{ "Event": { "analysis": "1", "date": "2025-09-04", "extends_uuid": "", "info": "[Threat Intel] Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms", "protected": false, "publish_timestamp": "1780041236", "published": true, "threat_level_id": "2", "timestamp": "1780041236", "uuid": "e3637b01-7586-4583-ac45-5de60cd14706", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0088cc", "local": false, "name": "misp-galaxy:producer=\"SentinelOne\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#3d38fc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Acquire Infrastructure - T1583\"", "relationship_type": "" }, { "colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": "" }, { "colour": "#20f80d", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Command and Scripting Interpreter - T1059\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": "" }, { "colour": "#c9dbdd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Stage Capabilities - T1608\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": "" }, { "colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": "" }, { "colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": "" }, { "colour": "#915448", "local": false, "name": "misp-galaxy:target-information=\"Malaysia\"", "relationship_type": "" }, { "colour": "#b990dd", "local": false, "name": "misp-galaxy:target-information=\"Australia\"", "relationship_type": "" }, { "colour": "#c94db5", "local": false, "name": "misp-galaxy:target-information=\"Brazil\"", "relationship_type": "" }, { "colour": "#1faf16", "local": false, "name": "misp-galaxy:target-information=\"Canada\"", "relationship_type": "" }, { "colour": "#78cd12", "local": false, "name": "misp-galaxy:target-information=\"Egypt\"", "relationship_type": "" }, { "colour": "#20962d", "local": false, "name": "misp-galaxy:target-information=\"Finland\"", "relationship_type": "" }, { "colour": "#15ccfd", "local": false, "name": "misp-galaxy:target-information=\"France\"", "relationship_type": "" }, { "colour": "#013748", "local": false, "name": "misp-galaxy:target-information=\"India\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#5887a6", "local": false, "name": "misp-galaxy:target-information=\"Japan\"", "relationship_type": "" }, { "colour": "#4b3e92", "local": false, "name": "misp-galaxy:target-information=\"Palestine\"", "relationship_type": "" }, { "colour": "#35a578", "local": false, "name": "misp-galaxy:target-information=\"South Africa\"", "relationship_type": "" }, { "colour": "#f439e5", "local": false, "name": "misp-galaxy:target-information=\"Spain\"", "relationship_type": "" }, { "colour": "#63bd05", "local": false, "name": "misp-galaxy:target-information=\"Sweden\"", "relationship_type": "" }, { "colour": "#33360c", "local": false, "name": "misp-galaxy:target-information=\"Thailand\"", "relationship_type": "" }, { "colour": "#ce59f1", "local": false, "name": "misp-galaxy:target-information=\"United Kingdom\"", "relationship_type": "" }, { "colour": "#b8ab01", "local": false, "name": "misp-galaxy:target-information=\"United States\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"north korea\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#dd2e44", "local": false, "name": "rectifyq:MY-relevancy=\"relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1757168813", "to_ids": false, "type": "link", "uuid": "b2956366-24b1-4ad1-9ba9-f742f4de894c", "value": "https://www.sentinelone.com/labs/contagious-interview-threat-actors-scout-cyber-intel-platforms-reveal-plans-and-ops" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1757168813", "to_ids": false, "type": "text", "uuid": "5c63dd79-9c5b-4dd7-bb33-1e5373a52dd2", "value": "North Korean threat actors associated with the Contagious Interview campaign cluster are actively monitoring cyber threat intelligence platforms to detect infrastructure exposure and scout for new assets. They operate in coordinated teams, likely using Slack for real-time collaboration, and leverage multiple intelligence sources including Validin, VirusTotal, and Maltrail. Despite being aware of their infrastructure's detectability, they make only limited changes to reduce detection risk, focusing instead on rapidly deploying new infrastructure to sustain operations. The actors' effectiveness is evident in their engagement of over 230 victims between January and March 2025, primarily targeting individuals in the cryptocurrency industry. Their activities involve sophisticated social engineering tactics, including the ClickFix technique, to trick targets into executing malware." