "url", "uuid": "9793ce45-6396-486c-a36a-4627e8f07983", "value": "https://moeodincovo.com/divide/mail/SUVVJRQO8QRC", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397419", "to_ids": true, "type": "url", "uuid": "043f7eba-8906-4e23-9213-5ec513edfa5d", "value": "https://techcommunity.microsoft.com/users/kyongread/2573674", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397440", "to_ids": true, "type": "url", "uuid": "c29be60d-53a3-49df-acba-88c47ade3642", "value": "https://techcommunity.microsoft.com/users/mariefast14/2631452", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397461", "to_ids": true, "type": "url", "uuid": "dd376f06-75d9-4bf6-8fd0-f626f1493002", "value": "https://raw.githubusercontent.com/fox7711/repos/main/1202.dat", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397482", "to_ids": true, "type": "url", "uuid": "30ef7cf0-8ecb-4c17-86f3-4a7a5c6e944d", "value": "https://my.mail.ru/mail/nadezhd_1/photo/123", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397503", "to_ids": true, "type": "url", "uuid": "e7f55ca7-22e1-42fa-8dfc-713e56fe3cde", "value": "https://learn.microsoft.com/en-us/collections/ypkmtp5wxwojz2", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397524", "to_ids": true, "type": "url", "uuid": "79fb6d63-8480-410b-9e99-450c8db287a6", "value": "http://10.2.115.160/aa/shellcode_url.html", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397545", "to_ids": true, "type": "url", "uuid": "384af5ed-8bd1-4fe3-b3bc-ca203cc7f1ed", "value": "https://techcommunity.microsoft.com/t5/user/viewprofilepage/user-id/2548260", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397566", "to_ids": true, "type": "url", "uuid": "81b9f099-1a80-45a0-ba8e-cae27d53bae0", "value": "https://techcommunity.microsoft.com/t5/user/viewprofilepage/user-id/2631452", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397587", "to_ids": true, "type": "url", "uuid": "224b4997-e471-499b-b831-6748787782b4", "value": "https://github.com/Mashcheeva", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397608", "to_ids": true, "type": "url", "uuid": "f53a3daf-1d6e-4830-999a-cf9e60bb9f85", "value": "https://my.mail.ru/mail/veselina9/photo/mARRy", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397629", "to_ids": true, "type": "url", "uuid": "db8b5070-46a4-4402-9cd3-dada0b59cc94", "value": "https://github.com/Kimoeli", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1754397651", "to_ids": true, "type": "url", "uuid": "9a1c8a77-5878-4e6d-a962-51ac5a318a21", "value": "https://www.quora.com/profile/Marieformach", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1754397672", "uuid": "950bd089-f29b-4d05-97e8-34d7aba429c6", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1754397672", "to_ids": true, "type": "md5", "uuid": "c392ed84-d0f3-4aeb-9ace-745ad15925e6", "value": "4948e80172a4245256f8627527d7fa96", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1754380559", "to_ids": true, "type": "sha1", "uuid": "2753c61c-83d6-4efe-8237-d70b6db2302f", "value": "a5f1c6fa6dd751a4a87501bc54ef49f7cc15bc2f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1754380559", "to_ids": true, "type": "sha256", "uuid": "b026ed5a-44cf-4b56-bf44-a7b502122653", "value": "4ab8183d6ab700064b5a01854a9dc630549b198e73a9f45e2170527a06492a07", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1754377925", "to_ids": true, "type": "ssdeep", "uuid": "f5f9fda3-7354-4d4d-95b9-66e1edcb5c6e", "value": "12288:YTNpmZ0pSF8lUF0cwDG/7ysBZi8apw/1gbm91IC9UQh96hUJuZN96Q3olq+Bx:Yy1ghUJuR6Q3JEx" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1754377925", "to_ids": false, "type": "size-in-bytes", "uuid": "a4009891-bdea-4627-b364-02ea675a5430", "value": "483328" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1754377925", "to_ids": true, "type": "vhash", "uuid": "6cc85c13-fbb3-4a5b-9ea6-d126679805a4", "value": "145076655d155515155az62!z" }, { "category": "Other", "comment": "Checked: 05/08/2025\nLast-scan\t: 04/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1754377925", "to_ids": false, "type": "text", "uuid": "a31e524f-97a4-4b97-81c3-b3363368e840", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:12/72\nFirst Submission:2024-08-09T17:23:14.000000+00:00\nLast Submission:2024-08-09T17:23:14.