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1757168813", "to_ids": false, "type": "text", "uuid": "9e4c593b-0b55-4560-bb29-1d7fe011f58c", "value": "Name: Contagious Interview | North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms\nAuthor: AlienVault\nAdversary: Contagious Interview\nTags: [\"cyber espionage\", \"social engineering\", \"north korea\", \"job seeker targeting\", \"clickfix\", \"lazarus\", \"infrastructure monitoring\", \"cryptocurrency\", \"contagiousdrop\"]\nTgtd countries: []\nMlwr families: []\nAttack_ids: [\"T1583\", \"T1589\", \"T1059\", \"T1584\", \"T1586\", \"T1608\", \"T1204\", \"T1566\", \"T1585\", \"T1588\", \"T1587\"]\nIndustries: [\"Finance\", \"Technology\"]" }, { "category": "Attribution", "comment": "Adversary", "deleted": false, "disable_correlation": false, "timestamp": "1757168813", "to_ids": false, "type": "threat-actor", "uuid": "a9775d12-237a-455e-b68a-16075e0cab7b", "value": "Contagious Interview" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1757168813", "to_ids": false, "type": "vulnerability", "uuid": "0e5eb021-e67b-4930-a822-28c72d107940", "value": "CVE-2023-42793" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "ea64e31c-7773-4602-a084-3d76cbf3a111", "value": "admin@quickproassess.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "64968951-383f-4700-9984-24e6ea400dd9", "value": "awesomium430@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "783e9308-7dc6-4069-b842-f63217f248b0", "value": "betosoto2819@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "c1ca0971-8eae-4172-a929-f2a3d7565dbe", "value": "brooksliam534@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "16f27970-6cb8-4f91-9573-65bfa8caa6dc", "value": "chris@wegrowup.us" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "6095850b-1edb-4371-8148-fc0dcc4943e9", "value": "daisukeokitsugu@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "92caadb7-9956-4737-bab1-d6e934830544", "value": "denys@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "a55ce270-2a1b-423d-8e11-0c4aab216efb", "value": "designedcuratedamy58@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "297881ac-0a16-4ddd-8b81-2d7fe8e47aee", "value": "dzsignzdcuatzdamy@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "34067600-7acb-4453-81d1-32f246a0e715", "value": "eliteengineer0523@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "126760e4-2e47-4226-802f-c764a9bec007", "value": "excellentreporter321@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "893ba176-4005-46e5-b49a-00ee67ce3d4d", "value": "fairdev610@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "9116499c-f9b6-4535-8f10-1ca1c34e0019", "value": "ghostmaxim777@outlook.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "ead5c459-773f-4398-a237-03d56a44ab3a", "value": "hundredup2023@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "12abc16f-bbb7-4a8b-b756-b9b5e62e7b89", "value": "huzqur023@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "33442b23-10b8-4118-981a-a5aec27ddf7f", "value": "info@versusx.us" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "50bc7f6c-9ffa-4002-9329-aab192b0a670", "value": "invite@quiz-nest.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "0721d6e2-7b01-46ba-8fc1-fc21ce71d6d8", "value": "jimmr6587@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "492a5dba-b330-46fc-91cb-87912e0eabe1", "value": "johnkane84830@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "4ac75a09-0903-4386-8b61-5438c4e8b66b", "value": "legendaryaladdin@motionassess.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "6b100cdc-859e-4846-8791-268a4fd79463", "value": "marvel714jm@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "eeffc5d2-19c2-4906-aee5-63cf29241dce", "value": "maxwell@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "537ed240-fa87-4ac9-9d6e-7d1244509cea", "value": "montessantiago9712@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732663", "to_ids": true, "type": "email-src", "uuid": "a175ebad-79b0-4aa1-80b8-983ad9aeb384", "value": "mvsolution9@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "e7a064dd-9f59-4bff-b656-fc4b56d79652", "value": "phoenixfire471@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "8a448c7d-6e96-424c-ab80-970b364c55df", "value": "richardkdavis45@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "1a06606b-3777-4c17-98f4-c9477d18e35b", "value": "rockstar96054@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "9b8df01d-6fdc-4cb1-bb47-e8ff0dd1e9fd", "value": "rodriguezjamesdaniel0807@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "90978fca-b34e-4f85-bcb4-ec81102e9662", "value": "rv882866.hstgr.cloud@glitchmedic.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "5f693152-3f3e-44e4-ab0a-95aae9da4973", "value": "sinbad@hirelytics360.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "96adb33a-c83e-4eeb-b668-eb70e2c4c167", "value": "thedrgn1011@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "762d8d23-6773-4731-8cbf-970ed203d761", "value": "trevorgreer9312@gmail.com" }, { "category": "Payload delivery", "comment": "Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759732664", "to_ids": true, "type": "email-src", "uuid": "242bf76c-037f-4528-9db6-3c0aa4a11053", "value": "yudaiaoyama14@gmail.com" }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041217", "to_ids": true, "type": "ip-dst", "uuid": "9687de41-f66b-4faa-a8df-0be7f339641d", "value": "181.215.9.29", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#53b73d", "local": false, "name": "asn:asn=\"61317\"", "relationship_type": "" }, { "colour": "#55e4ed", "local": false, "name": "asn:as-owner=\"ASDETUK www.heficed.com\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041219", "to_ids": true, "type": "ip-dst", "uuid": "5a6e6c4f-938b-49be-8487-2bb93656c10b", "value": "181.53.13.189", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6bb3de", "local": false, "name": "asn:asn=\"10620\"", "relationship_type": "" }, { "colour": "#b047f2", "local": false, "name": "asn:as-owner=\"Telmex Colombia S.A.\"", "relationship_type": "" }, { "colour": "#0e6c94", "local": false, "name": "asn:as-country=\"CO\"", "relationship_type": "" }, { "colour": "#25daa8", "local": false, "name": "misp-galaxy:country=\"colombia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041220", "to_ids": true, "type": "ip-dst", "uuid": "9d764841-0b83-4f5a-879e-790ae73fcf6f", "value": "181.59.180.84", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#6bb3de", "local": false, "name": "asn:asn=\"10620\"", "relationship_type": "" }, { "colour": "#b047f2", "local": false, "name": "asn:as-owner=\"Telmex Colombia S.A.\"", "relationship_type": "" }, { "colour": "#0e6c94", "local": false, "name": "asn:as-country=\"CO\"", "relationship_type": "" }, { "colour": "#25daa8", "local": false, "name": "misp-galaxy:country=\"colombia\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041222", "to_ids": true, "type": "ip-dst", "uuid": "79257bfb-df79-46bc-812a-2f58223507c5", "value": "194.33.45.162", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#7bf968", "local": false, "name": "asn:asn=\"62240\"", "relationship_type": "" }, { "colour": "#9d2170", "local": false, "name": "asn:as-owner=\"CLOUVIDER Clouvider - Global