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1754397693", "uuid": "edfda98d-9ace-4905-9632-e6f395e496a3", "Attribute": [ { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1754397693", "to_ids": true, "type": "md5", "uuid": "1ee8c744-fd8e-40b3-8c48-c7ec665274f2", "value": "672222d636f5dc51f5d52a6bd800f660", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1754380560", "to_ids": true, "type": "sha1", "uuid": "2393b46f-4d30-48c7-8bf0-5265c1c002ec", "value": "2720330c5f5dce4213551ec372a255a8fa09a47c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1754380560", "to_ids": true, "type": "sha256", "uuid": "aa9d942f-0870-456f-b9dd-a3adc2a6fcab", "value": "14c967dc9c0aa2dd7554658bc0f1c49fa7e908e77c57924c41bc18b7ef0c48b5", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1754377967", "to_ids": true, "type": "ssdeep", "uuid": "d79dd05d-382d-42ab-a742-2b3e917ab923", "value": "12288:85DgfTnZeR6YZ9iDlfiQK3Qbg4TKnpIfvOIBW0TBMykw0YMMhuufB2CUAPDo9Drq:85slFMMhuufB2CUAPD6q" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1754377967", "to_ids": false, "type": "size-in-bytes", "uuid": "0f1501ec-5f67-4416-8a76-e0b1f5ea80ff", "value": "486912" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1754377967", "to_ids": true, "type": "vhash", "uuid": "31e6478a-4209-467b-8248-8e1f1a9c82ae", "value": "145076655d155515155az66nz1fz" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1754377967", "to_ids": true, "type": "filename", "uuid": "8c8ceed5-7b9f-4af3-abc5-265fb773d747", "value": "BugSplatRc64.dll" }, { "category": "Other", "comment": "Checked: 05/08/2025\nLast-scan\t: 04/08/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1754377967", "to_ids": false, "type": "text", "uuid": "b20091d9-ca63-4c64-b581-52d551477509", "value": "Type Description: Win32 DLL\nMicrosoft: None\nVT Total Detection:9/72\nFirst Submission:2024-09-18T21:26:30.000000+00:00\nLast Submission:2024-09-18T21:26:30.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1754397714", "uuid": "eae69b2a-e2e5-4f9a-a46c-48653c8291a7", "Attribute": [ { "category": "Payload delivery", "comment": "Legitimate BugSplat.exe", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1754397714", "to_ids": true, "type": "md5", "uuid": "ea74f616-a5dd-484b-acc1-3f31525927f5", "value": "633f88b60c96f579af1a71f2d59b4566", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate BugSplat.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1754380561", "to_ids": true, "type": "sha1", "uuid": "2c581022-d835-469a-8b1d-e9d2d6a2b5d6", "value": "a514ac6d639c34413ca3ff1257a6719df08f780c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "Legitimate BugSplat.exe", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1754380561", "to_ids": true, "type": "sha256", "uuid": "189c664e-eba4-448b-a24d-5391b5321a7a", "value": "aaf6b2f8cb7389c5cf0391bb41aa9cc6d2fe7aee75e8570a2b096c054ebcd8d6", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#260093", "local": false, "name": "rectifyq:ioc=\"no-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1754378118", "to_ids": true, "type": "ssdeep", "uuid": "13625c98-e801-4a5c-984b-ab37bf618db2", "value": "12288:qvHpZvj+wMKYxVPtzkZ25hQJxzxtElsvo6TmC:qGkZYExzxtHvP6C" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1754378118", "to_ids": false, "type": "size-in-bytes", "uuid": "6e2e3511-e05c-4f26-8f51-8d75534e40c7", "value": "510848" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1754378118", "to_ids": true, "type": "vhash", "uuid": "5801840b-1eee-42a7-9199-f1cac3026b20", "value": "055056655d1555113013z700837z6011z21z10400411zb1z57z" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1754378118", "to_ids": true, "type": "filename", "uuid": "0380be4c-ac16-4e65-a11b-1434fc3eea63", "value": "BsSndRpt.exe" }, { "category": "Other", "comment": "Checked: 05/08/2025\nLast-scan\t: 31/07/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1754378118", "to_ids": false, "type": "text", "uuid": "4fb276c4-da39-4701-88a2-82b815c00691", "value": "Legitimate BugSplat.exe\r\nType Description: Win32 EXE\nFile distributed by: ['Wondershare Software Co., Ltd.']\nData sources: ['National Software Reference Library (NSRL)']\nVerdict filename: ['BsSndRpt.exe']\nMicrosoft: None\nVT Total Detection:0/72\nFirst Submission:2020-09-25T07:19:44.000000+00:00\nLast Submission:2025-08-04T20:01:42.000000+00:00" } ] } ] } }