ASN\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041224", "to_ids": true, "type": "ip-dst", "uuid": "df6161e7-3560-4016-9421-72332ea5cee4", "value": "216.24.215.231", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#2dcdd9", "local": false, "name": "asn:asn=\"203963\"", "relationship_type": "" }, { "colour": "#8aa6c2", "local": false, "name": "asn:as-owner=\"RUBIKDC\"", "relationship_type": "" }, { "colour": "#0c8c8d", "local": false, "name": "asn:as-country=\"TR\"", "relationship_type": "" }, { "colour": "#ae20ff", "local": false, "name": "misp-galaxy:country=\"turkey\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041225", "to_ids": true, "type": "ip-dst", "uuid": "533ed543-4537-468b-b25f-a190c286ebc6", "value": "38.170.181.10", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#fa7fe0", "local": false, "name": "asn:asn=\"55286\"", "relationship_type": "" }, { "colour": "#0bab63", "local": false, "name": "asn:as-owner=\"SERVER-MANIA\"", "relationship_type": "" }, { "colour": "#1273fb", "local": false, "name": "asn:as-country=\"CA\"", "relationship_type": "" }, { "colour": "#813aa0", "local": false, "name": "misp-galaxy:country=\"canada\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041227", "to_ids": true, "type": "ip-dst", "uuid": "b12c17d5-bb64-43e1-bfe4-a7ad68e508fa", "value": "45.86.208.162", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#7bf968", "local": false, "name": "asn:asn=\"62240\"", "relationship_type": "" }, { "colour": "#9d2170", "local": false, "name": "asn:as-owner=\"CLOUVIDER Clouvider - Global ASN\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041228", "to_ids": true, "type": "ip-dst", "uuid": "e61732e2-ea46-4484-a755-c4888e934a30", "value": "70.32.3.15", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#a23179", "local": false, "name": "asn:asn=\"32181\"", "relationship_type": "" }, { "colour": "#67b83f", "local": false, "name": "asn:as-owner=\"ASN-GIGENET\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041231", "to_ids": true, "type": "ip-dst", "uuid": "1579e511-b599-48de-ba6e-f4047fb28027", "value": "70.39.70.194", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#9d1a96", "local": false, "name": "asn:asn=\"46844\"", "relationship_type": "" }, { "colour": "#2b020c", "local": false, "name": "asn:as-owner=\"SHARKTECH\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041233", "to_ids": true, "type": "ip-dst", "uuid": "1a2a1d6e-ed4e-4417-9dc7-afff03d4fb92", "value": "77.247.126.189", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#7bf968", "local": false, "name": "asn:asn=\"62240\"", "relationship_type": "" }, { "colour": "#9d2170", "local": false, "name": "asn:as-owner=\"CLOUVIDER Clouvider - Global ASN\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041234", "to_ids": true, "type": "ip-dst", "uuid": "94041a69-8c3f-49d1-b60a-1fe32e8d3e64", "value": "89.19.58.51", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#88d366", "local": false, "name": "asn:asn=\"209372\"", "relationship_type": "" }, { "colour": "#cde30c", "local": false, "name": "asn:as-owner=\"WSTELECOM_CUSTOMERS\"", "relationship_type": "" }, { "colour": "#d16c37", "local": false, "name": "asn:as-country=\"US\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"united states of america\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Used for account registration and logging into Validin", "deleted": false, "disable_correlation": false, "timestamp": "1780041236", "to_ids": true, "type": "ip-dst", "uuid": "dcbcb979-ee69-4cc3-be02-7ad0b78159e7", "value": "96.62.127.126", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" }, { "colour": "#15dbfe", "local": false, "name": "asn:asn=\"212238\"", "relationship_type": "" }, { "colour": "#1f1556", "local": false, "name": "asn:as-owner=\"CDNEXT\"", "relationship_type": "" }, { "colour": "#e1449b", "local": false, "name": "asn:as-country=\"GB\"", "relationship_type": "" }, { "colour": "#b7c1b9", "local": false, "name": "misp-galaxy:country=\"united kingdom\"", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749167", "to_ids": true, "type": "domain", "uuid": "2418b314-392c-4635-a6e3-af1a92f68e09", "value": "careerquestion.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749191", "to_ids": true, "type": "domain", "uuid": "ea9f7b90-9d25-4431-98c0-3f37ce7a1f2a", "value": "evaluateiq.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749212", "to_ids": true, "type": "domain", "uuid": "f63efe7b-8be7-486f-98d1-937882967b98", "value": "hirelytics360.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749233", "to_ids": true, "type": "domain", "uuid": "e74e99ba-002f-4884-9cfe-bc9fb9a1621e", "value": "motionassess.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749254", "to_ids": true, "type": "domain", "uuid": "c930e6cb-02c4-424e-8022-2924016e372d", "value": "nvidia-release.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749275", "to_ids": true, "type": "domain", "uuid": "a7e4cc07-a02e-4bc9-ac49-f9869db1fe30", "value": "paxos-video-interview.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749297", "to_ids": true, "type": "domain", "uuid": "0a5c9455-9b96-4e21-ac3a-6c65fb8b6361", "value": "paxosassessments.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749319", "to_ids": true, "type": "domain", "uuid": "3bd3c408-4105-46e9-9efa-86e72229285f", "value": "quickproassess.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749340", "to_ids": true, "type": "domain", "uuid": "43090545-c6ad-40cc-9c6f-e3a1a1d74ede", "value": "quiz-nest.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749362", "to_ids": true, "type": "hostname", "uuid": "c2129ca4-168e-4249-a04c-9889a6d20be5", "value": "robinhood.evalvidz.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749384", "to_ids": true, "type": "domain", "uuid": "acf6e506-78fe-4673-836b-b326a7926d30", "value": "skill-share.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749405", "to_ids": true, "type": "domain", "uuid": "0ac75af5-eca2-4d6c-a1da-161e22fed7d5", "value": "skillcheck.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749426", "to_ids": true, "type": "domain", "uuid": "464bb860-02fa-4ff7-b81c-ceeec111cd78", "value": "skillmasteryhub.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749447", "to_ids": true, "type": "domain", "uuid": "841baa8e-0dcb-4661-81fc-b59da6af4554", "value": "skillquestions.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749469", "to_ids": true, "type": "domain", "uuid": "54a84b68-372a-4b35-ac86-423de8bb8669", "value": "talentcheck.pro", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749491", "to_ids": true, "type": "domain", "uuid": "88abbf2a-19a9-479f-87a2-29a06ad46d26", "value": "versusx.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749512", "to_ids": true, "type": "domain", "uuid": "0dfffcba-05e3-4bca-93b9-6b51b90f6b2e", "value": "vidassesspro.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749533", "to_ids": true, "type": "domain", "uuid": "2bc1a83b-ef3b-4b48-ac85-30d54b63088a", "value": "vidhirehub.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749555", "to_ids": true, "type": "domain", "uuid": "a277c394-afd0-443f-9fd0-26a156e84ee1", "value": "webcamfixer.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Contagious Interview Domains", "deleted": false, "disable_correlation": false, "timestamp": "1759749576", "to_ids": true, "type": "domain", "uuid": "36617b70-dfc2-4572-b6eb-ba762cf51cc7", "value": "willotalent.us", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ClickFix Malware Distribution Servers", "deleted": false, "disable_correlation": false, "timestamp": "1759749597", "to_ids": true, "type": "hostname", "uuid": "5a1f8b83-b260-40a1-a1ba-71d7b6737907", "value": "api.camdriverhelp.club", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ClickFix Malware Distribution Servers", "deleted": false, "disable_correlation": false, "timestamp": "1759749618", "to_ids": true, "type": "hostname", "uuid": "f66c5921-46a0-4a9b-8781-789dc6bc5d34", "value": "api.drive-release.cloud", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ClickFix Malware Distribution Servers", "deleted": false, "disable_correlation": false, "timestamp": "1759749639", "to_ids": true, "type": "hostname", "uuid": "c6363d42-6dea-456d-88cc-1b00cbe0a1fe", "value": "api.release-drivers.online", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "ClickFix Malware Distribution Servers", "deleted": false, "disable_correlation": false, "timestamp": "1759749660", "to_ids": true, "type": "domain", "uuid": "604adab8-6eec-46de-b139-6e09cc081452", "value": "glitchmedic.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains Scouted by Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759749681", "to_ids": true, "type": "domain", "uuid": "3ff74e2f-fcf7-4afb-9f33-971bcf5b3625", "value": "easyjobinterview.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains Scouted by Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759749702", "to_ids": true, "type": "domain", "uuid": "a07c0070-9aab-4c0f-8213-ca881391b534", "value": "hireassessment.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains Scouted by Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759749723", "to_ids": true, "type": "domain", "uuid": "58f3af54-72e0-4a43-a2f7-cd40bc3c6168", "value": "hiringassessment.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains Scouted by Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759749744", "to_ids": true, "type": "domain", "uuid": "719a2354-e41a-4666-87f5-2b8b885fd2dc", "value": "hiringassessment.net", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "Domains Scouted by Contagious Interview Operators", "deleted": false, "disable_correlation": false, "timestamp": "1759749766", "to_ids": true, "type": "domain", "uuid": "58232620-8084-459c-848f-667b80d3ed44", "value": "screenquestion.org", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ], "Object": [ { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1759749787", "uuid": "557747eb-941f-4fd7-ab36-503d3a91a379", "Attribute": [ { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1759749787", "to_ids": true, "type": "md5", "uuid": "8d051bd2-41b8-4fc4-93e2-051f9b2f9254", "value": "b817f6b5f0f1cabe6194bea457bdc372", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1759745071", "to_ids": true, "type": "sha1", "uuid": "b21e4a75-394e-45ad-832c-03b46ef55ade", "value": "24042a8eea9b9c20af1f7bae00296b44968a068f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1759745071", "to_ids": true, "type": "sha256", "uuid": "76b0f6c2-db61-4443-8a95-2c801aa14d49", "value": "db640a3823667682c6b2ea580ee158de96e198224b37db2bf9faacb3c39cf06f", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#270095", "local": false, "name": "rectifyq:ioc=\"low-detection-by-any-vendor\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1759741099", "to_ids": true, "type": "ssdeep", "uuid": "0709767f-2047-43e6-b2e4-f41798eb55d7", "value": "192:W1OjIhN/RnWDubhgYUTkz5DXdr+yaDalP0waS0a6zbkdCbk/:LUhXnfbhgh49DtIQIQ/" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1759741099", "to_ids": false, "type": "size-in-bytes", "uuid": "785505ef-230e-457f-8680-c948227ee5b8", "value": "21942" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1759741099", "to_ids": true, "type": "vhash", "uuid": "2ec8d241-8881-497c-a650-7dfd7c92d546", "value": "e951ecd841d44fb2ea13c6fe75442458" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1759741099", "to_ids": true, "type": "filename", "uuid": "9ec20d65-f2e7-41cb-bc19-9e2a1a54ef10", "value": "app.js" }, { "category": "Other", "comment": "Checked: 06/10/2025\nLast-scan\t: 28/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1759741099", "to_ids": false, "type": "text", "uuid": "6a68b4de-3c1a-47b3-9989-4b1812d5e6c7", "value": "ContagiousDrop application (app.js)\r\nType Description: JavaScript\nMicrosoft: None\nVT Total Detection:1/62\nFirst Submission:2025-05-18T19:38:04.000000+00:00\nLast Submission:2025-05-18T19:38:04.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1759749809", "uuid": "774cd553-7add-42f4-ac5f-f742b032de43", "Attribute": [ { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1759749809", "to_ids": true, "type": "md5", "uuid": "2684bfa2-7af3-434c-9d16-97fcab00b27e", "value": "c676c779990a6265786ca61ce121dbe7", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1759745072", "to_ids": true, "type": "sha1", "uuid": "959a8230-51c1-45ee-abc8-39ffc523067b", "value": "44ddabf5b5d601077936a130a2863a96d2af1c8e", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1759745072", "to_ids": true, "type": "sha256", "uuid": "d4981a4f-2102-4bcf-b951-f2277d0841f4", "value": "2067d016d21aeda575208e9d262101840c27cd41a889e9b64313f9a4af51c9bc", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#230087", "local": false, "name": "rectifyq:samples-found-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1759741122", "to_ids": true, "type": "ssdeep", "uuid": "6ff4428b-42c5-44ec-8884-201eed6b05c3", "value": "192:WUOI3N5jbh4GUTkw5DXQS+dajalB0yazWavzDkZOY:oAjbh4P4+DAWor" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1759741122", "to_ids": false, "type": "size-in-bytes", "uuid": "4454ad50-1cd2-45ec-aeb6-40313fca60df", "value": "18504" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1759741122", "to_ids": true, "type": "vhash", "uuid": "6e17a39f-8d3a-4825-8a91-58e51603f1fb", "value": "91f69570143414b6ba74429eb2b4988d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1759741122", "to_ids": true, "type": "filename", "uuid": "79fa7bcd-c657-481c-919d-32392ab42672", "value": "app.js" }, { "category": "Other", "comment": "Checked: 06/10/2025\nLast-scan\t: 22/09/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1759741122", "to_ids": false, "type": "text", "uuid": "bc0986c9-5ca9-4cc8-b2ac-592606b98058", "value": "ContagiousDrop application (app.js)\r\nType Description: JavaScript\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:22/62\nFirst Submission:2025-02-01T08:12:53.000000+00:00\nLast Submission:2025-02-01T08:12:53.000000+00:00" } ] }, { "comment": "", "deleted": false, "description": "File object describing a file with meta-information", "meta-category": "file", "name": "file", "template_uuid": "688c46fb-5edb-40a3-8273-1af7923e2215", "template_version": "25", "timestamp": "1759749830", "uuid": "400d97d4-11c8-4f9a-a749-d042b2551f3c", "Attribute": [ { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "md5", "timestamp": "1759749830", "to_ids": true, "type": "md5", "uuid": "1172abac-10de-4143-abcc-0fb0349f98a2", "value": "ec52395aef59706866cf2501908a82cb", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha1", "timestamp": "1759745074", "to_ids": true, "type": "sha1", "uuid": "9c6dd166-b410-4396-99f2-0ba61debba55", "value": "4a8bfa28d46ae14e45a50e105e2d34f850ffa96c", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "ContagiousDrop application (app.js)", "deleted": false, "disable_correlation": false, "object_relation": "sha256", "timestamp": "1759745074", "to_ids": true, "type": "sha256", "uuid": "f5b1d4f2-f4e1-4a29-adeb-1470a68f339f", "value": "f08d3e3f335a9bb379cb35c1972c3a90257c7238cb8f71156a851093171ad8f9", "Tag": [ { "colour": "#260091", "local": false, "name": "rectifyq:ioc=\"enriched\"", "relationship_type": "" }, { "colour": "#220085", "local": false, "name": "rectifyq:samples-found-in=\"VirusTotal\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" } ] }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "ssdeep", "timestamp": "1759741144", "to_ids": true, "type": "ssdeep", "uuid": "3bc566f5-1cbd-41be-bfa3-1066ee5d3eb3", "value": "192:ohtJm3NUxGY6Vu4Hw8kRqKULQSUFul8YErMyaPMt7zr40z7USKtAhW/ICA8ZzckB:u+aJv4QRsK9AQIxB" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "size-in-bytes", "timestamp": "1759741144", "to_ids": false, "type": "size-in-bytes", "uuid": "b029049e-d2dc-4195-aee2-ca4acd070042", "value": "14887" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": false, "object_relation": "vhash", "timestamp": "1759741144", "to_ids": true, "type": "vhash", "uuid": "e0f77057-7d8d-4541-b754-33d93be92bce", "value": "91f69570143414b6ba74429eb2b4988d" }, { "category": "Payload delivery", "comment": "", "deleted": false, "disable_correlation": true, "object_relation": "filename", "timestamp": "1759741144", "to_ids": true, "type": "filename", "uuid": "6bbea876-d054-40f1-ad21-cfbd20c0addf", "value": "app.js" }, { "category": "Other", "comment": "Checked: 06/10/2025\nLast-scan\t: 03/10/2025", "deleted": false, "disable_correlation": true, "object_relation": "text", "timestamp": "1759741144", "to_ids": false, "type": "text", "uuid": "86ad56fd-c8da-4877-ac2f-6ab0cbf7b444", "value": "ContagiousDrop application (app.js)\r\nType Description: JavaScript\nMicrosoft: Trojan:Win32/Alevaul!rfn\nVT Total Detection:24/62\nFirst Submission:2025-03-09T15:41:33.000000+00:00\nLast Submission:2025-03-09T15:41:33.000000+00:00" } ] } ] } }